This repository has been archived by the owner on Sep 13, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
67 lines (67 loc) · 2.95 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: 'Terraform Plan'
description: "terraform plan for GCP"
inputs:
base64_workload_identity_provider:
description: GCP Workload Identity Pool Provider ID (e.g. projects/<project-number>/locations/global/workloadIdentityPools/<pool>/providers/<id>)
required: true
base64_gcp_service_account:
description: GCP service Acccount to authenticate with using workload identity
required: true
base64_terraform_project_id:
description: Base64 encoded GCP project id of the folder's terraform state project
required: true
base64_domain_project_id:
description: Base64 encoded GCP project id of the stack's domain
required: true
base64_docker_registry:
description: Base64 encoded docker registry, with optional docker repo name
required: true
tfvars_file:
description: Terraform variables file path, if any
required: false
default: ""
tf_working_dir:
description: Path to directory where terraform commands should be run
required: false
default: "./"
outputs:
plan_file_path:
description: Path of the plan file generated by `terraform plan`. Use this in the terraform apply step to apply this exact plan (fails if anything is different than when the plan ran)
value: steps.plan.outputs.plan_file_path
runs:
using: "composite"
steps:
- name: Set up gcloud
uses: vivantehealth/gcloud-workload-identity-action@v2
with:
base64_workload_identity_provider: ${{ inputs.base64_workload_identity_provider }}
base64_gcp_service_account: ${{ inputs.base64_gcp_service_account }}
- name: Set up Terraform cli
uses: hashicorp/setup-terraform@v1
- name: Generate backend config
working-directory: ${{ inputs.tf_working_dir }}
shell: bash
run: |
echo "bucket = \"$(echo -n ${{ inputs.base64_terraform_project_id }} | base64 -d)-state\"" > backend.hcl
echo "prefix = \"${{ github.event.repository.name }}\"" >> backend.hcl
- name: TF init
working-directory: ${{ inputs.tf_working_dir }}
shell: bash
run: terraform init -input=false -backend-config=./backend.hcl
- name: TF plan (verbose)
working-directory: ${{ inputs.tf_working_dir }}
id: plan
shell: bash
run: |
export TF_VAR_stack_name=$(echo -n ${{ github.event.repository.name }})
export TF_VAR_domain_project_id=$(echo -n "${{ inputs.base64_domain_project_id }}" | base64 -d)
export TF_VAR_terraform_project_id=$(echo -n "${{ inputs.base64_terraform_project_id }}" | base64 -d)
export TF_VAR_docker_registry=$(echo -n "${{ inputs.base64_docker_registry }}" | base64 -d)
terraform plan -input=false -out=planfile ${{ inputs.tfvars_file }}
echo "plan_file_path=$(echo planfile)" >> $GITHUB_OUTPUT
- name: TF plan (summary)
working-directory: ${{ inputs.tf_working_dir }}
shell: bash
run: terraform show planfile | grep -E '(^.{4} [#] .*|^[[:punct:]]|Plan)'
env:
TF_LOG: WARN