minor tf enhancements

CDCgov · Jan 22, 2025 · b4991ab · b4991ab
1 parent 5766b9f
commit b4991ab
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 153 deletions.
diff --git a/.github/workflows/cleanup_acr_images.yml b/.github/workflows/cleanup_acr_images.yml
diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml
@@ -54,39 +54,48 @@ jobs:
           sp-creds: ${{ env.AZURE_CREDENTIALS }}
           tf-auth: true
       - name: Collect Terraform stats
-        uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2
+        uses: ./.github/actions/terraform-stats
         id: stats1
         with:
           terraform-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }}
           terraform-version: 1.7.4
           add-args: "-refresh=false"
-
-  - name: Run Terraform Plan
-    run: |
-      terraform init -input=false
-      terraform validate
-      terraform fmt -recursive
-      terraform plan -out=tf.plan
 
-  - name: Run Terraform Apply
-    if: success()  # This ensures apply only runs if plan was successful
-    run: |
-      terraform apply -input=false -no-color -lock-timeout=600s -auto-approve tf.plan
-  
-  approve_deploy:
-    name: Approve Deploy - ${{ needs.pre_job.outputs.env_name }}
-    concurrency:
-      group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }}
-      cancel-in-progress: true
-    needs:
-      - pre_job
-      - confirm_changes
-    if: needs.confirm_changes.outputs.change_count > '0'
-    runs-on: ubuntu-latest
-    environment: ${{ needs.pre_job.outputs.env_name }}_terraform
-    steps:
-      - name: Echo change count
-        run: echo ${{ needs.confirm_changes.outputs.change_count }}
+      - name: Terraform Format 
+        # fails on formatting issues, fix locally with `tf fmt -recursive` and push again if this step fails
+        run: terraform fmt -check -recursive
+
+      - name: "Terraform init"
+        run: terraform init -input=false
+
+      - name: "Terraform validate"
+        run: terraform validate
+
+      - name: Terraform Plan
+        run: |
+          terraform plan -out=tf.plan -input=false -no-color -lock-timeout=600s
+      
+      - name: Comment Plan on PR
+        uses: blinqas/tf-plan-pr-comment@v1
+        with:
+          output_file: ${{ github.workspace }}/plan_output.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      approve_deploy:
+        name: Approve Deploy - ${{ needs.pre_job.outputs.env_name }}
+        concurrency:
+          group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }}
+          cancel-in-progress: true
+        needs:
+          - pre_job
+          - confirm_changes
+        if: needs.confirm_changes.outputs.change_count > '0'
+        runs-on: ubuntu-latest
+        environment: ${{ needs.pre_job.outputs.env_name }}_terraform
+        steps:
+          - name: Echo change count
+            run: echo ${{ needs.confirm_changes.outputs.change_count }}
 
   run_deploy:
     name: Run Deploy - ${{ needs.pre_job.outputs.env_name }}