diff --git a/.github/workflows/close_stale_prs.yml b/.github/workflows/close_stale_prs.yml new file mode 100644 index 0000000..002ed54 --- /dev/null +++ b/.github/workflows/close_stale_prs.yml @@ -0,0 +1,22 @@ +name : Close inactive pull requests +on: + schedule: + - cron: "0 3 * * *" # everyday at 3:00 AM + workflow_dispatch: + +jobs: + close-pull-requests: + runs-on: ubuntu-latest + permissions: + contents: write # to delete branches + issues: read + pull-requests: write + steps: + - uses: actions/stale@v9 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + days-before-stale: -1 + days-before-close: -1 + days-before-pr-stale: 7 + days-before-pr-close: 0 # close immediately after marking as stale + delete-branch: true diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 7ce2e8e..5692f20 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -6,6 +6,15 @@ on: pull_request: branches: [ "main" ] +env: + # We don't want to create any real cloud resources from this + # repo. It is just for demonstrating guardrails evaluation on TF + # plans. So use dummy credentials that would fail if we ever tried + # to run `tf apply. + AWS_ACCESS_KEY: "asdf" + AWS_SECRET_KEY: "asdf" + GOOGLE_OAUTH_ACCESS_TOKEN: "asdf" + jobs: terraform: name: 'Terraform' @@ -16,6 +25,10 @@ jobs: run: shell: bash + strategy: + matrix: + env: ["dev", "prod"] + steps: - name: Checkout uses: actions/checkout@v3 @@ -27,7 +40,7 @@ jobs: run: terraform init - name: Terraform Plan - run: terraform plan -out=plan.raw + run: terraform plan -state=${{ matrix.env }}.tfstate -var-file=${{ matrix.env }}.tfvars -refresh=false -out=plan.raw - name: Convert the plan to JSON id: planToJson @@ -37,22 +50,23 @@ jobs: uses: fishcharlie/CmdToFile@v1.0.0 with: data: ${{ steps.planToJson.outputs.stdout }} - output: plan.json + output: plan-${{ matrix.env }}.json - name: Upload Terraform Plan Output uses: actions/upload-artifact@v2 with: - name: plan-file - path: plan.json + name: plan-file-${{ matrix.env }} + path: plan-${{ matrix.env }}.json - name: Terraform Apply if: github.ref == 'refs/heads/main' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false + run: terraform apply -auto-approve -state=${{ matrix.env }}.tfstate -var-file=dev.tfvars -input=false resourcely-ci: needs: terraform if: github.event_name == 'pull_request' runs-on: ubuntu-latest + steps: - name: Checkout uses: actions/checkout@v3 @@ -60,9 +74,32 @@ jobs: - name: Download Terraform Plan Output uses: actions/download-artifact@v2 with: - name: plan-file + name: plan-file-dev + path: tf-plan-files/ + + - name: Download Terraform Plan Output + uses: actions/download-artifact@v2 + with: + name: plan-file-prod path: tf-plan-files/ + - name: Save JSON to a file + uses: fishcharlie/CmdToFile@v1.0.0 + with: + data: | + { + "plans": [{ + "plan_file": "plan-dev.json", + "config_root_path": ".", + "environment": "dev" + },{ + "plan_file": "plan-prod.json", + "config_root_path": ".", + "environment": "prod" + }] + } + output: tf-plan-files/manifest.json + - name: Resourcely CI uses: Resourcely-Inc/resourcely-action@v1 with: diff --git a/.resourcely.yaml b/.resourcely.yaml index c4f8bec..9a76de4 100644 --- a/.resourcely.yaml +++ b/.resourcely.yaml @@ -1,79 +1,25 @@ version: "2" +# Terraform config roots that Resourcely should care about. terraform_config_roots: + - name: Project Resourcely - - name: Example project + # Path to the Terraform working directory (relative to the current file location) + path: . - description: "Scaffolding project that demonstrates how to - integrate Resourcely with a Github Actions-based Terraform - workflow." + # The default file for Resourcely to put new resources in. + default_file: main.tf - # Type of config root. Each type has its own set of configuration options. - # - # Allowed Values: - # simple - the config root is a Terraform root module itself. - # - # Environments: - # It is common to apply a Terraform config to multiple environments, each - # with its own Terraform state file. - # - # `simple` config roots use Terraform variables and per-env *.tfvars files - # for environment-specific values. The config contains references to - # Terraform variables. The per-env *.tfvars files define the values of - # those variables in each env. - type: simple + # Whether this a root-module or a shared-module. + type: "simple" - # Path to the config root, the directory containing the *.tf - # files. - # - # Relative to the location of this .resourcely.yaml file - # - # If the config root is the same directory, specify - # path: . - path: . + # The default file for Resourcely to put new variables in. + var_file: vars.tf - # Name of the file in the `path` directory in which to place - # new resources by default. - # - # Developers may pick a different file, but will be defaulted to this one. - default_file: main.tf + # Environment configuration for this config root + environments: + - name: dev + tfvars_file: dev.tfvars -# Uncomment to enabled environment-specific values -# # (optional) -# # -# # Name of the file in the `path` directory in which to place new -# # variable declarations for new environment-specific values. -# # -# var_file: variables.tf -# -# # (optional) -# # -# # List of the environments that this config root supports. -# # -# # If this list is missing or empty, developers will not be allowed -# # to use environment-specific values. -# # -# # If non-empty, a developers will be allowed to use environment-specific -# # values. For any environment variable, they will have to supply a value -# # for each environment in this list. -# # -# environments: -# - -# # Name of the environment. -# # -# # This name is used for two purposes. -# # 1. It is shown in the UI to the developers. -# # 2. It is used as the value for `context.environment` in guardrails -# # and blueprints. -# name: dev -# -# # Name of the file in which to place the variables definitions -# # for this environment. -# # -# # Relative to the config root `path` directory. -# # -# tfvars_file: envs/dev.tfvars -# -# - -# name: prod -# tfvars_file: envs/prod.tfvars + - name: prod + tfvars_file: prod.tfvars diff --git a/dev.tfvars b/dev.tfvars new file mode 100644 index 0000000..b523c3a --- /dev/null +++ b/dev.tfvars @@ -0,0 +1 @@ +project = "demo-dev" diff --git a/main.tf b/main.tf index 1553f38..c4f4f20 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,7 @@ # main.tf resource "null_resource" "foo" { - triggers = { "foo" : "bar" } + triggers = { + foo = var.project + } } diff --git a/prod.tfvars b/prod.tfvars new file mode 100644 index 0000000..e339b04 --- /dev/null +++ b/prod.tfvars @@ -0,0 +1 @@ +project = "demo-prod" diff --git a/provider.tf b/provider.tf index 1e9af16..e4b2d5a 100644 --- a/provider.tf +++ b/provider.tf @@ -1,18 +1,16 @@ -// Configure the provider(s) for your cloud platform(s). -// -// See https://registry.terraform.io/browse/providers for a full list -// of supported providers and configuration instructions. -// -// provider "" { -// ... -// } +provider "aws" { + region = "us-east-1" -// # Example: -// provider "aws" { -// region = "us-east-1" -// -// } + skip_credentials_validation = true + skip_metadata_api_check = true + skip_requesting_account_id = true + access_key = "mock_access_key" + secret_key = "mock_secret_key" +} -// provider "github" {} +provider "github" {} -// provider "google" {} \ No newline at end of file +provider "google" { + project = "demo" + region = "us-central1" +} diff --git a/terraform.tf b/terraform.tf index b7c0624..606affe 100644 --- a/terraform.tf +++ b/terraform.tf @@ -1,11 +1,20 @@ terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.34.0" + } + + github = { + source = "integrations/github" + version = "5.45.0" + } - # Configure a Terraform backend here. - # - # backend "..." { - # } + google = { + source = "hashicorp/google" + version = "5.14.0" + } - required_providers { null = { version = "~> 3.0" } diff --git a/vars.tf b/vars.tf new file mode 100644 index 0000000..0b210d2 --- /dev/null +++ b/vars.tf @@ -0,0 +1,5 @@ +variable "project" { + type = string + + description = "Name for this project" +}