Update terraform.yml #178

Summary
Jobs
- Terraform
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/terraform.yml at f139f62

	name: "Terraform"

	permissions:
	id-token: write
	contents: read

	on:
	push:
	branches:
	- main
	pull_request:

	jobs:
	terraform:
	name: "Terraform"
	runs-on: ubuntu-latest
	env:
	PANOS_HOSTNAME: ${{ secrets.PANOS_HOSTNAME }}
	PANOS_USERNAME: ${{ secrets.PANOS_USERNAME }}
	PANOS_PASSWORD: ${{ secrets.PANOS_PASSWORD }}
	ASSUME_ROLE: ${{ secrets.ASSUME_ROLE }}
	# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: "eu-west-2"
	steps:
	- name: Checkout
	uses: actions/checkout@v2

	# OPA Checks
	- name: Evaluate OPA Policy
	id: opa_eval
	uses: migara/test-action@master
	with:
	tests: /tests/panos.rego
	policy: /policy.yml

	- name: Set OPA Results
	uses: actions/[email protected]
	if: github.event_name == 'pull_request'
	env:
	opa_results: ${{ steps.opa_eval.outputs.opa_results }}
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const opa_results = JSON.parse(process.env.opa_results)
	const allow = opa_results.result[0].expressions[0].value.allow
	const deny = opa_results.result[0].expressions[0].value.deny

	if (!allow) {
	const output = `#### OPA Policy Violation 🤷 ❌
	#### Policy Violations

	${deny.map(msg => `* ${msg}`).join("\n")}

	Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\``;


	await github.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})
	console.log(context)
	process.exit(1);
	}
	- name: configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	role-to-assume: ${{ env.ASSUME_ROLE }}
	role-session-name: gh-action-role-session
	aws-region: ${{ env.AWS_REGION }}

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v1
	# with:
	# terraform_version: 0.13.0:
	# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}

	- name: Terraform Init
	id: init
	run: terraform init

	- name: Terraform Plan
	id: plan
	if: github.event_name == 'pull_request'
	run: terraform plan -no-color
	continue-on-error: true

	- uses: actions/[email protected]
	if: github.event_name == 'pull_request'
	env:
	PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
	#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
	#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`

	<details><summary>Show Plan</summary>

	\`\`\`${process.env.PLAN}\`\`\`

	</details>

	Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\``;


	github.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})

	- name: Auto Merge
	uses: actions/[email protected]
	if: github.event_name == 'pull_request'
	env:
	opa_results: ${{ steps.opa_eval.outputs.opa_results }}
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const opa_results = JSON.parse(process.env.opa_results)
	const allow = opa_results.result[0].expressions[0].value.allow

	if (allow) {
	const output = `#### Validation Checks Passed ✅

	Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\``;

	await github.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})

	/*
	await github.pulls.merge({
	pull_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo
	})
	*/

	}

	- name: Terraform Plan Status
	if: steps.plan.outcome == 'failure'
	run: exit 1

	- name: Terraform Apply
	if: github.ref == 'refs/heads/main' && github.event_name == 'push'
	run: terraform apply -auto-approve

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update terraform.yml #178

Workflow file

Update terraform.yml #178

Jobs

Run details

Workflow file for this run