-
Notifications
You must be signed in to change notification settings - Fork 0
92 lines (81 loc) · 3.04 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Deploy Terraform Changes
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
actions: write # require to upload artifacts
concurrency:
group: terraform-deploy
cancel-in-progress: false
jobs:
changes:
runs-on: ubuntu-latest
# Required permissions
permissions:
pull-requests: read
outputs:
# Expose matched filters as job 'packages' output variable
modules: ${{ steps.filter.outputs.changes }}
steps:
# For pull requests it's not necessary to checkout the code
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
account:
- 'dbt_cloud/account/**'
initial_project:
- 'dbt_cloud/projects/initial/**'
terraform:
runs-on: ubuntu-latest
strategy:
matrix:
# TODO: set dynamically based on ${{ fromJSON(needs.changes.outputs.projects) }}
# but I'm not sure how to dynamically set the other variables in a way that feels this clean
include:
- module: account
- module: initial_project
steps:
- name: Check out the repository
uses: actions/checkout@v4
if: ${{ contains(fromJSON(needs.changes.outputs.modules), matrix.module) }}
- name: Download Encrypted Artifact & Decrypt
uses: badgerhobbs/terraform-state@v2
if: ${{ contains(fromJSON(needs.changes.outputs.modules), matrix.module) }}
with:
encryption_key: ${{ secrets.AES_256_ENCRYPTION_KEY }}
operation: download
location: artifact
github_token: ${{ secrets.GITHUB_TOKEN }}
continue-on-error: true
- name: Set up Terraform
uses: hashicorp/setup-terraform@v3
if: ${{ contains(fromJSON(needs.changes.outputs.modules), matrix.module) }}
with:
terraform_version: 1.5.0 # Specify your Terraform version
- name: Terraform Init
if: ${{ contains(fromJSON(needs.changes.outputs.modules), matrix.module) }}
run: terraform init
- name: Terraform Plan
id: plan
if: ${{ contains(fromJSON(needs.changes.outputs.modules), matrix.module) }}
run: terraform plan -out=tfplan_${{ matrix.module }} -target=module.${{ matrix.module }}
- name: Apply Terraform Changes
# if: github.ref == 'refs/heads/main' && contains(fromJSON(needs.changes.outputs.modules), matrix.module)
if: false
run: terraform apply -auto-approve tfplan_${{ matrix.module }}
env:
TF_VAR_dbt_account_id: ${{ secrets.TF_VAR_DBT_ACCOUNT_ID }}
TF_VAR_dbt_token: ${{ secrets.TF_VAR_DBT_TOKEN }}
TF_VAR_dbt_host_url: ${{ secrets.TF_VAR_DBT_HOST_URL }}
- name: Encrypt Artifact & Upload Encrypted Artifact
uses: badgerhobbs/terraform-state@v2
if: ${{ contains(fromJSON(needs.changes.outputs.modules), matrix.module) }}
with:
encryption_key: ${{ secrets.AES_256_ENCRYPTION_KEY }}
operation: upload
location: artifact
github_token: ${{ secrets.GITHUB_TOKEN }}