Skip to content

Commit

Permalink
Update workflow to use bash
Browse files Browse the repository at this point in the history
  • Loading branch information
@seviourl
seviourl committed Jul 4, 2024
1 parent 3b7e3fc commit eba9102
Showing 1 changed file with 86 additions and 167 deletions.
253 changes: 86 additions & 167 deletions .github/workflows/terraform-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ name: 'Terraform Pull Request'

on:
workflow_call:
inputs:
terraform-version:
required: false
type: string
inputs:
debug:
required: false
type: boolean

permissions:
contents: write
Expand All @@ -19,198 +19,117 @@ jobs:
runs-on: ubuntu-latest

outputs:
folders: ${{ steps.detect.outputs.folders }}
changes: ${{ steps.detect.outputs.changes }}
directories: ${{ steps.changes.outputs.directories }}

steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: 'Finding Folders with Terraform Changes'
id: detect
- name: 'Generate matrix from changed Terraform directories'
id: changes
run: |
set -e
FOLDERS=$(git diff --name-only HEAD^ HEAD | (grep '\.tf$' || true) | xargs -I {} dirname {})
CORE_FOLDERS=$(echo "$FOLDERS" | (grep -E '^core-services/' || true) | sort -u | tr '\n' ' ' | sed 's/ $//')
APP_FOLDERS=$(echo "$FOLDERS" | (grep -E '^applications/' || true) | sort -u | tr '\n' ' ' | sed 's/ $//')
ALL_FOLDERS=$(echo "$CORE_FOLDERS $APP_FOLDERS" | sed 's/^ *//;s/ *$//')
if [ -z "$ALL_FOLDERS" ]; then
echo "No Terraform changes found."
echo "changes=false" >> "$GITHUB_OUTPUT"
else
echo "Terraform changes found."
echo "changes=true" >> "$GITHUB_OUTPUT"
fi
echo "folders=$ALL_FOLDERS" >> "$GITHUB_OUTPUT"
- name: 'Check Invalid Core Services Folders'
if: steps.detect.outputs.changes == 'true'
run: |
set -e
INVALID_FOLDERS=$(echo "${{ steps.detect.outputs.folders}}" | tr ' ' '\n' | (grep -Ev '^core-services/[0-9][0-9]|^applications/[0-9][0-9]' || true))
if [ -n "$INVALID_FOLDERS" ]; then
echo "All core services and application folders must be named with a number prefix (e.g. core-services/01-foo, applications/01-bar)."
echo "Invalid folders are:"
for FOLDER in $INVALID_FOLDERS; do
echo " - $FOLDER"
done
exit 1
else
echo "All core services and application folders are named correctly."
VALID_DIRECTORIES=()
INVALID_DIRECTORIES=()
DIRECTORIES=$(git diff --name-only HEAD^ HEAD | (grep '\.tf$' || true) | xargs -I {} dirname {} | sort -t'/' -k1,1r -k2,2n)
for DIRECTORY in $DIRECTORIES; do
if [[ "$DIRECTORY" =~ ^(core-services|applications)/[0-9]+-[^/]+$ ]]; then
VALID_DIRECTORIES+=("$DIRECTORY")
else
INVALID_DIRECTORIES+=("$DIRECTORY")
fi
done
if [ ${#INVALID_DIRECTORIES[@]} -ne 0 ]; then
echo 'Error: All Terraform must be within the core-services or applications directories.' >&2
echo ' Each directory within must be named with a number prefix (e.g. core-services/01-foo, applications/01-bar).' >&2
echo ' Invalid directories:' >&2
printf ' %s\n' "${INVALID_DIRECTORIES[@]}" >&2
exit 1
fi
- name: 'Terraform Folders'
if: steps.detect.outputs.changes == 'true'
run: |
echo "Terraform will run from these folders:"
for FOLDER in ${{ steps.detect.outputs.folders}}; do
echo " - $FOLDER"
done
echo "directories=(${VALID_DIRECTORIES[*]})" >> $GITHUB_OUTPUT
terraform-formatting:
if: needs.pre-configuration.outputs.changes == 'true'
container:
image: ghcr.io/ukhsa-internal/devops-terraform-ci:latest
terraform:
runs-on: ubuntu-latest
needs: [ pre-configuration ]

if: needs.pre-configuration.outputs.directories != '()'
container:
image: ghcr.io/ukhsa-internal/devops-terraform-ci:latest

steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4

- name: 'Check and set Terraform version'
if: env.TF_VERSION != ''

- name: 'Terraform Processing'
shell: bash
run: |
if [[ ! "${{ env.TF_VERSION }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: input terraform-version must use the [0-9]+.[0-9]+.[0-9]+ format. (e.g. 1.9.0)"
echo "If left blank v$(terraform --version | grep -oP 'Terraform v\K[0-9.]+') will be used."
exit 1
else
tfenv use "${{ env.TF_VERSION }}"
fi
set -e
- name: 'Terraform Init'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform init\033[0m"
terraform init -no-color -input=false; echo ""
done
function process_output() {
if [ "${{ github.event.inputs.debug }}" == "true" ]; then
cat
else
cat > /dev/null
fi
}
VALID_DIRECTORIES=${{ needs.pre-configuration.outputs.directories }}
GIT_CHANGES="false"
echo -e "Using directories: ${VALID_DIRECTORIES[*]}"
- name: 'Terraform Validate'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform validate\033[0m"
terraform validate -no-color
done
- name: 'Terraform Format'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform fmt\033[0m"
terraform fmt -no-color -check
echo "$(pwd) formatted successfully\n"
done
echo -e "\033[1m\nProcessing Terraform:\033[0m"
for DIRECTORY in "${VALID_DIRECTORIES[@]}"; do
echo -e "\033[1m\t$DIRECTORY\033[0m"
- name: 'Terraform Lint'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform lint\033[0m"
tflint
echo "$(pwd) linted successfully\n"
done
cd "${{ github.workspace }}/$DIRECTORY"
- name: 'Terraform Docs'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform docs\033[0m"
terraform-docs markdown table --output-file README.md --output-mode inject "$(pwd)"; echo ""
done
echo -e "\t\t[+] Initialising Terraform"
terraform init -no-color -input=false | process_output
- name: Check for changes
id: git-status
run: |
git config --global --add safe.directory "$(pwd)"
if [ -n "$(git status --porcelain)" ]; then
echo "Changes detected from pipeline jobs"
echo "dirty=true" >> "$GITHUB_OUTPUT"
else
echo "No changes detected from pipeline jobs"
echo "dirty=false" >> "$GITHUB_OUTPUT"
fi
echo -e "\t\t[+] Validating Terraform"
terraform validate -no-color | process_output
- name: Commit and push changes
if: steps.git-status.outputs.dirty
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add -A
git commit -m "[automated] Terraform formatting and documentation updates"
git push
terraform-tests:
if: needs.pre-configuration.outputs.changes == 'true'
container:
image: ghcr.io/ukhsa-internal/devops-terraform-ci:latest
runs-on: ubuntu-latest
needs: [ pre-configuration, terraform-formatting ]

steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
echo -e "\t\t[+] Checkov scan"
checkov --quiet --compact | process_output
- name: 'Checkov Scan'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
TFDIR="${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - checkov\033[0m"
checkov -d "$TFDIR" --quiet --compact
done
echo -e "\t\t[+] Formatting Terraform"
terraform fmt -no-color | process_output
terraform-run:
if: needs.pre-configuration.outputs.changes == 'true'
container:
image: ghcr.io/ukhsa-internal/devops-terraform-ci:latest
runs-on: ubuntu-latest
needs: [ pre-configuration, terraform-formatting, terraform-tests ]

steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
echo -e "\t\t[+] Linting Terraform"
tflint | process_output
- name: 'Check and set Terraform version'
if: env.TF_VERSION != ''
shell: bash
run: |
if [[ ! "${{ env.TF_VERSION }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Error: input terraform-version must use the [0-9]+.[0-9]+.[0-9]+ format. (e.g. 1.9.0)"
echo "If left blank v$(terraform --version | grep -oP 'Terraform v\K[0-9.]+') will be used."
exit 1
else
tfenv use "${{ env.TF_VERSION }}"
fi
echo -e "\t\t[+] Documenting Terraform"
terraform-docs markdown table --output-file README.md --output-mode inject "$(pwd)" | process_output
- name: 'Terraform Init'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform init\033[0m"
terraform init -no-color -input=false; echo ""
if git status --porcelain | grep -q "$DIRECTORY"; then
git add "${{ github.workspace }}/$DIRECTORY"
echo -e "\t\t[+] Added changes to git"
GIT_CHANGES="true"
fi
echo -e "\t\t[+] Done\n"
done
- name: 'Terraform Plan'
run: |
for FOLDER in ${{ needs.pre-configuration.outputs.folders }}; do
cd "${{ github.workspace }}/$FOLDER"
echo "\033[1m$FOLDER - terraform plan\033[0m"
terraform plan -no-color -input=false
echo -e "\033[1mProcessing any git changes...\033[0m"
cd "${{ github.workspace }}"
git config --global --add safe.directory "$(pwd)"
if "$GIT_CHANGES"; then
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -m "[automated] Terraform formatting and documentation updates."
# git push
fi
echo -e "\033[1m\nRunning Terraform:\033[0m"
for FOLDER in "${VALID_DIRECTORIES[@]}"; do
echo -e "\033[1m\t$FOLDER\033[0m"
cd "${{ github.workspace }}/$DIRECTORY"
echo -e "\033[1m\t\t[+] Terraform Plan\033[0m"
terraform plan -no-color -input=false -out=tfplan; echo ""
done

0 comments on commit eba9102

Please sign in to comment.