feat: prepare for account migration #184
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: terraform plan | |
on: | |
pull_request: | |
branches: | |
- main | |
paths: | |
- terraform/** | |
pull_request_target: | |
branches: | |
- main | |
paths: | |
- terraform/** | |
jobs: | |
validate: | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
LOGIN: ${{ github.actor }} | |
PR_REPO_FULL_NAME: ${{ github.event.pull_request.head.repo.full_name }} | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./terraform | |
outputs: | |
valid_workflow: ${{ steps.validate_workflow.outputs.valid_workflow }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Install and configure Poetry | |
uses: snok/install-poetry@2bf112a0f6979928eb6b011f39700db589c5961e #v1 | |
with: | |
virtualenvs-create: true | |
virtualenvs-in-project: true | |
version: 1.1.13 | |
- name: Install library | |
run: | | |
cd scripts | |
poetry install | |
- name: Run tests | |
run: | | |
cd scripts | |
poetry run pytest --cov validate . | |
- name: validate_workflow | |
id: validate_workflow | |
run: | | |
cd scripts | |
output=$(poetry run python validate.py) | |
echo "valid_workflow=$output" >> "$GITHUB_OUTPUT" | |
plan: | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TF_VAR_tvm_bot_webhook_secret: ${{ secrets.TVM_BOT_WEBHOOK_SECRET }} | |
TF_VAR_tvm_bot_github_token: ${{ secrets.TVM_BOT_GITHUB_TOKEN }} | |
TF_VAR_tvm_bot_repo: tvm | |
TF_VAR_tvm_bot_owner: apache | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./terraform | |
needs: validate | |
if: needs.validate.outputs.valid_workflow == 'True' | |
# These steps run if either the PR is within the same repo or if the PR is | |
# on a fork and the committer has deployer access | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Terraform fmt | |
id: fmt | |
uses: dflook/terraform-fmt@f0d4aaacfe91d9319a40cbb2bfeb5bd0ee2f2739 #v1.25.1 | |
continue-on-error: true | |
with: | |
path: ./terraform | |
- name: Terraform Validate | |
id: validate | |
uses: dflook/terraform-validate@85bc5b5cab93240dc66bf7b9e744570f12ace9d6 #v1.25.1 | |
with: | |
path: ./terraform | |
- name: Terraform Plan | |
uses: dflook/terraform-plan@7196a67f47a16ef4f7e12ff0b55205e5eb2cee55 #v1.25.1 | |
id: plan | |
with: | |
var_file: | | |
terraform/vars/tvm-ci-prod.auto.tfvars | |
path: ./terraform | |
workspace: tvm-ci-prod |