Sonar POC Terraform Cloud #413
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Sonar POC Terraform Cloud' | |
on: | |
workflow_dispatch: {} | |
schedule: | |
- cron: '0 1 * * *' | |
pull_request: | |
types: | |
- 'opened' | |
- 'reopened' | |
branches: | |
- 'master' | |
env: | |
TF_CLI_ARGS: "-no-color" | |
TF_INPUT: 0 | |
permissions: | |
contents: read | |
jobs: | |
terraform: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- workspace: dsfkit-ci-cd | |
- workspace: dsfkit-ci-cd-hadr | |
name: 'Terraform ${{ matrix.workspace }}' | |
runs-on: ubuntu-latest | |
env: | |
TF_WORKSPACE: ${{ matrix.workspace }} | |
environment: test | |
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
defaults: | |
run: | |
shell: bash | |
steps: | |
# Checkout the repository to the GitHub Actions runner | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Change the modules source to local | |
run: | | |
find ./examples/ -type f -exec sed -i -f sed.expr {} \; | |
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. | |
- name: Terraform Init | |
run: terraform init | |
- name: Terraform Validate | |
run: terraform validate | |
- name: Cleaning environment | |
run: terraform destroy -auto-approve | |
# Checks that all Terraform configuration files adhere to a canonical format | |
- name: Terraform Format | |
run: terraform fmt -check | |
continue-on-error: true | |
# Generates an execution plan for Terraform | |
- name: Terraform Plan | |
run: terraform plan | |
# On push to "main", build or change infrastructure according to Terraform configuration files | |
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks | |
- name: Terraform Apply | |
# if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch' | |
run: terraform apply -auto-approve | |
- name: Terraform Output | |
if: always() | |
run: terraform output | |
- name: Save The Keys | |
if: always() | |
run: terraform output dsf_private_ssh_key > ${{ matrix.workspace }} | |
- name: Collect Artifacts | |
if: always() | |
uses: actions/upload-artifact@v2 | |
with: | |
name: collected-keys | |
path: | | |
${{ matrix.workspace }} | |
- name: Terraform Destroy | |
# if: always() | |
run: terraform destroy -auto-approve | |
- name: Check how was the workflow run | |
id: check-trigger | |
if: ${{ failure() }} | |
run: | | |
if [ "${{ github.event_name }}" == "schedule" ]; then | |
echo "run-by=Automation" >> $GITHUB_OUTPUT | |
else | |
echo "run-by=${{ github.actor }}" >> $GITHUB_OUTPUT | |
fi | |
# Send job failure to Slack | |
- name: Send Slack When Failure | |
run: | | |
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*Prod automation Failed*\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#dsfkit-prod"}' ${{ secrets.SLACK_WEBHOOK_URL }} | |
if: ${{ failure() }} |