-
Notifications
You must be signed in to change notification settings - Fork 9
115 lines (94 loc) · 3.64 KB
/
sonar_poc_cloud.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: 'Sonar POC Terraform Cloud'
on:
workflow_dispatch: {}
schedule:
- cron: '0 1 * * *'
pull_request:
types:
- 'opened'
- 'reopened'
branches:
- 'master'
env:
TF_CLI_ARGS: "-no-color"
TF_INPUT: 0
permissions:
contents: read
jobs:
terraform:
strategy:
fail-fast: false
matrix:
include:
- workspace: dsfkit-ci-cd
- workspace: dsfkit-ci-cd-hadr
name: 'Terraform ${{ matrix.workspace }}'
runs-on: ubuntu-latest
env:
TF_WORKSPACE: ${{ matrix.workspace }}
environment: test
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
- name: Change the modules source to local
run: |
find ./examples/ -type f -exec sed -i -f sed.expr {} \;
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: Cleaning environment
run: terraform destroy -auto-approve
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
run: terraform fmt -check
continue-on-error: true
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform plan
# On push to "main", build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
- name: Terraform Apply
# if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch'
run: terraform apply -auto-approve
- name: Terraform Output
if: always()
run: terraform output
- name: Save The Keys
if: always()
run: terraform output dsf_private_ssh_key > ${{ matrix.workspace }}
- name: Collect Artifacts
if: always()
uses: actions/upload-artifact@v2
with:
name: collected-keys
path: |
${{ matrix.workspace }}
- name: Terraform Destroy
# if: always()
run: terraform destroy -auto-approve
- name: Check how was the workflow run
id: check-trigger
if: ${{ failure() }}
run: |
if [ "${{ github.event_name }}" == "schedule" ]; then
echo "run-by=Automation" >> $GITHUB_OUTPUT
else
echo "run-by=${{ github.actor }}" >> $GITHUB_OUTPUT
fi
# Send job failure to Slack
- name: Send Slack When Failure
run: |
curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*Prod automation Failed*\n<https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}|Please check the job!>\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#dsfkit-prod"}' ${{ secrets.SLACK_WEBHOOK_URL }}
if: ${{ failure() }}