From 587ae047bee9b4799d975840e725b24b862c0b30 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 00:25:38 +0000 Subject: [PATCH 01/97] expand command input description Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f4820509..d6e020f4 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ For each workflow run, a matrix-friendly job summary with logs is added as a fal | Type | Name | Description | | -------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -| CLI | `command` | Command to run between: `plan`, `apply` or leave empty for `init` with checks.
Example: `plan` | +| CLI | `command` | Command to run between: `plan`, `apply`, `init` (only for checks) or leave empty (only for outputs).
Example: `plan` | | CLI | `working-directory` | Specify the working directory of TF code, alias of `arg-chdir`.
Example: `path/to/directory` | | CLI | `tool` | Provisioning tool to use between: `terraform` or `tofu`.
Default: `terraform` | | Check | `format` | Check format of TF code.
Default: `false` | diff --git a/action.yml b/action.yml index 22311dad..dbdf079c 100644 --- a/action.yml +++ b/action.yml @@ -430,7 +430,7 @@ inputs: # Action parameters. command: default: "" - description: "Command to run between: `plan`, `apply` or leave empty for `init` with checks (e.g., `plan`)." + description: "Command to run between: `plan`, `apply`, `init` (only for checks) or leave empty (only for outputs) (e.g., `plan`)." required: false comment-pr: default: "update" From b0653ac40a0ce8daff975ee9844910343a65f4f8 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 15:24:25 +0000 Subject: [PATCH 02/97] enforce command input for initial steps Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index dbdf079c..2513785e 100644 --- a/action.yml +++ b/action.yml @@ -122,7 +122,8 @@ runs: echo "${{ inputs.tool }} fmt${{ steps.arg.outputs.arg-chdir }}${args}" | sed 's/ -/\n -/g' > tf.command.txt ${{ inputs.tool }}${{ steps.arg.outputs.arg-chdir }} fmt${args} 2> >(tee tf.console.txt) > >(tee tf.console.txt) - - id: initialize + - if: ${{ contains(fromJSON('["plan", "apply", "init"]'), inputs.command) }} + id: initialize shell: bash run: | # TF initialize. @@ -151,7 +152,7 @@ runs: echo "${{ inputs.tool }} validate${{ steps.arg.outputs.arg-chdir }}${args}" | sed 's/ -/\n -/g' > tf.command.txt ${{ inputs.tool }}${{ steps.arg.outputs.arg-chdir }} validate${args} 2> >(tee tf.console.txt) > >(tee tf.console.txt) - - if: ${{ inputs.label-pr == 'true' && steps.identifier.outputs.pr != 0 }} + - if: ${{ inputs.label-pr == 'true' && steps.identifier.outputs.pr != 0 && contains(fromJSON('["plan", "apply"]'), inputs.command) }} continue-on-error: true shell: bash run: | From e9cad0034efe0655648eb3d6f8a98a678a7d0427 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 15:24:34 +0000 Subject: [PATCH 03/97] as above Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 2513785e..0b7faf14 100644 --- a/action.yml +++ b/action.yml @@ -132,7 +132,7 @@ runs: echo "${{ inputs.tool }} init${{ steps.arg.outputs.arg-chdir }}${args}" | sed 's/ -/\n -/g' > tf.command.txt ${{ inputs.tool }}${{ steps.arg.outputs.arg-chdir }} init${args} 2> >(tee tf.console.txt) > >(tee tf.console.txt) - - if: ${{ inputs.arg-workspace != '' }} + - if: ${{ inputs.arg-workspace != '' && contains(fromJSON('["plan", "apply", "init"]'), inputs.command) }} id: workspace shell: bash run: | @@ -142,7 +142,7 @@ runs: echo "${{ inputs.tool }} workspace select${{ steps.arg.outputs.arg-chdir }}${args}" | sed 's/ -/\n -/g' > tf.command.txt ${{ inputs.tool }}${{ steps.arg.outputs.arg-chdir }} workspace select${args} 2> >(tee tf.console.txt) > >(tee tf.console.txt) - - if: ${{ inputs.validate == 'true' }} + - if: ${{ inputs.validate == 'true' && contains(fromJSON('["plan", "apply", "init"]'), inputs.command) }} id: validate shell: bash run: | From 4f6afbfb0b75d4c757a47a64b851989185a4dbe8 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 15:24:44 +0000 Subject: [PATCH 04/97] limit tests Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 3bc60d8f..0002fdc4 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -21,10 +21,10 @@ jobs: matrix: test: - pass_one - - pass_character_limit - - fail_data_source_error - - fail_format_diff - - fail_invalid_resource_type + # - pass_character_limit + # - fail_data_source_error + # - fail_format_diff + # - fail_invalid_resource_type steps: - name: Echo context From 232400dd72b9c5571e1e01e62ce5847c9a526136 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 15:51:39 +0000 Subject: [PATCH 05/97] use placeholder hostname for gh cli Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/action.yml b/action.yml index 0b7faf14..7f6dd82e 100644 --- a/action.yml +++ b/action.yml @@ -77,7 +77,7 @@ runs: # Get PR number using different query methods for push, merge_group, and pull_request events. if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then # List PRs associated with the commit, then get the PR number from the head ref or the latest PR. - associated_prs=$(gh api /repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls --header "$GH_API" --method GET --field per_page=100) + associated_prs=$(gh api /repos/{owner}/{repo}/commits/${GITHUB_SHA}/pulls --header "$GH_API" --method GET --field per_page=100) pr_number=$(echo "$associated_prs" | jq --raw-output '(.[] | select(.head.ref == env.GITHUB_REF_NAME) | .number) // .[0].number // 0') elif [[ "$GITHUB_EVENT_NAME" == "merge_group" ]]; then # Get the PR number by parsing the ref name. @@ -94,7 +94,7 @@ runs: echo "name=${{ inputs.tool }}-${pr_number}-${identifier}.tfplan" >> "$GITHUB_OUTPUT" # List jobs from the current workflow run. - workflow_run=$(gh api /repos/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/attempts/${GITHUB_RUN_ATTEMPT}/jobs --header "$GH_API" --method GET --field per_page=100) + workflow_run=$(gh api /repos/{owner}/{repo}/actions/runs/${GITHUB_RUN_ID}/attempts/${GITHUB_RUN_ATTEMPT}/jobs --header "$GH_API" --method GET --field per_page=100) # Get the current job ID from the workflow run using different query methods for matrix and regular jobs. if [[ "$GH_MATRIX" == "null" ]]; then @@ -158,9 +158,9 @@ runs: run: | # Label PR. # If the label does not exist, create it before adding it to the PR in the format 'tf:${{ inputs.command }}'. - gh api /repos/${GITHUB_REPOSITORY}/labels/tf:${{ inputs.command }} --header "$GH_API" --method GET || \ - gh api /repos/${GITHUB_REPOSITORY}/labels --header "$GH_API" --method POST --field "name=tf:${{ inputs.command }}" --field "description=Pull requests that ${{ inputs.command }} TF code." --field "color=5C4EE5" - gh api /repos/${GITHUB_REPOSITORY}/issues/${{ steps.identifier.outputs.pr }}/labels --header "$GH_API" --method POST --field "labels[]=tf:${{ inputs.command }}" + gh api /repos/{owner}/{repo}/labels/tf:${{ inputs.command }} --header "$GH_API" --method GET || \ + gh api /repos/{owner}/{repo}/labels --header "$GH_API" --method POST --field "name=tf:${{ inputs.command }}" --field "description=Pull requests that ${{ inputs.command }} TF code." --field "color=5C4EE5" + gh api /repos/{owner}/{repo}/issues/${{ steps.identifier.outputs.pr }}/labels --header "$GH_API" --method POST --field "labels[]=tf:${{ inputs.command }}" - if: ${{ inputs.command == 'plan' }} id: plan @@ -178,8 +178,8 @@ runs: run: | # Download plan file. # Get the artifact ID of the latest matching plan files for download. - artifact_id=$(gh api /repos/${GITHUB_REPOSITORY}/actions/artifacts --header "$GH_API" --method GET --field "name=${{ steps.identifier.outputs.name }}" --jq '.artifacts[0].id') - gh api /repos/${GITHUB_REPOSITORY}/actions/artifacts/${artifact_id}/zip --header "$GH_API" --method GET > "${{ steps.identifier.outputs.name }}.zip" + artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --header "$GH_API" --method GET --field "name=${{ steps.identifier.outputs.name }}" --jq '.artifacts[0].id') + gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --header "$GH_API" --method GET > "${{ steps.identifier.outputs.name }}.zip" # Unzip the plan file to the working directory, then clean up the zip file. unzip "${{ steps.identifier.outputs.name }}.zip" -d "${{ inputs.arg-chdir || inputs.working-directory }}" @@ -302,7 +302,7 @@ runs: if [[ "${{ steps.format.outcome }}" == "failure" ]]; then syntax="diff"; fi # Add summary to the job status. - check_run=$(gh api /repos/${GITHUB_REPOSITORY}/check-runs/${{ steps.identifier.outputs.job }} --header "$GH_API" --method PATCH --field "output[title]=${summary}" --field "output[summary]=${summary}") + check_run=$(gh api /repos/{owner}/{repo}/check-runs/${{ steps.identifier.outputs.job }} --header "$GH_API" --method PATCH --field "output[title]=${summary}" --field "output[summary]=${summary}") # From check_run, echo html_url. check_url=$(echo "$check_run" | jq --raw-output '.html_url') @@ -365,23 +365,23 @@ runs: # Post PR comment per ${{ inputs.comment-pr }} and if the PR number is not 0. if [[ "${{ inputs.comment-pr }}" != "none" && "${{ steps.identifier.outputs.pr }}" != "0" ]]; then # Check if the PR contains a bot comment with the same identifier. - list_comments=$(gh api /repos/${GITHUB_REPOSITORY}/issues/${{ steps.identifier.outputs.pr }}/comments --header "$GH_API" --method GET --field per_page=100) + list_comments=$(gh api /repos/{owner}/{repo}/issues/${{ steps.identifier.outputs.pr }}/comments --header "$GH_API" --method GET --field per_page=100) bot_comment=$(echo "$list_comments" | jq --raw-output --arg identifier "${{ steps.identifier.outputs.name }}" '.[] | select(.user.type == "Bot") | select(.body | contains($identifier)) | .id' | tail -n 1) if [[ -n "$bot_comment" ]]; then if [[ "${{ inputs.comment-pr }}" == "recreate" ]]; then # Delete previous comment before posting a new one. - gh api /repos/${GITHUB_REPOSITORY}/issues/comments/${bot_comment} --header "$GH_API" --method DELETE - pr_comment=$(gh api /repos/${GITHUB_REPOSITORY}/issues/${{ steps.identifier.outputs.pr }}/comments --header "$GH_API" --method POST --field "body=${body}") + gh api /repos/{owner}/{repo}/issues/comments/${bot_comment} --header "$GH_API" --method DELETE + pr_comment=$(gh api /repos/{owner}/{repo}/issues/${{ steps.identifier.outputs.pr }}/comments --header "$GH_API" --method POST --field "body=${body}") echo "comment_id=$(echo "$pr_comment" | jq --raw-output '.id')" >> "$GITHUB_OUTPUT" elif [[ "${{ inputs.comment-pr }}" == "update" ]]; then # Update existing comment. - pr_comment=$(gh api /repos/${GITHUB_REPOSITORY}/issues/comments/${bot_comment} --header "$GH_API" --method PATCH --field "body=${body}") + pr_comment=$(gh api /repos/{owner}/{repo}/issues/comments/${bot_comment} --header "$GH_API" --method PATCH --field "body=${body}") echo "comment_id=$(echo "$pr_comment" | jq --raw-output '.id')" >> "$GITHUB_OUTPUT" fi else # Post new comment. - pr_comment=$(gh api /repos/${GITHUB_REPOSITORY}/issues/${{ steps.identifier.outputs.pr }}/comments --header "$GH_API" --method POST --field "body=${body}") + pr_comment=$(gh api /repos/{owner}/{repo}/issues/${{ steps.identifier.outputs.pr }}/comments --header "$GH_API" --method POST --field "body=${body}") echo "comment_id=$(echo "$pr_comment" | jq --raw-output '.id')" >> "$GITHUB_OUTPUT" fi fi From f114ccf343b013a915dd462d8b3be9f0dbb11e3d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:25:35 +0000 Subject: [PATCH 06/97] inputs.command description wording Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d6e020f4..aedaf225 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ For each workflow run, a matrix-friendly job summary with logs is added as a fal | Type | Name | Description | | -------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -| CLI | `command` | Command to run between: `plan`, `apply`, `init` (only for checks) or leave empty (only for outputs).
Example: `plan` | +| CLI | `command` | Command to run between: `plan` or `apply`. Leave empty for outputs only or `init` for checks only.
Example: `plan` | | CLI | `working-directory` | Specify the working directory of TF code, alias of `arg-chdir`.
Example: `path/to/directory` | | CLI | `tool` | Provisioning tool to use between: `terraform` or `tofu`.
Default: `terraform` | | Check | `format` | Check format of TF code.
Default: `false` | diff --git a/action.yml b/action.yml index 7f6dd82e..0afc029d 100644 --- a/action.yml +++ b/action.yml @@ -431,7 +431,7 @@ inputs: # Action parameters. command: default: "" - description: "Command to run between: `plan`, `apply`, `init` (only for checks) or leave empty (only for outputs) (e.g., `plan`)." + description: "Command to run between: `plan`, `apply`. Leave empty for outputs only or `init` for checks only (e.g., `plan`)." required: false comment-pr: default: "update" From a6c9ffe8f0b62a06937a05dadd8cd3f7d8600d42 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:26:25 +0000 Subject: [PATCH 07/97] test init only Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 0002fdc4..bb6e5696 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - command: ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu From 7cd073866b8fdbed154cd4387eea3350ad27b024 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:27:12 +0000 Subject: [PATCH 08/97] empty command input Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index bb6e5696..e423e508 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: "" # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu From bfe64da57ddce34363556f115c9053feed9d7714 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:28:52 +0000 Subject: [PATCH 09/97] comment format and validate inputs as well Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index e423e508..a5a8105c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -52,8 +52,8 @@ jobs: arg-lock: ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu - format: true - validate: true + # format: true + # validate: true - name: Echo TF run: | From ec36bac8e85b504f21fa11a631ffe42d034fdf73 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:32:59 +0000 Subject: [PATCH 10/97] fallback for empty command input Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 0afc029d..dd521927 100644 --- a/action.yml +++ b/action.yml @@ -267,7 +267,7 @@ runs: run: | # Post output. # Parse the tf.command.txt file. - command=$(cat tf.command.txt) + command=$(cat tf.command.txt || true) # Remove each comma-delemited hide-args argument from the command. IFS=',' read -ra hide_args <<< "${{ inputs.hide-args }}" From 2569865ab4ba51beb50a37407fb83a754a967f8e Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:34:54 +0000 Subject: [PATCH 11/97] add fallback for tf.console.txt Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index dd521927..fd6ef38f 100644 --- a/action.yml +++ b/action.yml @@ -286,7 +286,7 @@ runs: echo "command=$command" >> "$GITHUB_OUTPUT" # Parse the tf.console.txt file, truncated for character limit. - console=$(head --bytes=42000 tf.console.txt) + console=$(head --bytes=42000 tf.console.txt || true) if [[ ${#console} -eq 42000 ]]; then console="${console}"$'\n…'; fi { echo 'result< Date: Wed, 4 Dec 2024 17:37:21 +0000 Subject: [PATCH 12/97] change fallback to touch empty file instead of passing default true value Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index fd6ef38f..f0e5f687 100644 --- a/action.yml +++ b/action.yml @@ -267,7 +267,7 @@ runs: run: | # Post output. # Parse the tf.command.txt file. - command=$(cat tf.command.txt || true) + command=$(cat tf.command.txt || touch tf.command.txt) # Remove each comma-delemited hide-args argument from the command. IFS=',' read -ra hide_args <<< "${{ inputs.hide-args }}" @@ -286,7 +286,7 @@ runs: echo "command=$command" >> "$GITHUB_OUTPUT" # Parse the tf.console.txt file, truncated for character limit. - console=$(head --bytes=42000 tf.console.txt || true) + console=$(head --bytes=42000 tf.console.txt || touch tf.console.txt) if [[ ${#console} -eq 42000 ]]; then console="${console}"$'\n…'; fi { echo 'result< Date: Wed, 4 Dec 2024 17:40:50 +0000 Subject: [PATCH 13/97] revert fallback value and default values in place of selective command inputs Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index f0e5f687..eda29c92 100644 --- a/action.yml +++ b/action.yml @@ -262,12 +262,12 @@ runs: ${{ inputs.tool }}${{ steps.arg.outputs.arg-chdir }} apply${args} 2> >(tee tf.console.txt) > >(tee tf.console.txt) - id: post - if: ${{ !cancelled() && steps.identifier.outcome == 'success' }} + if: ${{ !cancelled() && steps.identifier.outcome == 'success' && contains(fromJSON('["plan", "apply", "init"]'), inputs.command) }} shell: bash run: | # Post output. # Parse the tf.command.txt file. - command=$(cat tf.command.txt || touch tf.command.txt) + command=$(cat tf.command.txt) # Remove each comma-delemited hide-args argument from the command. IFS=',' read -ra hide_args <<< "${{ inputs.hide-args }}" @@ -286,7 +286,7 @@ runs: echo "command=$command" >> "$GITHUB_OUTPUT" # Parse the tf.console.txt file, truncated for character limit. - console=$(head --bytes=42000 tf.console.txt || touch tf.console.txt) + console=$(head --bytes=42000 tf.console.txt) if [[ ${#console} -eq 42000 ]]; then console="${console}"$'\n…'; fi { echo 'result< Date: Wed, 4 Dec 2024 17:43:44 +0000 Subject: [PATCH 14/97] comment out command input altogether just to see what happens Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index a5a8105c..c6b9a650 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - command: "" # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + # command: "" # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu From dfff6a3fd6c4924e0bba4978d5cfe944a0499000 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:53:06 +0000 Subject: [PATCH 15/97] show plan-file artifact Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c6b9a650..e849818c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - # command: "" # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: "" # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu @@ -69,3 +69,19 @@ jobs: echo "result: ${{ steps.tf.outputs.result }}" echo "run-url: ${{ steps.tf.outputs.run-url }}" echo "summary: ${{ steps.tf.outputs.summary }}" + + - name: Parse plan-file artifact + env: + PLAN_FILE: ${{ steps.tf.outputs.identifier }} + run: | + echo "Get artifact ID for $PLAN_FILE" + artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$PLAN_FILE" --jq '.artifacts[0].id') + echo "Download artifact zip" + gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$PLAN_FILE.zip" + echo "Unzip artifact" + unzip "$PLAN_FILE.zip" + echo "List files" + ls -la + echo "Remove artifact zip" + rm "$PLAN_FILE.zip" + tofu show "$PLAN_FILE" From 24696aa31470dfd11812bdd805abfc6fcf0c0947 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:04:31 +0000 Subject: [PATCH 16/97] show "tfplan" Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index e849818c..f39164eb 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -80,8 +80,5 @@ jobs: gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$PLAN_FILE.zip" echo "Unzip artifact" unzip "$PLAN_FILE.zip" - echo "List files" - ls -la - echo "Remove artifact zip" - rm "$PLAN_FILE.zip" - tofu show "$PLAN_FILE" + echo "Show plan" + tofu show "tfplan" From 521f322d0e6ccf1122eff28ff7b56263b4cbd7f8 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:09:27 +0000 Subject: [PATCH 17/97] require tf init before tf show Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index f39164eb..c7de9c4d 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,8 +48,8 @@ jobs: continue-on-error: true uses: ./ with: - command: "" # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} - arg-lock: ${{ github.event.pull_request.merged }} + command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu # format: true From daf9a8d252218da0ac07572319eaf6e5ba35fdfb Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:11:22 +0000 Subject: [PATCH 18/97] change dir Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c7de9c4d..52c08ce6 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -79,6 +79,8 @@ jobs: echo "Download artifact zip" gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$PLAN_FILE.zip" echo "Unzip artifact" - unzip "$PLAN_FILE.zip" + unzip "$PLAN_FILE.zip" -d "tests/${{ matrix.test }}" + # Change directory to plan-file + cd "tests/${{ matrix.test }}" echo "Show plan" tofu show "tfplan" From d631d0b3ee7426d08a46dd736a04b7df61d95e76 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:12:07 +0000 Subject: [PATCH 19/97] test without init, just to see what the error looks like Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 52c08ce6..e4ab6165 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + # command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu From 7e863338ebac723f87cd1e4078b442196e84f8f0 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:13:55 +0000 Subject: [PATCH 20/97] comment in tf init again Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index e4ab6165..52c08ce6 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - # command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu From 7160e8c1f7efd9731bbd83c2d22a11d062f6291c Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 18:17:08 +0000 Subject: [PATCH 21/97] grep planfile Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 52c08ce6..052cc9ef 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -84,3 +84,7 @@ jobs: cd "tests/${{ matrix.test }}" echo "Show plan" tofu show "tfplan" + echo "Use tofu show tfplan to check if it contains a line starting with 'Plan:'." + tofu show "tfplan" | grep -q "^Plan:" || exit 0 + echo "exit 1" + tofu show "tfplan" | grep -q "^Plan:" || exit 1 From 6c7ef56fd2fa511e1f2ce329c64ec49da4b42f26 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:29:30 +0000 Subject: [PATCH 22/97] decrypt Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 39 +++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 052cc9ef..756d21ac 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: plan # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu @@ -70,21 +70,26 @@ jobs: echo "run-url: ${{ steps.tf.outputs.run-url }}" echo "summary: ${{ steps.tf.outputs.summary }}" - - name: Parse plan-file artifact + - name: Check plan for diff env: - PLAN_FILE: ${{ steps.tf.outputs.identifier }} + path: tests/${{ matrix.test }} + plan: ${{ steps.tf.outputs.identifier }} + pass: ${{ secrets.TF_ENCRYPTION }} run: | - echo "Get artifact ID for $PLAN_FILE" - artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$PLAN_FILE" --jq '.artifacts[0].id') - echo "Download artifact zip" - gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$PLAN_FILE.zip" - echo "Unzip artifact" - unzip "$PLAN_FILE.zip" -d "tests/${{ matrix.test }}" - # Change directory to plan-file - cd "tests/${{ matrix.test }}" - echo "Show plan" - tofu show "tfplan" - echo "Use tofu show tfplan to check if it contains a line starting with 'Plan:'." - tofu show "tfplan" | grep -q "^Plan:" || exit 0 - echo "exit 1" - tofu show "tfplan" | grep -q "^Plan:" || exit 1 + echo "Download plan-file artifact." + artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') + gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" + unzip "$plan.zip" -d "$path" + + echo "Optionally decrypt plan-file." + temp=$(mktemp) + printf "%s" "$pass" > "$temp" + openssl enc -aes-256-ctr -pbkdf2 -salt -in "$path" -out "$path.decrypted" -pass file:"$temp" -d + mv "$path.decrypted" "$path" + + echo "List files" + ls -la + ls -la "$path" + + echo "Check if plan-file has diff, or exit with 1." + tofu -chdir "$path" show "tfplan" | grep -q "^Plan:" || exit 1 From 6175d640ce58123eba7325d5e5c863103b209558 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:31:00 +0000 Subject: [PATCH 23/97] plan-encrypt Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 756d21ac..0e27e308 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -52,6 +52,7 @@ jobs: arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu + plan-encrypt: ${{ secrets.TF_ENCRYPTION }} # format: true # validate: true From 6c90325a2071afbbbdc8032da99bf38b18dcf9c3 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:39:30 +0000 Subject: [PATCH 24/97] check the basics Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 0e27e308..348b3035 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -52,7 +52,7 @@ jobs: arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu - plan-encrypt: ${{ secrets.TF_ENCRYPTION }} + # plan-encrypt: ${{ secrets.TF_ENCRYPTION }} # format: true # validate: true @@ -82,11 +82,11 @@ jobs: gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" unzip "$plan.zip" -d "$path" - echo "Optionally decrypt plan-file." - temp=$(mktemp) - printf "%s" "$pass" > "$temp" - openssl enc -aes-256-ctr -pbkdf2 -salt -in "$path" -out "$path.decrypted" -pass file:"$temp" -d - mv "$path.decrypted" "$path" + # echo "Optionally decrypt plan-file." + # temp=$(mktemp) + # printf "%s" "$pass" > "$temp" + # openssl enc -aes-256-ctr -pbkdf2 -salt -in "$path" -out "$path.decrypted" -pass file:"$temp" -d + # mv "$path.decrypted" "$path" echo "List files" ls -la From 79b1f35c48fa3c46c8f3de685766e429ade3136c Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:40:13 +0000 Subject: [PATCH 25/97] retry Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 348b3035..cc5f1884 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -93,4 +93,4 @@ jobs: ls -la "$path" echo "Check if plan-file has diff, or exit with 1." - tofu -chdir "$path" show "tfplan" | grep -q "^Plan:" || exit 1 + tofu -chdir="$path" show "tfplan" | grep -q "^Plan:" || exit 1 From d99c55b8918866937d75e0f04d18ff27ff30b304 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:45:49 +0000 Subject: [PATCH 26/97] change directory Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index cc5f1884..963b49c0 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -81,6 +81,7 @@ jobs: artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" unzip "$plan.zip" -d "$path" + cd "$path" # echo "Optionally decrypt plan-file." # temp=$(mktemp) @@ -93,4 +94,4 @@ jobs: ls -la "$path" echo "Check if plan-file has diff, or exit with 1." - tofu -chdir="$path" show "tfplan" | grep -q "^Plan:" || exit 1 + tofu show "tfplan" | grep -q "^Plan:" || exit 1 From f00e5912f4ce70986e92428adc2a1cc298ff407e Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:47:15 +0000 Subject: [PATCH 27/97] retry Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 963b49c0..53434204 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -52,7 +52,7 @@ jobs: arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu - # plan-encrypt: ${{ secrets.TF_ENCRYPTION }} + plan-encrypt: ${{ secrets.TF_ENCRYPTION }} # format: true # validate: true @@ -86,12 +86,8 @@ jobs: # echo "Optionally decrypt plan-file." # temp=$(mktemp) # printf "%s" "$pass" > "$temp" - # openssl enc -aes-256-ctr -pbkdf2 -salt -in "$path" -out "$path.decrypted" -pass file:"$temp" -d - # mv "$path.decrypted" "$path" - - echo "List files" - ls -la - ls -la "$path" + # openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d + # mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff, or exit with 1." tofu show "tfplan" | grep -q "^Plan:" || exit 1 From f62e38acb230c94b33bd131de99df9208fe41542 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:47:47 +0000 Subject: [PATCH 28/97] decrypt Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 53434204..7798a165 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -83,11 +83,11 @@ jobs: unzip "$plan.zip" -d "$path" cd "$path" - # echo "Optionally decrypt plan-file." - # temp=$(mktemp) - # printf "%s" "$pass" > "$temp" - # openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d - # mv "tfplan.decrypted" "tfplan" + echo "Optionally decrypt plan-file." + temp=$(mktemp) + printf "%s" "$pass" > "$temp" + openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d + mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff, or exit with 1." tofu show "tfplan" | grep -q "^Plan:" || exit 1 From d7707b521daeb90dbf35ddeaaf060fc3a5531032 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:48:54 +0000 Subject: [PATCH 29/97] init plan-encrypt Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 7798a165..6a8e72c7 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,11 +48,10 @@ jobs: continue-on-error: true uses: ./ with: - command: plan # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu - plan-encrypt: ${{ secrets.TF_ENCRYPTION }} # format: true # validate: true From 19aecdd5279c6213ebfd83423676bbc95ef316c9 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:50:28 +0000 Subject: [PATCH 30/97] show tfplan Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 6a8e72c7..50faa8bc 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -89,4 +89,5 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff, or exit with 1." + tofu show "tfplan" tofu show "tfplan" | grep -q "^Plan:" || exit 1 From 35e12dd2af9c707e681f5ca3a3fb4faabb06b492 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:43:38 +0000 Subject: [PATCH 31/97] output Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 50faa8bc..9a8cb7b9 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -71,10 +71,11 @@ jobs: echo "summary: ${{ steps.tf.outputs.summary }}" - name: Check plan for diff + id: check env: path: tests/${{ matrix.test }} plan: ${{ steps.tf.outputs.identifier }} - pass: ${{ secrets.TF_ENCRYPTION }} + pass: ${{ secrets.TF_ENCRYPTION }} # Optional. run: | echo "Download plan-file artifact." artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') @@ -89,5 +90,7 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff, or exit with 1." - tofu show "tfplan" - tofu show "tfplan" | grep -q "^Plan:" || exit 1 + diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") + + outputs: + diff_exists: ${{ steps.check.outputs.diff_exists }} From 517b7ad5f936d1bfc6ad6928d7837391ba919cd5 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:44:37 +0000 Subject: [PATCH 32/97] comment out command input for kicks and giggles Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 9a8cb7b9..a67013c7 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + # command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu @@ -89,7 +89,7 @@ jobs: openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d mv "tfplan.decrypted" "tfplan" - echo "Check if plan-file has diff, or exit with 1." + echo "Check if plan-file has diff." diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") outputs: From d86c3d66bd4a59fddf7e6d43eeb56a45172245db Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:45:26 +0000 Subject: [PATCH 33/97] revert include command input init Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index a67013c7..9cfbe925 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -48,7 +48,7 @@ jobs: continue-on-error: true uses: ./ with: - # command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} arg-lock: false # ${{ github.event.pull_request.merged }} working-directory: tests/${{ matrix.test }} tool: tofu From 93f6108d867727ef9047ae8c80795a521a5a6471 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 12:27:30 +0000 Subject: [PATCH 34/97] docs improve wording command input Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index aedaf225..5538f7b0 100644 --- a/README.md +++ b/README.md @@ -127,7 +127,7 @@ For each workflow run, a matrix-friendly job summary with logs is added as a fal | Type | Name | Description | | -------- | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | -| CLI | `command` | Command to run between: `plan` or `apply`. Leave empty for outputs only or `init` for checks only.
Example: `plan` | +| CLI | `command` | Command to run between: `plan` or `apply`. Optionally `init` for checks and outputs only.
Example: `plan` | | CLI | `working-directory` | Specify the working directory of TF code, alias of `arg-chdir`.
Example: `path/to/directory` | | CLI | `tool` | Provisioning tool to use between: `terraform` or `tofu`.
Default: `terraform` | | Check | `format` | Check format of TF code.
Default: `false` | diff --git a/action.yml b/action.yml index eda29c92..4781e09d 100644 --- a/action.yml +++ b/action.yml @@ -431,7 +431,7 @@ inputs: # Action parameters. command: default: "" - description: "Command to run between: `plan`, `apply`. Leave empty for outputs only or `init` for checks only (e.g., `plan`)." + description: "Command to run between: `plan` or `apply`. Optionally `init` for checks and outputs only (e.g., `plan`)." required: false comment-pr: default: "update" From 5ac1f459b757959d0118c4038925bf32d50f257b Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:41:51 +0000 Subject: [PATCH 35/97] check apply job output Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 9cfbe925..9af091a9 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -94,3 +94,17 @@ jobs: outputs: diff_exists: ${{ steps.check.outputs.diff_exists }} + + apply: + needs: tests + if: ${{ needs.tests.outputs.diff_exists == 'true' }} + runs-on: ubuntu-24.04 + + permissions: + actions: read # Required to download repository artifact. + checks: write # Required to add status summary. + contents: read # Required to checkout repository. + pull-requests: write # Required to add PR comment and label. + + steps: + - run: echo "run apply" From a31135bade0869a1f9b4574faf3875645f867501 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:42:23 +0000 Subject: [PATCH 36/97] check negative case Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 9af091a9..7cad55ed 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -90,7 +90,7 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff." - diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") + diff_exists=$(tofu show "tfplan" | grep -q "^No:" && echo "true" || echo "false") outputs: diff_exists: ${{ steps.check.outputs.diff_exists }} From fac3e6bc5ff095058fcd63267c0af70ebaf86d23 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:43:49 +0000 Subject: [PATCH 37/97] echo diff_exists status Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 7cad55ed..00644c5a 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -90,7 +90,9 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff." - diff_exists=$(tofu show "tfplan" | grep -q "^No:" && echo "true" || echo "false") + tofu show "tfplan" + diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") + echo "$diff_exists" outputs: diff_exists: ${{ steps.check.outputs.diff_exists }} From b6eeb9662ec70d776971d863b77b5d8cb4695c8d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:46:14 +0000 Subject: [PATCH 38/97] retry Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 00644c5a..e8c118ec 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -94,19 +94,15 @@ jobs: diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") echo "$diff_exists" + - run: echo ${{ steps.check.outputs.diff_exists }} + outputs: diff_exists: ${{ steps.check.outputs.diff_exists }} apply: - needs: tests + needs: [tests] if: ${{ needs.tests.outputs.diff_exists == 'true' }} runs-on: ubuntu-24.04 - permissions: - actions: read # Required to download repository artifact. - checks: write # Required to add status summary. - contents: read # Required to checkout repository. - pull-requests: write # Required to add PR comment and label. - steps: - run: echo "run apply" From 52fde723493faf4ecfc46adeccfbad953c2dcd14 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:49:20 +0000 Subject: [PATCH 39/97] output diff_exists value from step Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index e8c118ec..b14f10ce 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -90,9 +90,8 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff." - tofu show "tfplan" diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") - echo "$diff_exists" + echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT - run: echo ${{ steps.check.outputs.diff_exists }} From fa81c361740bf44384505f2a441e4d417b73ee6f Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:50:39 +0000 Subject: [PATCH 40/97] test negative case Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index b14f10ce..96d9448d 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -90,11 +90,9 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff." - diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") + diff_exists=$(tofu show "tfplan" | grep -q "^No:" && echo "true" || echo "false") echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT - - run: echo ${{ steps.check.outputs.diff_exists }} - outputs: diff_exists: ${{ steps.check.outputs.diff_exists }} From afc3f79d75da39fa3fb627d23e709c7043d3e875 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 14:50:53 +0000 Subject: [PATCH 41/97] revert post-test Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 96d9448d..44e585cb 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -90,7 +90,7 @@ jobs: mv "tfplan.decrypted" "tfplan" echo "Check if plan-file has diff." - diff_exists=$(tofu show "tfplan" | grep -q "^No:" && echo "true" || echo "false") + diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT outputs: From 94100311dfe2d52b40e63031126a1db8c920dd19 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:05:25 +0000 Subject: [PATCH 42/97] doc pr_push_stages example workflow for condition job stages Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_stages.yaml | 94 ++++++++++++++++++++++++++++ README.md | 8 +++ 2 files changed, 102 insertions(+) create mode 100644 .github/examples/pr_push_stages.yaml diff --git a/.github/examples/pr_push_stages.yaml b/.github/examples/pr_push_stages.yaml new file mode 100644 index 00000000..3c382993 --- /dev/null +++ b/.github/examples/pr_push_stages.yaml @@ -0,0 +1,94 @@ +--- +name: Trigger on pull_request (plan) and push (apply) events with conditional job stages. + +on: + pull_request: + push: + branches: [main] + +permissions: + actions: read # Required to identify workflow run. + checks: write # Required to add status summary. + contents: read # Required to checkout repository. + pull-requests: write # Required to add comment and label. + +jobs: + plan: + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup TF + uses: hashicorp/setup-terraform@v3 + + - name: Plan TF + uses: devsectop/tf-via-pr@v12 + with: + command: plan + working-directory: path/to/directory + + pre_apply: + if: github.event_name == 'push' + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup TF + uses: hashicorp/setup-terraform@v3 + + - name: Init TF + id: tf + uses: devsectop/tf-via-pr@v12 + with: + command: init + working-directory: path/to/directory + comment-pr: none + + - name: Check for diff + id: check + env: + path: path/to/directory + plan: ${{ steps.tf.outputs.identifier }} + pass: ${{ secrets.TF_ENCRYPTION }} # For "plan-encrypt" users. + run: | + echo "Download plan-file artifact." + artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') + gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" + unzip "$plan.zip" -d "$path" + cd "$path" + + echo "Optionally decrypt plan-file." + temp=$(mktemp) + printf "%s" "$pass" > "$temp" + openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d + mv "tfplan.decrypted" "tfplan" + + echo "Check if plan-file has diff." + diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") + echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT + + outputs: + diff_exists: ${{ steps.check.outputs.diff_exists }} + + apply: + needs: pre_apply + if: ${{ needs.pre_apply.outputs.diff_exists == 'true' }} + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup TF + uses: hashicorp/setup-terraform@v3 + + - name: Plan TF + uses: devsectop/tf-via-pr@v12 + with: + command: apply + working-directory: path/to/directory diff --git a/README.md b/README.md index 5538f7b0..9f18200d 100644 --- a/README.md +++ b/README.md @@ -92,6 +92,14 @@ The following workflows showcase common use cases, while a comprehensive list of Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy. + + + Run on pull_request (plan) and push (apply) events with conditional job stages. + + + Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. + + Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. From 8ac382633518688e3f4d83c811caafdd133b724b Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:14:29 +0000 Subject: [PATCH 43/97] line breaks Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_stages.yaml | 4 ++-- .github/workflows/tf_tests.yaml | 7 ++++--- README.md | 6 ++++++ 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/examples/pr_push_stages.yaml b/.github/examples/pr_push_stages.yaml index 3c382993..24fb28c2 100644 --- a/.github/examples/pr_push_stages.yaml +++ b/.github/examples/pr_push_stages.yaml @@ -54,7 +54,7 @@ jobs: env: path: path/to/directory plan: ${{ steps.tf.outputs.identifier }} - pass: ${{ secrets.TF_ENCRYPTION }} # For "plan-encrypt" users. + pass: ${{ secrets.PASSPHRASE }} # For use with "plan-encrypt". run: | echo "Download plan-file artifact." artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') @@ -87,7 +87,7 @@ jobs: - name: Setup TF uses: hashicorp/setup-terraform@v3 - - name: Plan TF + - name: Apply TF uses: devsectop/tf-via-pr@v12 with: command: apply diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 44e585cb..d1720335 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -2,9 +2,10 @@ name: TF Tests on: - pull_request: - paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] - types: [opened, reopened, synchronize, closed] + merge_group: + # pull_request: + # paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] + # types: [opened, reopened, synchronize, closed] jobs: tests: diff --git a/README.md b/README.md index 9f18200d..609795c8 100644 --- a/README.md +++ b/README.md @@ -86,25 +86,31 @@ The following workflows showcase common use cases, while a comprehensive list of From 283da612c8621cc5b338bd9cefb45a2b21c49704 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:15:08 +0000 Subject: [PATCH 44/97] line breaks Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 609795c8..0b9acedc 100644 --- a/README.md +++ b/README.md @@ -86,33 +86,33 @@ The following workflows showcase common use cases, while a comprehensive list of
+
Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. 		+
Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy.
+
Run on pull_request (plan) and push (apply) events with conditional job stages. 		+
Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.
+
Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. 		+
Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.
+
+
+
+
+
+
-
Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. 		-
Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy.
-
Run on pull_request (plan) and push (apply) events with conditional job stages. 		-
Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.
-
Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. 		-
Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.

From e11d82a4dca99ed7576c576f3fd1f73e7061f040 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:15:49 +0000 Subject: [PATCH 45/97] br Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0b9acedc..81b0cb96 100644 --- a/README.md +++ b/README.md @@ -87,32 +87,32 @@ The following workflows showcase common use cases, while a comprehensive list of Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. -
+ Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy. -
+ Run on pull_request (plan) and push (apply) events with conditional job stages. -
+ Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. -
+ Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. -
+ Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. -
+
From 47dbcfa65f6dbe42786c0e65d4cb6f9819fa52db Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:16:25 +0000 Subject: [PATCH 46/97] br Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 81b0cb96..609795c8 100644 --- a/README.md +++ b/README.md @@ -86,32 +86,32 @@ The following workflows showcase common use cases, while a comprehensive list of
+
Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. -
+
Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy. -
+
Run on pull_request (plan) and push (apply) events with conditional job stages. -
+
Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. -
+
Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. -
+
Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. -
From 196a35aa75d36c586a7995448e06f8fb3151e1b4 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:16:50 +0000 Subject: [PATCH 47/97] br Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 609795c8..e5cd99e8 100644 --- a/README.md +++ b/README.md @@ -88,30 +88,36 @@ The following workflows showcase common use cases, while a comprehensive list of
Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. +

Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy. +

Run on pull_request (plan) and push (apply) events with conditional job stages. +

Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. +

Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. +

Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. +
From 23092097494f015eadbea9c37aaa48ddd735bd5d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:17:20 +0000 Subject: [PATCH 48/97] br Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index e5cd99e8..39ce8633 100644 --- a/README.md +++ b/README.md @@ -89,11 +89,13 @@ The following workflows showcase common use cases, while a comprehensive list of
Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching.
+

Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy.
+
@@ -101,11 +103,13 @@ The following workflows showcase common use cases, while a comprehensive list of
Run on pull_request (plan) and push (apply) events with conditional job stages.
+

Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.
+
@@ -113,11 +117,13 @@ The following workflows showcase common use cases, while a comprehensive list of
Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner.
+

Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.
+
From 083d812c67fc827f4c475d422224820c2a5adadb Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:18:14 +0000 Subject: [PATCH 49/97] br clean Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 39ce8633..fdc42234 100644 --- a/README.md +++ b/README.md @@ -88,42 +88,36 @@ The following workflows showcase common use cases, while a comprehensive list of
Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. -
-
+


Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy. -
-
+


Run on pull_request (plan) and push (apply) events with conditional job stages. -
-
+


Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. -
-
+


Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. -
-
+


Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. -
-
+

From 05fee56ea1890e52c6cf6303ef2394c9e3c65196 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:18:51 +0000 Subject: [PATCH 50/97] bold Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fdc42234..16905fab 100644 --- a/README.md +++ b/README.md @@ -87,36 +87,36 @@ The following workflows showcase common use cases, while a comprehensive list of
- Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. + Run on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching.


- Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy. + Run on pull_request (plan) and merge_group (apply) events with OpenTofu in matrix strategy.


- Run on pull_request (plan) and push (apply) events with conditional job stages. + Run on pull_request (plan) and push (apply) events with conditional job stages.


- Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. + Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.


- Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. + Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner.


- Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. + Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift.

From 95a10104f0b4a00099205f41d6c0a54f817b7add Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:23:59 +0000 Subject: [PATCH 51/97] plan file naming Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_stages.yaml | 8 ++++---- .github/workflows/tf_tests.yaml | 6 +++--- README.md | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/examples/pr_push_stages.yaml b/.github/examples/pr_push_stages.yaml index 24fb28c2..2c24f303 100644 --- a/.github/examples/pr_push_stages.yaml +++ b/.github/examples/pr_push_stages.yaml @@ -1,5 +1,5 @@ --- -name: Trigger on pull_request (plan) and push (apply) events with conditional job stages. +name: Trigger on pull_request (plan) and push (apply) events with conditional job stages based on plan file. on: pull_request: @@ -56,19 +56,19 @@ jobs: plan: ${{ steps.tf.outputs.identifier }} pass: ${{ secrets.PASSPHRASE }} # For use with "plan-encrypt". run: | - echo "Download plan-file artifact." + echo "Download plan file artifact." artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" unzip "$plan.zip" -d "$path" cd "$path" - echo "Optionally decrypt plan-file." + echo "Optionally decrypt plan file." temp=$(mktemp) printf "%s" "$pass" > "$temp" openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d mv "tfplan.decrypted" "tfplan" - echo "Check if plan-file has diff." + echo "Check if plan file has diff." diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index d1720335..4acd896b 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -78,19 +78,19 @@ jobs: plan: ${{ steps.tf.outputs.identifier }} pass: ${{ secrets.TF_ENCRYPTION }} # Optional. run: | - echo "Download plan-file artifact." + echo "Download plan file artifact." artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" unzip "$plan.zip" -d "$path" cd "$path" - echo "Optionally decrypt plan-file." + echo "Optionally decrypt plan file." temp=$(mktemp) printf "%s" "$pass" > "$temp" openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d mv "tfplan.decrypted" "tfplan" - echo "Check if plan-file has diff." + echo "Check if plan file has diff." diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT diff --git a/README.md b/README.md index 16905fab..7c97a3e6 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ The following workflows showcase common use cases, while a comprehensive list of
- Run on pull_request (plan) and push (apply) events with conditional job stages. + Run on pull_request (plan) and push (apply) events with conditional job stages based on plan file.

From 3f5a36da927e5a190e4de1c5679b7e3deeff1837 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:21:16 +0000 Subject: [PATCH 52/97] being tflint workflow example Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_lint.yaml | 50 ++++++++++++++++++++++++++++++ README.md | 6 ++-- 2 files changed, 53 insertions(+), 3 deletions(-) create mode 100644 .github/examples/pr_push_lint.yaml diff --git a/.github/examples/pr_push_lint.yaml b/.github/examples/pr_push_lint.yaml new file mode 100644 index 00000000..cb32c8c9 --- /dev/null +++ b/.github/examples/pr_push_lint.yaml @@ -0,0 +1,50 @@ +--- +name: Trigger on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. + +on: + pull_request: + push: + branches: [main] + +jobs: + tf: + runs-on: ubuntu-latest + + permissions: + actions: read # Required to identify workflow run. + checks: write # Required to add status summary. + contents: read # Required to checkout repository. + id-token: write # Required to authenticate via OIDC. + pull-requests: write # Required to add comment and label. + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Authenticate AWS + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-east-1 + role-to-assume: ${{ secrets.AWS_ROLE }} + + - name: Create cache + run: | + mkdir --parents $HOME/.terraform.d/plugin-cache + echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >> $GITHUB_ENV + + - name: Cache TF + uses: actions/cache@v4 + with: + path: ~/.terraform.d/plugin-cache + key: cache-tf-${{ runner.os }}-${{ hashFiles('path/to/directory/.terraform.lock.hcl') }} + + - name: Setup TF + uses: hashicorp/setup-terraform@v3 + + - name: Provision TF + uses: devsectop/tf-via-pr@v12 + with: + command: ${{ github.event_name == 'push' && 'apply' || 'plan' }} + arg-lock: ${{ github.event_name == 'push' }} + working-directory: path/to/directory + plan-encrypt: ${{ secrets.PASSPHRASE }} diff --git a/README.md b/README.md index 7c97a3e6..8e2ca37d 100644 --- a/README.md +++ b/README.md @@ -104,19 +104,19 @@ The following workflows showcase common use cases, while a comprehensive list of
- Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. + Run on schedule (cron) event with `-refresh-only` to open an issue on configuration drift.


- Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner. + Run on pull_request (plan) and push (apply) events with fmt/validate checks and TFLint.


- Run on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. + Run on pull_request (plan or apply) event with Terraform and OpenTofu on self-hosted runner.

From d9d232d27e1de431b4be73fa92eae92817b9105a Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:44:49 +0000 Subject: [PATCH 53/97] draft pr_push_lint workflow Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_lint.yaml | 69 +++++++++++++++++++------- .github/examples/pr_push_stages.yaml | 3 ++ .github/examples/schedule_refresh.yaml | 6 +-- 3 files changed, 56 insertions(+), 22 deletions(-) diff --git a/.github/examples/pr_push_lint.yaml b/.github/examples/pr_push_lint.yaml index cb32c8c9..7f78b1a3 100644 --- a/.github/examples/pr_push_lint.yaml +++ b/.github/examples/pr_push_lint.yaml @@ -1,5 +1,5 @@ --- -name: Trigger on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching. +name: Trigger on pull_request (plan) and push (apply) events with fmt/validate checks and TFLint. on: pull_request: @@ -14,37 +14,70 @@ jobs: actions: read # Required to identify workflow run. checks: write # Required to add status summary. contents: read # Required to checkout repository. - id-token: write # Required to authenticate via OIDC. pull-requests: write # Required to add comment and label. steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Authenticate AWS - uses: aws-actions/configure-aws-credentials@v4 + - name: Setup TF + uses: hashicorp/setup-terraform@v3 + + - name: Init TF + id: tf + if: ${{ github.event_name == 'pull_request' }} + uses: devsectop/tf-via-pr@v12 with: - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE }} + command: init + arg-lock: false + working-directory: path/to/directory + format: true + validate: true + + - name: Setup TFLint + if: ${{ github.event_name == 'pull_request' }} + uses: terraform-linters/setup-tflint@v4 + with: + tflint_wrapper: true - - name: Create cache + - name: Run TFLint + id: tflint + if: ${{ github.event_name == 'pull_request' }} + working-directory: path/to/directory run: | - mkdir --parents $HOME/.terraform.d/plugin-cache - echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >> $GITHUB_ENV + tflint --init + tflint --format compact + continue-on-error: true - - name: Cache TF - uses: actions/cache@v4 - with: - path: ~/.terraform.d/plugin-cache - key: cache-tf-${{ runner.os }}-${{ hashFiles('path/to/directory/.terraform.lock.hcl') }} + - name: Comment if TFLint errors + if: ${{ github.event_name == 'pull_request' && steps.tflint.outputs.exitcode != 0 }} + env: + GH_TOKEN: ${{ github.token }} + run: | + # Compose TFLint output. + tflint=" +
TFLint error. - - name: Setup TF - uses: hashicorp/setup-terraform@v3 + \`\`\`hcl + ${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }} + \`\`\` +
" + + # Get body of PR comment from tf step output. + comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') + + # Replace placeholder with TFLint output. + comment="${comment///$tflint}" + + # Update PR comment combined with TFLint output. + gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method PATCH --field body="$comment" + + # Exit workflow due to TFLint error. + exit 1 - - name: Provision TF + - name: ${{ format('{0}', github.event_name == 'push' && 'Apply' || 'Plan') }} TF uses: devsectop/tf-via-pr@v12 with: command: ${{ github.event_name == 'push' && 'apply' || 'plan' }} arg-lock: ${{ github.event_name == 'push' }} working-directory: path/to/directory - plan-encrypt: ${{ secrets.PASSPHRASE }} diff --git a/.github/examples/pr_push_stages.yaml b/.github/examples/pr_push_stages.yaml index 2c24f303..ef050545 100644 --- a/.github/examples/pr_push_stages.yaml +++ b/.github/examples/pr_push_stages.yaml @@ -29,6 +29,7 @@ jobs: with: command: plan working-directory: path/to/directory + plan-encrypt: ${{ secrets.PASSPHRASE }} pre_apply: if: github.event_name == 'push' @@ -52,6 +53,7 @@ jobs: - name: Check for diff id: check env: + GH_TOKEN: ${{ github.token }} path: path/to/directory plan: ${{ steps.tf.outputs.identifier }} pass: ${{ secrets.PASSPHRASE }} # For use with "plan-encrypt". @@ -92,3 +94,4 @@ jobs: with: command: apply working-directory: path/to/directory + plan-encrypt: ${{ secrets.PASSPHRASE }} diff --git a/.github/examples/schedule_refresh.yaml b/.github/examples/schedule_refresh.yaml index adc8b5d0..8189bbf7 100644 --- a/.github/examples/schedule_refresh.yaml +++ b/.github/examples/schedule_refresh.yaml @@ -1,5 +1,5 @@ --- -name: Trigger on schedule (cron) event with fmt/validate checks to open an issue on configuration drift. +name: Trigger on schedule (cron) event with -refresh-only to open an issue on configuration drift. on: schedule: @@ -23,7 +23,7 @@ jobs: - name: Setup TF uses: hashicorp/setup-terraform@v3 - - name: Provision TF + - name: Plan TF id: provision uses: devsectop/tf-via-pr@v12 with: @@ -32,8 +32,6 @@ jobs: arg-refresh-only: true working-directory: path/to/directory plan-encrypt: ${{ secrets.PASSPHRASE }} - format: true - validate: true - name: Open issue on drift if: steps.provision.outputs.exitcode != 0 From 6b71787c7e64ba306d6129910dcd2ff84279c547 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:47:43 +0000 Subject: [PATCH 54/97] code Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8e2ca37d..3d845e12 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,7 @@ The following workflows showcase common use cases, while a comprehensive list of
- Run on schedule (cron) event with `-refresh-only` to open an issue on configuration drift. + Run on schedule (cron) event with -refresh-only to open an issue on configuration drift.

From ef9a7cc41e8e6c82938a756ae9cca3331a43e358 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:51:16 +0000 Subject: [PATCH 55/97] dogfood pr_push_lint workflow Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 100 ++++++++++++++------------------ 1 file changed, 45 insertions(+), 55 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 4acd896b..2b6cb45c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -2,10 +2,9 @@ name: TF Tests on: - merge_group: - # pull_request: - # paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] - # types: [opened, reopened, synchronize, closed] + pull_request: + paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] + types: [opened, reopened, synchronize, closed] jobs: tests: @@ -44,63 +43,54 @@ jobs: tofu_version: 1.8.5 tofu_wrapper: false - - name: Provision TF + - name: Init TF id: tf - continue-on-error: true + if: ${{ github.event_name == 'pull_request' }} uses: ./ with: - command: init # ${{ github.event.pull_request.merged && 'apply' || 'plan' }} - arg-lock: false # ${{ github.event.pull_request.merged }} + command: init + arg-lock: false working-directory: tests/${{ matrix.test }} - tool: tofu - # format: true - # validate: true + format: true + validate: true + + - name: Setup TFLint + if: ${{ github.event_name == 'pull_request' }} + uses: terraform-linters/setup-tflint@v4 + with: + tflint_wrapper: true - - name: Echo TF + - name: Run TFLint + id: tflint + if: ${{ github.event_name == 'pull_request' }} + working-directory: tests/${{ matrix.test }} run: | - echo "check-id: ${{ steps.tf.outputs.check-id }}" - echo "command: ${{ steps.tf.outputs.command }}" - echo "comment-id: ${{ steps.tf.outputs.comment-id }}" - echo "diff: ${{ steps.tf.outputs.diff }}" - echo "exitcode: ${{ steps.tf.outputs.exitcode }}" - echo "identifier: ${{ steps.tf.outputs.identifier }}" - echo "job-id: ${{ steps.tf.outputs.job-id }}" - echo "plan-id: ${{ steps.tf.outputs.plan-id }}" - echo "plan-url: ${{ steps.tf.outputs.plan-url }}" - echo "result: ${{ steps.tf.outputs.result }}" - echo "run-url: ${{ steps.tf.outputs.run-url }}" - echo "summary: ${{ steps.tf.outputs.summary }}" - - - name: Check plan for diff - id: check + tflint --init + tflint --format compact + continue-on-error: true + + - name: Comment if TFLint errors + if: ${{ github.event_name == 'pull_request' && steps.tflint.outputs.exitcode != 0 }} env: - path: tests/${{ matrix.test }} - plan: ${{ steps.tf.outputs.identifier }} - pass: ${{ secrets.TF_ENCRYPTION }} # Optional. + GH_TOKEN: ${{ github.token }} run: | - echo "Download plan file artifact." - artifact_id=$(gh api /repos/{owner}/{repo}/actions/artifacts --method GET --field "name=$plan" --jq '.artifacts[0].id') - gh api /repos/{owner}/{repo}/actions/artifacts/${artifact_id}/zip --method GET > "$plan.zip" - unzip "$plan.zip" -d "$path" - cd "$path" - - echo "Optionally decrypt plan file." - temp=$(mktemp) - printf "%s" "$pass" > "$temp" - openssl enc -aes-256-ctr -pbkdf2 -salt -in "tfplan" -out "tfplan.decrypted" -pass file:"$temp" -d - mv "tfplan.decrypted" "tfplan" - - echo "Check if plan file has diff." - diff_exists=$(tofu show "tfplan" | grep -q "^Plan:" && echo "true" || echo "false") - echo "diff_exists=$diff_exists" >> $GITHUB_OUTPUT - - outputs: - diff_exists: ${{ steps.check.outputs.diff_exists }} - - apply: - needs: [tests] - if: ${{ needs.tests.outputs.diff_exists == 'true' }} - runs-on: ubuntu-24.04 + # Compose TFLint output. + tflint=" +
TFLint error. - steps: - - run: echo "run apply" + \`\`\`hcl + ${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }} + \`\`\` +
" + + # Get body of PR comment from tf step output. + comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') + + # Replace placeholder with TFLint output. + comment="${comment///$tflint}" + + # Update PR comment combined with TFLint output. + gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method PATCH --field body="$comment" + + # Exit workflow due to TFLint error. + exit 1 From 01dd8384b48067b178fe598134639b4da4721ed8 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:53:39 +0000 Subject: [PATCH 56/97] test with tofu Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 2b6cb45c..c4c76f72 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -53,6 +53,7 @@ jobs: working-directory: tests/${{ matrix.test }} format: true validate: true + tool: tofu - name: Setup TFLint if: ${{ github.event_name == 'pull_request' }} From bb97b9c53894c2d054140c5dc1b3dfc3bea2a9a1 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:55:09 +0000 Subject: [PATCH 57/97] use terraform for simplicity Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c4c76f72..c0546b5d 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -38,10 +38,7 @@ jobs: persist-credentials: false - name: Setup TF - uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4 - with: - tofu_version: 1.8.5 - tofu_wrapper: false + uses: hashicorp/setup-terraform@v3 - name: Init TF id: tf @@ -53,7 +50,6 @@ jobs: working-directory: tests/${{ matrix.test }} format: true validate: true - tool: tofu - name: Setup TFLint if: ${{ github.event_name == 'pull_request' }} From 3d4d6c4059427f60f7419eceb3e2c3f92dd37458 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 16:59:16 +0000 Subject: [PATCH 58/97] debug Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c0546b5d..ba87176c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -81,13 +81,16 @@ jobs: " # Get body of PR comment from tf step output. + echo "Get body of PR comment from tf step output." comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') # Replace placeholder with TFLint output. + echo "Replace placeholder with TFLint output." comment="${comment///$tflint}" # Update PR comment combined with TFLint output. + echo "Update PR comment combined with TFLint output." gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method PATCH --field body="$comment" # Exit workflow due to TFLint error. - exit 1 + # exit 1 From 4cfae0a180aa9489cf60c4f63e4886f2ef25d2b6 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:01:35 +0000 Subject: [PATCH 59/97] debug static string Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index ba87176c..21925ab0 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -72,13 +72,6 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint=" -
TFLint error. - - \`\`\`hcl - ${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }} - \`\`\` -
" # Get body of PR comment from tf step output. echo "Get body of PR comment from tf step output." @@ -86,7 +79,8 @@ jobs: # Replace placeholder with TFLint output. echo "Replace placeholder with TFLint output." - comment="${comment///$tflint}" + comment="${comment///TFLint}" + # comment="${comment///$tflint}" # Update PR comment combined with TFLint output. echo "Update PR comment combined with TFLint output." From 73d83e2220c85a9f87f802fcbf05180c35e8ad00 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:03:27 +0000 Subject: [PATCH 60/97] more debug Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 21925ab0..3e1d63dd 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -72,18 +72,21 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. + tflint=" +
TFLint error. + + \`\`\`hcl + + \`\`\` +
" # Get body of PR comment from tf step output. - echo "Get body of PR comment from tf step output." comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') # Replace placeholder with TFLint output. - echo "Replace placeholder with TFLint output." - comment="${comment///TFLint}" - # comment="${comment///$tflint}" + comment="${comment///$tflint}" # Update PR comment combined with TFLint output. - echo "Update PR comment combined with TFLint output." gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method PATCH --field body="$comment" # Exit workflow due to TFLint error. From 3a8290b983791b8eeb6017e335f8399ccf3a22d5 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:05:47 +0000 Subject: [PATCH 61/97] test tflint stderr output Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 3e1d63dd..9832639d 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -2,6 +2,7 @@ name: TF Tests on: + # push: pull_request: paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] types: [opened, reopened, synchronize, closed] @@ -67,7 +68,7 @@ jobs: continue-on-error: true - name: Comment if TFLint errors - if: ${{ github.event_name == 'pull_request' && steps.tflint.outputs.exitcode != 0 }} + if: ${{ steps.tflint.outputs.exitcode != 0 }} env: GH_TOKEN: ${{ github.token }} run: | @@ -76,7 +77,7 @@ jobs:
TFLint error. \`\`\`hcl - + ${{ steps.tflint.outputs.stderr }} \`\`\`
" From fc29989aa70642eb5b1c08a5fc3540bad3304d14 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:07:28 +0000 Subject: [PATCH 62/97] now with tflint stdout Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 9832639d..685a680c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -77,7 +77,7 @@ jobs:
TFLint error. \`\`\`hcl - ${{ steps.tflint.outputs.stderr }} + ${{ steps.tflint.outputs.stdout }} \`\`\`
" From 4177243b14bf73d24c521f41554af35940a5ff8d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:20:51 +0000 Subject: [PATCH 63/97] raw tflint error Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 685a680c..1741bcb0 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -68,7 +68,7 @@ jobs: continue-on-error: true - name: Comment if TFLint errors - if: ${{ steps.tflint.outputs.exitcode != 0 }} + if: ${{ steps.tflint.outputs.exitcode >= 0 }} env: GH_TOKEN: ${{ github.token }} run: | @@ -77,7 +77,9 @@ jobs:
TFLint error. \`\`\`hcl - ${{ steps.tflint.outputs.stdout }} + 2 issue(s) found: + main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) + main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\`
" From a2fd5df66f89851ec9b1ad031ae1c2baf097e42f Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:21:40 +0000 Subject: [PATCH 64/97] remove dquotes Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 1741bcb0..3febda87 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -78,8 +78,8 @@ jobs: \`\`\`hcl 2 issue(s) found: - main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) - main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) + main.tf:1:1: Warning - Missing version constraint for provider random in `required_providers` (terraform_required_providers) + main.tf:1:1: Warning - terraform required_version attribute is required (terraform_required_version) \`\`\` " From 91ef435dd496232a2845a0ad11f2ce1abcd4b93c Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:28:19 +0000 Subject: [PATCH 65/97] remove ticks Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 3febda87..91797eaa 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -78,7 +78,7 @@ jobs: \`\`\`hcl 2 issue(s) found: - main.tf:1:1: Warning - Missing version constraint for provider random in `required_providers` (terraform_required_providers) + main.tf:1:1: Warning - Missing version constraint for provider random in required_providers (terraform_required_providers) main.tf:1:1: Warning - terraform required_version attribute is required (terraform_required_version) \`\`\` " From e0da273cedbab848444aaf902132a25d59bf3ee7 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:33:14 +0000 Subject: [PATCH 66/97] re-introduce dquotes Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 91797eaa..27824b9c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -78,8 +78,8 @@ jobs: \`\`\`hcl 2 issue(s) found: - main.tf:1:1: Warning - Missing version constraint for provider random in required_providers (terraform_required_providers) - main.tf:1:1: Warning - terraform required_version attribute is required (terraform_required_version) + main.tf:1:1: Warning - Missing version constraint for provider "random" in required_providers (terraform_required_providers) + main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\` " From 71e8bc3a7fa2c710105bc488cd2ee54633635cc4 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:36:57 +0000 Subject: [PATCH 67/97] introduce heredoc Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 27824b9c..7a530b2e 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,7 +73,7 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint=" + tflint=$(cat <TFLint error. \`\`\`hcl @@ -81,7 +81,9 @@ jobs: main.tf:1:1: Warning - Missing version constraint for provider "random" in required_providers (terraform_required_providers) main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\` - " + + EOF + ) # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From f1145ff901361343fb0bcda80d7edf3155c8551d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:38:00 +0000 Subject: [PATCH 68/97] variable tflint output Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 7a530b2e..0f8e52fe 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -77,9 +77,7 @@ jobs:
TFLint error. \`\`\`hcl - 2 issue(s) found: - main.tf:1:1: Warning - Missing version constraint for provider "random" in required_providers (terraform_required_providers) - main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) + ${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }} \`\`\`
EOF From 8242e213c1558b43ff02c8dc6417427e2a997ff1 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:48:51 +0000 Subject: [PATCH 69/97] er Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 0f8e52fe..15052351 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -77,7 +77,10 @@ jobs:
TFLint error. \`\`\`hcl - ${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }} + 2 issue(s) found: + + Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in required_providers (terraform_required_providers) + Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\`
EOF From 50117de7da8c3d2f9eee37d77fd9fe4e17979394 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:50:08 +0000 Subject: [PATCH 70/97] one backtick Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 15052351..b5f8a501 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -79,7 +79,7 @@ jobs: \`\`\`hcl 2 issue(s) found: - Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in required_providers (terraform_required_providers) + Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers (terraform_required_providers) Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\` From 8303c4391812e11463f7e1220fb4d494c65511c2 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:51:28 +0000 Subject: [PATCH 71/97] second backtick Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index b5f8a501..755f2acf 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -79,7 +79,7 @@ jobs: \`\`\`hcl 2 issue(s) found: - Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers (terraform_required_providers) + Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\` From 09132b7e22e0bb032be8434cab2a3be3f3a6bd97 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 17:55:01 +0000 Subject: [PATCH 72/97] erm Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 755f2acf..8d05eb70 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,7 +73,20 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint=$(cat <TFLint error. + + # \`\`\`hcl + # 2 issue(s) found: + + # Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) + # Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) + # \`\`\` + # + # EOF + # ) + + tflint="
TFLint error. \`\`\`hcl @@ -82,9 +95,7 @@ jobs: Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\` -
- EOF - ) + " # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From 1e4ce828bb2a42749503cefa7a3e243f37a7bc1b Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:00:07 +0000 Subject: [PATCH 73/97] just tflint output by itself Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 8d05eb70..c0cb51d9 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -86,16 +86,18 @@ jobs: # EOF # ) - tflint=" -
TFLint error. + # tflint=" + #
TFLint error. + + # \`\`\`hcl + # 2 issue(s) found: - \`\`\`hcl - 2 issue(s) found: + # Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) + # Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) + # \`\`\` + #
" - Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) - Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) - \`\`\` -
" + tflint="${{ steps.tflint.outputs.stdout }}" # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From d6cabc0a1cc1b71e4392900c88497097685a74ba Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:05:43 +0000 Subject: [PATCH 74/97] sub backtick for squote Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c0cb51d9..8f128a42 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -97,7 +97,8 @@ jobs: # \`\`\` # " - tflint="${{ steps.tflint.outputs.stdout }}" + tflint_raw="${{ steps.tflint.outputs.stdout }}" + tflint="${tflint_raw//`/'}" # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From d16aad4a87306c3f715db23d8e48a55d1538e14f Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:05:54 +0000 Subject: [PATCH 75/97] sub backtick for dquote Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 8f128a42..bf1d208c 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -98,7 +98,7 @@ jobs: # " tflint_raw="${{ steps.tflint.outputs.stdout }}" - tflint="${tflint_raw//`/'}" + tflint="${tflint_raw//`/"}" # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From c34ff718695d241bb3aa6a446edbf47a97920b06 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:07:22 +0000 Subject: [PATCH 76/97] heredoc Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index bf1d208c..d2364105 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -97,7 +97,10 @@ jobs: # \`\`\` # " - tflint_raw="${{ steps.tflint.outputs.stdout }}" + tflint_raw=$(cat < Date: Thu, 5 Dec 2024 18:09:12 +0000 Subject: [PATCH 77/97] retry Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index d2364105..c9af7446 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -101,7 +101,7 @@ jobs: ${{ steps.tflint.outputs.stdout }} EOF ) - tflint="${tflint_raw//`/"}" + tflint=$(echo "$tflint_raw" | sed "s/\`/'/g") # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From 2a47d486d30a57ba91607c0db0a1c471624e45a7 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:10:40 +0000 Subject: [PATCH 78/97] re Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c9af7446..098ef7ab 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -101,7 +101,8 @@ jobs: ${{ steps.tflint.outputs.stdout }} EOF ) - tflint=$(echo "$tflint_raw" | sed "s/\`/'/g") + # tflint=$(echo "$tflint_raw" | sed "s/\`/'/g") + tflint=$(echo "$tflint_raw" | sed 's/`/"/g') # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From c4728e05ad7f327c0c667d661cdf3a1d4a72c404 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:17:36 +0000 Subject: [PATCH 79/97] um Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 098ef7ab..7851662d 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -86,23 +86,23 @@ jobs: # EOF # ) - # tflint=" - #
TFLint error. + tflint=' +
TFLint error. - # \`\`\`hcl - # 2 issue(s) found: + \`\`\`hcl + 2 issue(s) found: - # Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) - # Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) - # \`\`\` - #
" + Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) + Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) + \`\`\` +
' - tflint_raw=$(cat < Date: Thu, 5 Dec 2024 18:19:08 +0000 Subject: [PATCH 80/97] re Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 7851662d..459be2fa 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -95,14 +95,10 @@ jobs: Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) \`\`\` - ' + + ' - # tflint_raw=$(cat < Date: Thu, 5 Dec 2024 18:20:21 +0000 Subject: [PATCH 81/97] backticks syntax highlighting Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 459be2fa..a5c32a37 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -89,12 +89,12 @@ jobs: tflint='
TFLint error. - \`\`\`hcl + ```hcl 2 issue(s) found: Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) - \`\`\` + ```
' From 6562f4b8c1a9e766df5b4e05e57f3dbe68fbc293 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:23:25 +0000 Subject: [PATCH 82/97] sheesh Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index a5c32a37..9cc7eb1e 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -87,19 +87,21 @@ jobs: # ) tflint=' -
TFLint error. - - ```hcl 2 issue(s) found: - Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) - ``` -
' - tflint=$(echo "$tflint" | sed 's/`/\\`/g') + tflint=" +
TFLint error. + + ```hcl + ${tflint} + ``` +
+ " + # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From 356f7f7c56e74d4849997b807a22a833930dc43d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:26:34 +0000 Subject: [PATCH 83/97] what Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 9cc7eb1e..528506e4 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,19 +73,6 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - # tflint=$(cat <TFLint error. - - # \`\`\`hcl - # 2 issue(s) found: - - # Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) - # Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) - # \`\`\` - # - # EOF - # ) - tflint=' 2 issue(s) found: Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) @@ -96,9 +83,9 @@ jobs: tflint="
TFLint error. - ```hcl + \`\`\`hcl ${tflint} - ``` + \`\`\`
" From 2c513d6fc10e4c3cb7ec366f409fed831d68aa18 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:28:34 +0000 Subject: [PATCH 84/97] er Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 528506e4..0bd0f888 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,11 +73,7 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint=' - 2 issue(s) found: - Warning: main.tf:1:1: Warning - Missing version constraint for provider "random" in `required_providers` (terraform_required_providers) - Warning: main.tf:1:1: Warning - terraform "required_version" attribute is required (terraform_required_version) - ' + tflint='${{ steps.tflint.outputs.stdout }}' tflint=$(echo "$tflint" | sed 's/`/\\`/g') tflint=" From f9af0b0f334060e10ece677293ae9305232ba207 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:29:36 +0000 Subject: [PATCH 85/97] concise Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 0bd0f888..6347da3a 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,14 +73,14 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint='${{ steps.tflint.outputs.stdout }}' - tflint=$(echo "$tflint" | sed 's/`/\\`/g') + # tflint='${{ steps.tflint.outputs.stdout }}' + # tflint=$(echo "$tflint" | sed 's/`/\\`/g') tflint="
TFLint error. \`\`\`hcl - ${tflint} + ${echo '${{ steps.tflint.outputs.stdout }}' | sed 's/`/\\`/g'} \`\`\`
" From 939dc308c37a63ac36bd118186a26cb0722c867f Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:30:25 +0000 Subject: [PATCH 86/97] dquotes Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 6347da3a..64e9897e 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -80,7 +80,7 @@ jobs:
TFLint error. \`\`\`hcl - ${echo '${{ steps.tflint.outputs.stdout }}' | sed 's/`/\\`/g'} + ${echo "${{ steps.tflint.outputs.stdout }}" | sed 's/`/\\`/g'} \`\`\`
" From 869ffe0826f3d25eae7fd1034f6f1193094b6944 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:32:07 +0000 Subject: [PATCH 87/97] remove braces Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 64e9897e..071b9748 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -80,7 +80,7 @@ jobs:
TFLint error. \`\`\`hcl - ${echo "${{ steps.tflint.outputs.stdout }}" | sed 's/`/\\`/g'} + echo "${{ steps.tflint.outputs.stdout }}" | sed 's/`/\\`/g' \`\`\`
" From 88fb64ea5946cde7b29f0c418ee531100b01025d Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:32:26 +0000 Subject: [PATCH 88/97] squotes Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 071b9748..b49518bc 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -80,7 +80,7 @@ jobs:
TFLint error. \`\`\`hcl - echo "${{ steps.tflint.outputs.stdout }}" | sed 's/`/\\`/g' + echo '${{ steps.tflint.outputs.stdout }}' | sed 's/`/\\`/g' \`\`\`
" From 8b2c8787a8f7c2a43e0a7151fd054724239f8774 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:33:35 +0000 Subject: [PATCH 89/97] surround in parentheses Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index b49518bc..8018515b 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -80,7 +80,7 @@ jobs:
TFLint error. \`\`\`hcl - echo '${{ steps.tflint.outputs.stdout }}' | sed 's/`/\\`/g' + $(echo '${{ steps.tflint.outputs.stdout }}' | sed 's/`/\\`/g') \`\`\`
" From 4346d4690b8fc41813d2bbddb8c30d12c77daa69 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:34:06 +0000 Subject: [PATCH 90/97] dquotes Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 8018515b..8190cfcf 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -80,7 +80,7 @@ jobs:
TFLint error. \`\`\`hcl - $(echo '${{ steps.tflint.outputs.stdout }}' | sed 's/`/\\`/g') + $(echo "${{ steps.tflint.outputs.stdout }}" | sed 's/`/\\`/g') \`\`\`
" From 52e4a4e71371e02704b774db12535857622a59dd Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:35:58 +0000 Subject: [PATCH 91/97] separate Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 8190cfcf..5ead01a3 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,14 +73,14 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - # tflint='${{ steps.tflint.outputs.stdout }}' + tflint='${{ steps.tflint.outputs.stdout }}' # tflint=$(echo "$tflint" | sed 's/`/\\`/g') tflint="
TFLint error. \`\`\`hcl - $(echo "${{ steps.tflint.outputs.stdout }}" | sed 's/`/\\`/g') + $(echo "$tflint" | sed 's/`/\\`/g') \`\`\`
" From 2c96d7af5b0f8b5f80dda2f1ba750020d27d5b1c Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:37:00 +0000 Subject: [PATCH 92/97] compact Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 5ead01a3..c0981b29 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -74,16 +74,12 @@ jobs: run: | # Compose TFLint output. tflint='${{ steps.tflint.outputs.stdout }}' - # tflint=$(echo "$tflint" | sed 's/`/\\`/g') - - tflint=" -
TFLint error. + tflint="
TFLint error. \`\`\`hcl $(echo "$tflint" | sed 's/`/\\`/g') \`\`\` -
- " +
" # Get body of PR comment from tf step output. comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') From 41574f44a7cb603f2f57bb03e4da500635a72d30 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:38:15 +0000 Subject: [PATCH 93/97] dquotes instead of squotes Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index c0981b29..9b9f3fe1 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,7 +73,7 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint='${{ steps.tflint.outputs.stdout }}' + tflint="${{ steps.tflint.outputs.stdout }}" tflint="
TFLint error. \`\`\`hcl From 2426142b6a0f4e96d83afecf94a0e6570f89176e Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:39:15 +0000 Subject: [PATCH 94/97] stderr or stdout Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 9b9f3fe1..74055a55 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -73,7 +73,7 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint="${{ steps.tflint.outputs.stdout }}" + tflint='${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }}' tflint="
TFLint error. \`\`\`hcl From 0caac8b8c881a4432e72f9de1eaf40051d86e914 Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:41:36 +0000 Subject: [PATCH 95/97] ready pr_push_lint Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_lint.yaml | 6 +- .github/workflows/tf_tests.yaml | 163 +++++++++++++---------------- 2 files changed, 73 insertions(+), 96 deletions(-) diff --git a/.github/examples/pr_push_lint.yaml b/.github/examples/pr_push_lint.yaml index 7f78b1a3..16e8fbf5 100644 --- a/.github/examples/pr_push_lint.yaml +++ b/.github/examples/pr_push_lint.yaml @@ -55,11 +55,11 @@ jobs: GH_TOKEN: ${{ github.token }} run: | # Compose TFLint output. - tflint=" -
TFLint error. + tflint='${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }}' + tflint="
TFLint error. \`\`\`hcl - ${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }} + $(echo "$tflint" | sed 's/`/\\`/g') \`\`\`
" diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 74055a55..98d6e7e2 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -1,94 +1,71 @@ --- -name: TF Tests - -on: - # push: - pull_request: - paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] - types: [opened, reopened, synchronize, closed] - -jobs: - tests: - runs-on: ubuntu-24.04 - - permissions: - actions: read # Required to download repository artifact. - checks: write # Required to add status summary. - contents: read # Required to checkout repository. - pull-requests: write # Required to add PR comment and label. - - strategy: - fail-fast: false - matrix: - test: - - pass_one - # - pass_character_limit - # - fail_data_source_error - # - fail_format_diff - # - fail_invalid_resource_type - - steps: - - name: Echo context - env: - GH_JSON: ${{ toJson(github) }} - run: echo "$GH_JSON" - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: Setup TF - uses: hashicorp/setup-terraform@v3 - - - name: Init TF - id: tf - if: ${{ github.event_name == 'pull_request' }} - uses: ./ - with: - command: init - arg-lock: false - working-directory: tests/${{ matrix.test }} - format: true - validate: true - - - name: Setup TFLint - if: ${{ github.event_name == 'pull_request' }} - uses: terraform-linters/setup-tflint@v4 - with: - tflint_wrapper: true - - - name: Run TFLint - id: tflint - if: ${{ github.event_name == 'pull_request' }} - working-directory: tests/${{ matrix.test }} - run: | - tflint --init - tflint --format compact - continue-on-error: true - - - name: Comment if TFLint errors - if: ${{ steps.tflint.outputs.exitcode >= 0 }} - env: - GH_TOKEN: ${{ github.token }} - run: | - # Compose TFLint output. - tflint='${{ steps.tflint.outputs.stderr || steps.tflint.outputs.stdout }}' - tflint="
TFLint error. - - \`\`\`hcl - $(echo "$tflint" | sed 's/`/\\`/g') - \`\`\` -
" - - # Get body of PR comment from tf step output. - comment=$(gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method GET --jq '.body') - - # Replace placeholder with TFLint output. - comment="${comment///$tflint}" - - # Update PR comment combined with TFLint output. - gh api /repos/{owner}/{repo}/issues/comments/${{ steps.tf.outputs.comment-id }} --method PATCH --field body="$comment" - - # Exit workflow due to TFLint error. - # exit 1 + name: TF Tests + + on: + pull_request: + paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] + types: [opened, reopened, synchronize, closed] + + jobs: + tests: + runs-on: ubuntu-24.04 + + permissions: + actions: read # Required to download repository artifact. + checks: write # Required to add status summary. + contents: read # Required to checkout repository. + pull-requests: write # Required to add PR comment and label. + + strategy: + fail-fast: false + matrix: + test: + - pass_one + - pass_character_limit + - fail_data_source_error + - fail_format_diff + - fail_invalid_resource_type + + steps: + - name: Echo context + env: + GH_JSON: ${{ toJson(github) }} + run: echo "$GH_JSON" + + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: Setup TF + uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4 + with: + tofu_version: 1.8.5 + tofu_wrapper: false + + - name: Provision TF + id: tf + continue-on-error: true + uses: ./ + with: + command: ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + arg-lock: ${{ github.event.pull_request.merged }} + working-directory: tests/${{ matrix.test }} + tool: tofu + format: true + validate: true + + - name: Echo TF + run: | + echo "check-id: ${{ steps.tf.outputs.check-id }}" + echo "command: ${{ steps.tf.outputs.command }}" + echo "comment-id: ${{ steps.tf.outputs.comment-id }}" + echo "diff: ${{ steps.tf.outputs.diff }}" + echo "exitcode: ${{ steps.tf.outputs.exitcode }}" + echo "identifier: ${{ steps.tf.outputs.identifier }}" + echo "job-id: ${{ steps.tf.outputs.job-id }}" + echo "plan-id: ${{ steps.tf.outputs.plan-id }}" + echo "plan-url: ${{ steps.tf.outputs.plan-url }}" + echo "result: ${{ steps.tf.outputs.result }}" + echo "run-url: ${{ steps.tf.outputs.run-url }}" + echo "summary: ${{ steps.tf.outputs.summary }}" From 177b9459def567898bc131cf365e80083f962c0c Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:43:37 +0000 Subject: [PATCH 96/97] revert tf_tests Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/workflows/tf_tests.yaml | 122 ++++++++++++++++---------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/.github/workflows/tf_tests.yaml b/.github/workflows/tf_tests.yaml index 98d6e7e2..3bc60d8f 100644 --- a/.github/workflows/tf_tests.yaml +++ b/.github/workflows/tf_tests.yaml @@ -1,71 +1,71 @@ --- - name: TF Tests +name: TF Tests - on: - pull_request: - paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] - types: [opened, reopened, synchronize, closed] +on: + pull_request: + paths: [.github/workflows/tf_tests.yaml, action.yml, tests/**] + types: [opened, reopened, synchronize, closed] - jobs: - tests: - runs-on: ubuntu-24.04 +jobs: + tests: + runs-on: ubuntu-24.04 - permissions: - actions: read # Required to download repository artifact. - checks: write # Required to add status summary. - contents: read # Required to checkout repository. - pull-requests: write # Required to add PR comment and label. + permissions: + actions: read # Required to download repository artifact. + checks: write # Required to add status summary. + contents: read # Required to checkout repository. + pull-requests: write # Required to add PR comment and label. - strategy: - fail-fast: false - matrix: - test: - - pass_one - - pass_character_limit - - fail_data_source_error - - fail_format_diff - - fail_invalid_resource_type + strategy: + fail-fast: false + matrix: + test: + - pass_one + - pass_character_limit + - fail_data_source_error + - fail_format_diff + - fail_invalid_resource_type - steps: - - name: Echo context - env: - GH_JSON: ${{ toJson(github) }} - run: echo "$GH_JSON" + steps: + - name: Echo context + env: + GH_JSON: ${{ toJson(github) }} + run: echo "$GH_JSON" - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - - name: Setup TF - uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4 - with: - tofu_version: 1.8.5 - tofu_wrapper: false + - name: Setup TF + uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4 + with: + tofu_version: 1.8.5 + tofu_wrapper: false - - name: Provision TF - id: tf - continue-on-error: true - uses: ./ - with: - command: ${{ github.event.pull_request.merged && 'apply' || 'plan' }} - arg-lock: ${{ github.event.pull_request.merged }} - working-directory: tests/${{ matrix.test }} - tool: tofu - format: true - validate: true + - name: Provision TF + id: tf + continue-on-error: true + uses: ./ + with: + command: ${{ github.event.pull_request.merged && 'apply' || 'plan' }} + arg-lock: ${{ github.event.pull_request.merged }} + working-directory: tests/${{ matrix.test }} + tool: tofu + format: true + validate: true - - name: Echo TF - run: | - echo "check-id: ${{ steps.tf.outputs.check-id }}" - echo "command: ${{ steps.tf.outputs.command }}" - echo "comment-id: ${{ steps.tf.outputs.comment-id }}" - echo "diff: ${{ steps.tf.outputs.diff }}" - echo "exitcode: ${{ steps.tf.outputs.exitcode }}" - echo "identifier: ${{ steps.tf.outputs.identifier }}" - echo "job-id: ${{ steps.tf.outputs.job-id }}" - echo "plan-id: ${{ steps.tf.outputs.plan-id }}" - echo "plan-url: ${{ steps.tf.outputs.plan-url }}" - echo "result: ${{ steps.tf.outputs.result }}" - echo "run-url: ${{ steps.tf.outputs.run-url }}" - echo "summary: ${{ steps.tf.outputs.summary }}" + - name: Echo TF + run: | + echo "check-id: ${{ steps.tf.outputs.check-id }}" + echo "command: ${{ steps.tf.outputs.command }}" + echo "comment-id: ${{ steps.tf.outputs.comment-id }}" + echo "diff: ${{ steps.tf.outputs.diff }}" + echo "exitcode: ${{ steps.tf.outputs.exitcode }}" + echo "identifier: ${{ steps.tf.outputs.identifier }}" + echo "job-id: ${{ steps.tf.outputs.job-id }}" + echo "plan-id: ${{ steps.tf.outputs.plan-id }}" + echo "plan-url: ${{ steps.tf.outputs.plan-url }}" + echo "result: ${{ steps.tf.outputs.result }}" + echo "run-url: ${{ steps.tf.outputs.run-url }}" + echo "summary: ${{ steps.tf.outputs.summary }}" From 471c12bc6b6f16a9a79a55b8c76f5e0e17bcab1f Mon Sep 17 00:00:00 2001 From: Rishav Dhar <19497993+rdhar@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:45:08 +0000 Subject: [PATCH 97/97] ready merge Signed-off-by: Rishav Dhar <19497993+rdhar@users.noreply.github.com> --- .github/examples/pr_push_lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/examples/pr_push_lint.yaml b/.github/examples/pr_push_lint.yaml index 16e8fbf5..4901711e 100644 --- a/.github/examples/pr_push_lint.yaml +++ b/.github/examples/pr_push_lint.yaml @@ -75,7 +75,7 @@ jobs: # Exit workflow due to TFLint error. exit 1 - - name: ${{ format('{0}', github.event_name == 'push' && 'Apply' || 'Plan') }} TF + - name: Provision TF uses: devsectop/tf-via-pr@v12 with: command: ${{ github.event_name == 'push' && 'apply' || 'plan' }}