chore: revert back to v0 tag #1
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "DSB Terraform Module CI" | ||
| # | ||
| # A requirement for this workflow to run is that the following 'permissions' are granted by the calling workflow: | ||
| # permissions: | ||
| # id-token: write # required for Azure password-less auth | ||
| # contents: read # required for actions/checkout | ||
| # pull-requests: write # required for commenting on PRs | ||
| # | ||
| # The following secrets must be available in the github 'secrets' context: | ||
| # - secrets.REPO_AZURE_DSB_TENANT_ID <-- ID of the Azure tenant to run the workflow in context of | ||
| # - secrets.REPO_AZURE_SUBSCRIPTION_ID <-- ID of the Azure subscription to run the workflow in context of | ||
| # - secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL <-- ID of the Entra ID service principal with access to the Azure subscription | ||
| # | ||
| # From the calling workflow this can be achieved by either handing over all secrets: | ||
| # secrets: inherit | ||
| # or by handing over just the required secrets from the calling workflow: | ||
| # secrets: | ||
| # REPO_AZURE_DSB_TENANT_ID: "secret value" | ||
| # REPO_AZURE_SUBSCRIPTION_ID: "secret value" | ||
| # REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL: "secret value" | ||
| # | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| terraform-version: | ||
| description: "Terraform version to use for the tests." | ||
| required: true | ||
| type : string | ||
| tflint-version: | ||
| description: "TFLint version to use for the tests." | ||
| required: true | ||
| type : string | ||
| readme-file-path: | ||
| description: | | ||
| "README.md file path to inject terraform docs into. Default is the root of the repository." | ||
| type : string | ||
| default: "." | ||
| env: | ||
| ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_ID }} | ||
| ARM_SUBSCRIPTION_ID: ${{ secrets.REPO_AZURE_SUBSCRIPTION_ID }} | ||
| ARM_CLIENT_ID: ${{ secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL }} | ||
| ARM_USE_OIDC: true | ||
| ARM_USE_AZUREAD: true | ||
| TF_IN_AUTOMATION: true | ||
| jobs: | ||
| create-matrix: | ||
| name: Create job matrix | ||
| runs-on: [self-hosted, dsb-terraformer, linux, x64] | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| outputs: | ||
| all-tests: ${{ steps.create-matrix.outputs.all-tests }} | ||
| plugin-cache-directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} | ||
| plugin-cache-key-monthly-rolling: ${{ steps.setup-terraform-cache.outputs.plugin-cache-key-monthly-rolling }} | ||
| steps: | ||
| - name: "🧹 Clean workspace" | ||
| uses: dsb-norge/directory-recreate@v1 | ||
| - name: "⬇ Checkout working branch" | ||
| uses: actions/checkout@v4 | ||
| - name: "🎰 Create env matrix" | ||
| id: create-matrix | ||
| 2uses: dsb-norge/github-actions-terraform/create-tftest-matrix@v0 | ||
| - name: "📥 Setup Terraform" | ||
| uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform-version }} | ||
| # woraround for extra gibberish in output https://github.com/hashicorp/setup-terraform/issues/20 | ||
| terraform_wrapper: false | ||
| - name: "🗄️ Setup Terraform provider plugin cache" | ||
| id: setup-terraform-cache | ||
| 2uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 | ||
| - name: "📥 Setup TFLint" | ||
| id: setup-tflint | ||
| 2uses: dsb-norge/github-actions-terraform/setup-tflint@v0 | ||
| with: | ||
| tflint-version: ${{ inputs.tflint-version }} | ||
| working-directory: ${{ github.workspace }} | ||
| - name: "🚀 Cache Terraform provider plugins" | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} | ||
| key: ${{ steps.setup-terraform-cache.outputs.plugin-cache-key-monthly-rolling }} | ||
| - name: ⚙️ Terraform Init | ||
| id: init | ||
| 2uses: dsb-norge/github-actions-terraform/terraform-init@v0 | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| additional-dirs-json: null | ||
| plugin-cache-directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🖌 Terraform Format | ||
| id: fmt | ||
| 2uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| format-check-in-root-dir: true | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: ✔ Terraform Validate | ||
| id: validate | ||
| 2uses: dsb-norge/github-actions-terraform/terraform-validate@v0 | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🧹 Lint with TFLint | ||
| id: lint | ||
| 2uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 📝 Create validation summary | ||
| id: create-validation-summary | ||
| if: github.event_name == 'pull_request' | ||
| 2uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 | ||
| with: | ||
| environment-name: "module" | ||
| plan-txt-output-file: "" | ||
| status-init: ${{ steps.init.outcome }} | ||
| status-fmt: ${{ steps.fmt.outcome }} | ||
| status-validate: ${{ steps.validate.outcome }} | ||
| status-lint: ${{ steps.lint.outcome }} | ||
| status-plan: "N/A" | ||
| continue-on-error: true # allow job to continue, step outcome is ignored | ||
| - name: 🏷️ Add validation summary as pull request comment | ||
| id: validation-summary-on-pr | ||
| if: steps.create-validation-summary.outcome == 'success' | ||
| uses: dsb-norge/github-actions/ci-cd/comment-on-pr@v2 | ||
| with: | ||
| pr-comment-text: ${{ steps.create-validation-summary.outputs.summary }} | ||
| delete-comments-starting-with: ${{ steps.create-validation-summary.outputs.prefix }} | ||
| continue-on-error: true # allow job to continue, step outcome is ignored | ||
| - name: "🧐 Validation outcome: ⚙️ Init" | ||
| run: | | ||
| if [ ! "${{ steps.init.outcome }}" == 'success' ]; then | ||
| echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: 🖌 Format" | ||
| run: | | ||
| if [ ! "${{ steps.fmt.outcome }}" == 'success' ]; then | ||
| echo "::error title=Format check failed::Outcome of terraform fmt step was '${{ steps.fmt.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: ✔ Validate" | ||
| run: | | ||
| if [ ! "${{ steps.validate.outcome }}" == 'success' ]; then | ||
| echo "::error title=Validate failed::Outcome of terraform validate step was '${{ steps.validate.outcome }}' !" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: 🧹 TFLint" | ||
| run: | | ||
| if [ ! "${{ steps.lint.outcome }}" == 'success' ]; then | ||
| echo "::error title=Lint failed::Outcome of TFLint step was '${{ steps.lint.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| terraform-module-ci: | ||
| name: "Terraform Test" | ||
| needs: create-matrix | ||
| runs-on: [self-hosted, dsb-terraformer, linux, x64] | ||
| strategy: | ||
| fail-fast: false # Allow jobs to continue even though one more env(s) fail | ||
| matrix: | ||
| test-file: ${{ fromJSON(needs.create-matrix.outputs.all-tests).files }} | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: "⬇ Checkout" | ||
| uses: actions/checkout@v4 | ||
| - name: "📥 Setup Terraform" | ||
| uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform-version }} | ||
| # woraround for extra gibberish in output https://github.com/hashicorp/setup-terraform/issues/20 | ||
| terraform_wrapper: false | ||
| - name: "🚀 Cache Terraform provider plugins" | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ${{ needs.create-matrix.outputs.plugin-cache-directory }} | ||
| key: ${{ needs.create-matrix.outputs.plugin-cache-key-monthly-rolling }} | ||
| - name: ⚙️ Terraform Init | ||
| id: init | ||
| 2uses: dsb-norge/github-actions-terraform/terraform-init@v0 | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| additional-dirs-json: null | ||
| plugin-cache-directory: ${{ needs.create-matrix.outputs.plugin-cache-directory }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🧪 Terraform Test | ||
| id: test | ||
| 2uses: dsb-norge/github-actions-terraform/terraform-test@v0 | ||
| with: | ||
| test-file: ${{ matrix.test-file }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 📝 Create test report | ||
| id: create-test-report | ||
| if: github.event_name == 'pull_request' | ||
| 2uses: dsb-norge/github-actions-terraform/create-test-report@v0 | ||
| with: | ||
| test-out-file: ${{ steps.test.outputs.json }} | ||
| status-init: ${{ steps.init.outcome }} | ||
| status-test: ${{ steps.test.outcome }} | ||
| test-summary: ${{ steps.test.outputs.summary }} | ||
| test-report: ${{ steps.test.outputs.report }} | ||
| test-file: ${{ matrix.test-file }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🏷️ Add validation summary as pull request comment | ||
| id: validation-summary-on-pr | ||
| if: steps.create-test-report.outcome == 'success' | ||
| uses: dsb-norge/github-actions/ci-cd/comment-on-pr@v2 | ||
| with: | ||
| pr-comment-text: ${{ steps.create-test-report.outputs.summary }} | ||
| delete-comments-starting-with: ${{ steps.create-test-report.outputs.prefix }} | ||
| continue-on-error: true # allow job to continue, step outcome is ignored | ||
| # Terminate the job with 'failure' if any validation check did not succeed. | ||
| # If 'allow-failing-terraform-operations' is 'true' for the environment the job will not terminate. | ||
| - name: "🧐 Validation outcome: ⚙️ Init" | ||
| run: | | ||
| if [ ! "${{ steps.init.outcome }}" == 'success' ]; then | ||
| echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: 🧪 Test" | ||
| run: | | ||
| if [ ! "${{ steps.test.outcome }}" == 'success' ]; then | ||
| echo "::error title=Test failed::Outcome of terraform test step was '${{ steps.test.outcome }}' for file '${{ matrix.test-file }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| generate-docs: | ||
| name: Update README.md | ||
| needs: terraform-module-ci | ||
| runs-on: ubuntu-latest | ||
| if: needs.terraform-module-ci.result == 'success' | ||
| steps: | ||
| - name: "📥 Checkout" | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.ref }} | ||
| - name: "📝 Validate and update README.md" | ||
| id: update-readme | ||
| 2uses: dsb-norge/github-actions-terraform/terraform-docs@v0 | ||
| with: | ||
| readme-file-path: ${{ inputs.readme-file-path }} | ||
| continue-on-error: true | ||
| - name: "🧐 Validation outcome: 📝 Update docs" | ||
| run: | | ||
| if [ ! "${{ steps.update-readme.outcome }}" == 'success' ]; then | ||
| echo "::error title=Update README.md failed::Outcome of update README.md step was '${{ steps.update-readme.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| # create a global result indicating if workflow steps succeeded or not, | ||
| # handy for branch protection rules | ||
| conclusion: | ||
| if: always() | ||
| name: "Terraform conclusion" | ||
| needs: [create-matrix, terraform-module-ci, generate-docs] | ||
| runs-on: ubuntu-latest # no need to schedule this on our own runners | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - run: exit 1 | ||
| # for explanation of '>-' below see https://stackoverflow.com/a/67532120/4907315 | ||
| # job 'result': possible values are 'success', 'failure', 'cancelled', or 'skipped' | ||
| if: >- | ||
| ${{ | ||
| contains(needs.*.result, 'failure') | ||
| || contains(needs.*.result, 'cancelled') | ||
| }} | ||
