testing silution for status reporting after documentation was updated #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "DSB Terraform Module CI" | ||
| # | ||
| # A requirement for this workflow to run is that the following 'permissions' are granted by the calling workflow: | ||
| # permissions: | ||
| # id-token: write # required for Azure password-less auth | ||
| # contents: read # required for actions/checkout | ||
| # pull-requests: write # required for commenting on PRs | ||
| # | ||
| # The following secrets must be available in the github 'secrets' context: | ||
| # - secrets.REPO_AZURE_DSB_TENANT_ID <-- ID of the Azure tenant to run the workflow in context of | ||
| # - secrets.REPO_AZURE_SUBSCRIPTION_ID <-- ID of the Azure subscription to run the workflow in context of | ||
| # - secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL <-- ID of the Entra ID service principal with access to the Azure subscription | ||
| # | ||
| # From the calling workflow this can be achieved by either handing over all secrets: | ||
| # secrets: inherit | ||
| # or by handing over just the required secrets from the calling workflow: | ||
| # secrets: | ||
| # REPO_AZURE_DSB_TENANT_ID: "secret value" | ||
| # REPO_AZURE_SUBSCRIPTION_ID: "secret value" | ||
| # REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL: "secret value" | ||
| # | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| terraform-version: | ||
| description: "Terraform version to use for the tests." | ||
| required: true | ||
| type : string | ||
| tflint-version: | ||
| description: "TFLint version to use for the tests." | ||
| required: true | ||
| type : string | ||
| readme-file-path: | ||
| description: | | ||
| "README.md file path to inject terraform docs into. Default is the root of the repository." | ||
| type : string | ||
| default: "." | ||
| env: | ||
| ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_ID }} | ||
| ARM_SUBSCRIPTION_ID: ${{ secrets.REPO_AZURE_SUBSCRIPTION_ID }} | ||
| ARM_CLIENT_ID: ${{ secrets.REPO_AZURE_TERRAFORM_USER_SERVICE_PRINCIPAL }} | ||
| ARM_USE_OIDC: true | ||
| ARM_USE_AZUREAD: true | ||
| TF_IN_AUTOMATION: true | ||
| jobs: | ||
| create-matrix: | ||
| name: Create job matrix | ||
| runs-on: [self-hosted, dsb-terraformer, linux, x64] | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| outputs: | ||
| all-tests: ${{ steps.create-matrix.outputs.all-tests }} | ||
| plugin-cache-directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} | ||
| plugin-cache-key-monthly-rolling: ${{ steps.setup-terraform-cache.outputs.plugin-cache-key-monthly-rolling }} | ||
| steps: | ||
| - name: "🧹 Clean workspace" | ||
| uses: dsb-norge/directory-recreate@v1 | ||
| - name: "⬇ Checkout working branch" | ||
| uses: actions/checkout@v4 | ||
| - name: "🎰 Create env matrix" | ||
| id: create-matrix | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/create-tftest-matrix@tfdocs-fix | ||
| - name: "📥 Setup Terraform" | ||
| uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform-version }} | ||
| # woraround for extra gibberish in output https://github.com/hashicorp/setup-terraform/issues/20 | ||
| terraform_wrapper: false | ||
| - name: "🗄️ Setup Terraform provider plugin cache" | ||
| id: setup-terraform-cache | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tfdocs-fix | ||
| - name: "📥 Setup TFLint" | ||
| id: setup-tflint | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/setup-tflint@tfdocs-fix | ||
| with: | ||
| tflint-version: ${{ inputs.tflint-version }} | ||
| working-directory: ${{ github.workspace }} | ||
| - name: "🚀 Cache Terraform provider plugins" | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} | ||
| key: ${{ steps.setup-terraform-cache.outputs.plugin-cache-key-monthly-rolling }} | ||
| - name: ⚙️ Terraform Init | ||
| id: init | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/terraform-init@tfdocs-fix | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| additional-dirs-json: null | ||
| plugin-cache-directory: ${{ steps.setup-terraform-cache.outputs.plugin-cache-directory }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🖌 Terraform Format | ||
| id: fmt | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/terraform-fmt@tfdocs-fix | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| format-check-in-root-dir: true | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: ✔ Terraform Validate | ||
| id: validate | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/terraform-validate@tfdocs-fix | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🧹 Lint with TFLint | ||
| id: lint | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/lint-with-tflint@tfdocs-fix | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 📝 Create validation summary | ||
| id: create-validation-summary | ||
| if: github.event_name == 'pull_request' | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/create-validation-summary@tfdocs-fix | ||
| with: | ||
| environment-name: "module" | ||
| plan-txt-output-file: "" | ||
| status-init: ${{ steps.init.outcome }} | ||
| status-fmt: ${{ steps.fmt.outcome }} | ||
| status-validate: ${{ steps.validate.outcome }} | ||
| status-lint: ${{ steps.lint.outcome }} | ||
| status-plan: "N/A" | ||
| continue-on-error: true # allow job to continue, step outcome is ignored | ||
| - name: 🏷️ Add validation summary as pull request comment | ||
| id: validation-summary-on-pr | ||
| if: steps.create-validation-summary.outcome == 'success' | ||
| uses: dsb-norge/github-actions/ci-cd/comment-on-pr@v2 | ||
| with: | ||
| pr-comment-text: ${{ steps.create-validation-summary.outputs.summary }} | ||
| delete-comments-starting-with: ${{ steps.create-validation-summary.outputs.prefix }} | ||
| continue-on-error: true # allow job to continue, step outcome is ignored | ||
| - name: "🧐 Validation outcome: ⚙️ Init" | ||
| run: | | ||
| if [ ! "${{ steps.init.outcome }}" == 'success' ]; then | ||
| echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: 🖌 Format" | ||
| run: | | ||
| if [ ! "${{ steps.fmt.outcome }}" == 'success' ]; then | ||
| echo "::error title=Format check failed::Outcome of terraform fmt step was '${{ steps.fmt.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: ✔ Validate" | ||
| run: | | ||
| if [ ! "${{ steps.validate.outcome }}" == 'success' ]; then | ||
| echo "::error title=Validate failed::Outcome of terraform validate step was '${{ steps.validate.outcome }}' !" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: 🧹 TFLint" | ||
| run: | | ||
| if [ ! "${{ steps.lint.outcome }}" == 'success' ]; then | ||
| echo "::error title=Lint failed::Outcome of TFLint step was '${{ steps.lint.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| terraform-module-ci: | ||
| name: "Terraform Test" | ||
| needs: create-matrix | ||
| runs-on: [self-hosted, dsb-terraformer, linux, x64] | ||
| strategy: | ||
| fail-fast: false # Allow jobs to continue even though one more env(s) fail | ||
| matrix: | ||
| test-file: ${{ fromJSON(needs.create-matrix.outputs.all-tests).files }} | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: "⬇ Checkout" | ||
| uses: actions/checkout@v4 | ||
| - name: "📥 Setup Terraform" | ||
| uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform-version }} | ||
| # woraround for extra gibberish in output https://github.com/hashicorp/setup-terraform/issues/20 | ||
| terraform_wrapper: false | ||
| - name: "🚀 Cache Terraform provider plugins" | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ${{ needs.create-matrix.outputs.plugin-cache-directory }} | ||
| key: ${{ needs.create-matrix.outputs.plugin-cache-key-monthly-rolling }} | ||
| - name: ⚙️ Terraform Init | ||
| id: init | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/terraform-init@tfdocs-fix | ||
| with: | ||
| working-directory: ${{ github.workspace }} | ||
| additional-dirs-json: null | ||
| plugin-cache-directory: ${{ needs.create-matrix.outputs.plugin-cache-directory }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🧪 Terraform Test | ||
| id: test | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/terraform-test@tfdocs-fix | ||
| with: | ||
| test-file: ${{ matrix.test-file }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 📝 Create test report | ||
| id: create-test-report | ||
| if: github.event_name == 'pull_request' | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/create-test-report@tfdocs-fix | ||
| with: | ||
| test-out-file: ${{ steps.test.outputs.json }} | ||
| status-init: ${{ steps.init.outcome }} | ||
| status-test: ${{ steps.test.outcome }} | ||
| test-summary: ${{ steps.test.outputs.summary }} | ||
| test-report: ${{ steps.test.outputs.report }} | ||
| test-file: ${{ matrix.test-file }} | ||
| continue-on-error: true # allow job to continue, step outcome is evaluated later | ||
| - name: 🏷️ Add validation summary as pull request comment | ||
| id: validation-summary-on-pr | ||
| if: steps.create-test-report.outcome == 'success' | ||
| uses: dsb-norge/github-actions/ci-cd/comment-on-pr@v2 | ||
| with: | ||
| pr-comment-text: ${{ steps.create-test-report.outputs.summary }} | ||
| delete-comments-starting-with: ${{ steps.create-test-report.outputs.prefix }} | ||
| continue-on-error: true # allow job to continue, step outcome is ignored | ||
| # Terminate the job with 'failure' if any validation check did not succeed. | ||
| # If 'allow-failing-terraform-operations' is 'true' for the environment the job will not terminate. | ||
| - name: "🧐 Validation outcome: ⚙️ Init" | ||
| run: | | ||
| if [ ! "${{ steps.init.outcome }}" == 'success' ]; then | ||
| echo "::error title=Init failed::Outcome of terraform init step was '${{ steps.init.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🧐 Validation outcome: 🧪 Test" | ||
| run: | | ||
| if [ ! "${{ steps.test.outcome }}" == 'success' ]; then | ||
| echo "::error title=Test failed::Outcome of terraform test step was '${{ steps.test.outcome }}' for file '${{ matrix.test-file }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| generate-docs: | ||
| name: Update README.md | ||
| needs: terraform-module-ci | ||
| runs-on: ubuntu-latest | ||
| if: needs.terraform-module-ci.result == 'success' | ||
| steps: | ||
| - name: "📥 Checkout" | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.ref }} | ||
| - name: "📝 Validate and update README.md" | ||
| id: update-readme | ||
| # TODO revert to @v0 | ||
| uses: dsb-norge/github-actions-terraform/terraform-docs@tfdocs-fix | ||
| with: | ||
| readme-file-path: ${{ inputs.readme-file-path }} | ||
| continue-on-error: true | ||
| - name: "🧐 Validation outcome: 📝 Update docs" | ||
| run: | | ||
| if [ ! "${{ steps.update-readme.outcome }}" == 'success' ]; then | ||
| echo "::error title=Update README.md failed::Outcome of update README.md step was '${{ steps.update-readme.outcome }}'!" | ||
| exit 1 | ||
| fi | ||
| continue-on-error: false | ||
| - name: "🔄 Check for changes" | ||
| id: check-changes | ||
| run: | | ||
| if [ -n "$(git status --porcelain)" ]; then | ||
| echo "changes=true" >> $GITHUB_ENV | ||
| else | ||
| echo "changes=false" >> $GITHUB_ENV | ||
| fi | ||
| - name: "🔄 Push changes" | ||
| if: env.changes == 'true' | ||
| run: | | ||
| git config --global user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config --global user.name "github-actions[bot]" | ||
| git add . | ||
| git commit -m "Update README.md with Terraform docs" | ||
| git push origin ${{ github.event.pull_request.head.ref }} | ||
| - name: "🔄 Update local branch" | ||
| if: env.changes == 'true' | ||
| run: | | ||
| git fetch origin | ||
| git reset --hard origin/${{ github.event.pull_request.head.ref }} | ||
| # create a global result indicating if workflow steps succeeded or not, | ||
| # handy for branch protection rules | ||
| conclusion: | ||
| if: always() | ||
| name: "Terraform conclusion" | ||
| needs: [create-matrix, terraform-module-ci, generate-docs] | ||
| runs-on: ubuntu-latest # no need to schedule this on our own runners | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - run: exit 1 | ||
| # for explanation of '>-' below see https://stackoverflow.com/a/67532120/4907315 | ||
| # job 'result': possible values are 'success', 'failure', 'cancelled', or 'skipped' | ||
| if: >- | ||
| ${{ | ||
| contains(needs.*.result, 'failure') | ||
| || contains(needs.*.result, 'cancelled') | ||
| }} | ||
