From 116536009e4cebfceceec5b056872eca19c4c76f Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 13:17:00 +0100 Subject: [PATCH 01/12] feat: terraform docs action. It validates existing README.md file, by checking if delimeters are added and are placed correct. --- .github/workflows/terraform-module-ci.yaml | 25 ++++++++- terraform-docs/action.yaml | 60 ++++++++++++++++++++++ terraform-docs/helpers.sh | 40 +++++++++++++++ 3 files changed, 123 insertions(+), 2 deletions(-) create mode 100644 terraform-docs/action.yaml create mode 100755 terraform-docs/helpers.sh diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 7d9eeac..9f969d8 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -30,6 +30,12 @@ on: description: "TFLint version to use for the tests." required: true type : string + readme-file-path: + description: | + "README.md file path to inject terraform docs into. Default is the root of the repository." + required: true + type : string + default: "${{ github.workspace }}" env: ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} @@ -167,7 +173,6 @@ jobs: exit 1 fi continue-on-error: false - terraform-module-ci: name: "Terraform Test" @@ -254,12 +259,28 @@ jobs: fi continue-on-error: false + generate-docs: + name: Update README.md + needs: terraform-module-ci + runs-on: ubuntu-latest + if: github.job.terraform-module-ci.result == 'success' + steps: + - name: "๐Ÿ“ฅ Checkout" + uses: actions/checkout@v4 + + - name: "๐Ÿ“ Validate and update README.md" + uses: dsb-norge/github-actions-terraform/terraform-docs@v0 + with: + readme-file-path: ${{ inputs.readme-file-path }} + continue-on-error: true + + # create a global result indicating if workflow steps succeeded or not, # handy for branch protection rules conclusion: if: always() name: "Terraform conclusion" - needs: [create-matrix, terraform-module-ci] + needs: [create-matrix, terraform-module-ci, generate-docs] runs-on: ubuntu-latest # no need to schedule this on our own runners defaults: run: diff --git a/terraform-docs/action.yaml b/terraform-docs/action.yaml new file mode 100644 index 0000000..20268c9 --- /dev/null +++ b/terraform-docs/action.yaml @@ -0,0 +1,60 @@ +name: "Run terraform docs" +description: "Inject terraform docs for modules into README.md" +author: "Artjoms Laivins" + +inputs: + readme-file-path: + description: | + "README.md file path to inject terraform docs into. Default is the root of the repository. + Path consider default name of README.md. + If README.md is in repo root then use ```${{ github-workspace }}``` as path." + +runs: + using: "composite" + steps: + - id: validate-readme + shell: bash + run: | + set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; + # enable debug + # set -x + + README_FILE="${{ inputs.readme-file-path }}/README.md" + + if [ -f "${README_FILE}" ]; then + log-info "Checking if delimiters exist in ${README_FILE}" + if grep -q '' "${README_FILE}" && grep -q '' "${README_FILE}" ; then + log-info "Delimiters exist in ${README_FILE}" + log-info "Checking if delimiters are in the correct order" + START_LINE=$(grep -n '' "${README_FILE}" | cut -d: -f1) + log-info "BEGIN_TF_DOCS found on line: $START_LINE" + END_LINE=$(grep -n '' "${README_FILE}" | cut -d: -f1) + log-info "END_TF_DOCS found on line: $END_LINE" + if [ "$START_LINE" -lt "$END_LINE" ]; then + log-info "Delimiters are in the correct order" + else + log-error "Delimiters are not in the correct order, verify ${README_FILE}" + fi + else + log-info "Delimiters do not exist in ${README_FILE}" + log-info "Adding delimiters to ${README_FILE}" + printf "\nBelow is a placeholder for Terraform-docs generated documentation. Do not edit between the delimiters." >> "${README_FILE}" + { + echo "" + echo " " + echo "" + } >> "${README_FILE}" + log-info "Delimiters added to ${README_FILE}" + fi + + else + log-info "File ${README_FILE} does not exist. Terraform-docs will create new README.md file." + fi + continue-on-error: true + - id: run-terraform-docs + uses: terraform-docs/gh-actions@aeae0038ed47a547e0c0fca5c059d3335f48fb25 + with: + working-dir: ${{ inputs.readme-file-path }} + output-file: README.md + output-method: inject + git-push: "true" \ No newline at end of file diff --git a/terraform-docs/helpers.sh b/terraform-docs/helpers.sh new file mode 100755 index 0000000..f8a0e47 --- /dev/null +++ b/terraform-docs/helpers.sh @@ -0,0 +1,40 @@ +#!/bin/env bash + +# Helper consts +_action_name="$(basename "$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)")" + +# Helper functions +function _log { echo "${1}${_action_name}: ${2}"; } +function log-info { _log "" "${*}"; } +function log-debug { _log "DEBUG: " "${*}"; } +function log-warn { _log "WARN: " "${*}"; } +function log-error { _log "ERROR: " "${*}"; } +function start-group { echo "::group::${_action_name}: ${*}"; } +function end-group { echo "::endgroup::"; } +function log-multiline { + start-group "${1}" + echo "${2}" + end-group +} +function mask-value { echo "::add-mask::${*}"; } +function set-output { echo "${1}=${2}" >>$GITHUB_OUTPUT; } +function set-multiline-output { + local outputName outputValue delimiter + outputName="${1}" + outputValue="${2}" + delimiter=$(echo $RANDOM | md5sum | head -c 20) + echo "${outputName}<<\"${delimiter}\"" >>$GITHUB_OUTPUT + echo "${outputValue}" >>$GITHUB_OUTPUT + echo "\"${delimiter}\"" >>$GITHUB_OUTPUT +} +function ws-path { + local inPath + inPath="${1}" + realpath --relative-to="${GITHUB_WORKSPACE}" "${inPath}" +} + +log-info "'$(basename ${BASH_SOURCE[0]})' loaded." + +if [ -f "${GITHUB_ACTION_PATH}/helpers_additional.sh" ]; then + source "${GITHUB_ACTION_PATH}/helpers_additional.sh" +fi From e979eb8417e6a1fd8edf76fae5f277bdae67605c Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 13:23:57 +0100 Subject: [PATCH 02/12] feat: add validation step. chore: change runners to selfhosted. --- .github/workflows/terraform-module-ci.yaml | 11 ++++++++++- terraform-docs/action.yaml | 9 ++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 9f969d8..aa0c9d4 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -262,18 +262,27 @@ jobs: generate-docs: name: Update README.md needs: terraform-module-ci - runs-on: ubuntu-latest + runs-on: [self-hosted, dsb-terraformer, linux, x64] if: github.job.terraform-module-ci.result == 'success' steps: - name: "๐Ÿ“ฅ Checkout" uses: actions/checkout@v4 - name: "๐Ÿ“ Validate and update README.md" + id: update-readme uses: dsb-norge/github-actions-terraform/terraform-docs@v0 with: readme-file-path: ${{ inputs.readme-file-path }} continue-on-error: true + - name: "๐Ÿง Validation outcome: ๐Ÿ“ Update docs" + run: | + if [ ! "${{ steps.update-readme.outcome }}" == 'success' ]; then + echo "::error title=Update README.md failed::Outcome of update README.md step was '${{ steps.update-readme.outcome }}'!" + exit 1 + fi + continue-on-error: false + # create a global result indicating if workflow steps succeeded or not, # handy for branch protection rules diff --git a/terraform-docs/action.yaml b/terraform-docs/action.yaml index 20268c9..bc59ad3 100644 --- a/terraform-docs/action.yaml +++ b/terraform-docs/action.yaml @@ -34,6 +34,7 @@ runs: log-info "Delimiters are in the correct order" else log-error "Delimiters are not in the correct order, verify ${README_FILE}" + exit 1 fi else log-info "Delimiters do not exist in ${README_FILE}" @@ -52,9 +53,15 @@ runs: fi continue-on-error: true - id: run-terraform-docs + if: steps.validate-readme.outcome == 'success' uses: terraform-docs/gh-actions@aeae0038ed47a547e0c0fca5c059d3335f48fb25 with: working-dir: ${{ inputs.readme-file-path }} output-file: README.md output-method: inject - git-push: "true" \ No newline at end of file + git-push: "true" + + - id: tf-docs-status + if: ( steps.validate-readme.outcome == 'failure' || steps.validate-readme.outcome == 'cancelled' ) + shell: bash + run: exit 1 \ No newline at end of file From 2a4d2030e87c4320dd421ceced87ffe78d9b2268 Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 13:24:48 +0100 Subject: [PATCH 03/12] chore: revert to github own runners, sine we are running on public repos. --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index aa0c9d4..815d3c7 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -262,7 +262,7 @@ jobs: generate-docs: name: Update README.md needs: terraform-module-ci - runs-on: [self-hosted, dsb-terraformer, linux, x64] + runs-on: ubuntu-latest if: github.job.terraform-module-ci.result == 'success' steps: - name: "๐Ÿ“ฅ Checkout" From 3ade2f56bf29d0117a386ea797af198704bf7a72 Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 13:27:06 +0100 Subject: [PATCH 04/12] chore: create dev tag --- .github/workflows/terraform-ci-cd-default.yml | 39 ++++++++++++------- .github/workflows/terraform-module-ci.yaml | 36 +++++++++++------ README.md | 12 ++++-- 3 files changed, 58 insertions(+), 29 deletions(-) diff --git a/.github/workflows/terraform-ci-cd-default.yml b/.github/workflows/terraform-ci-cd-default.yml index 9c6a10f..8a02980 100644 --- a/.github/workflows/terraform-ci-cd-default.yml +++ b/.github/workflows/terraform-ci-cd-default.yml @@ -187,7 +187,8 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Create env matrix" id: create-matrix - uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@tf-docs with: inputs-json: ${{ toJSON(inputs) }} @@ -210,7 +211,8 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Export environment variables and secrets" - uses: dsb-norge/github-actions-terraform/export-env-vars@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/export-env-vars@tf-docs with: extra-envs: ${{ toJSON(matrix.vars.extra-envs) }} extra-envs-from-secrets: ${{ toJSON(matrix.vars.extra-envs-from-secrets) }} @@ -225,12 +227,14 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-docs - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - uses: dsb-norge/github-actions-terraform/setup-tflint@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-tflint@tf-docs with: tflint-version: ${{ matrix.vars.tflint-version }} working-directory: ${{ matrix.vars.project-dir }} @@ -245,7 +249,8 @@ jobs: - name: โš™๏ธ Terraform Init id: init if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'init') - uses: dsb-norge/github-actions-terraform/terraform-init@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-init@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} additional-dirs-json: ${{ toJSON(matrix.vars.terraform-init-additional-dirs) }} @@ -255,7 +260,8 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'format') - uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} format-check-in-root-dir: ${{ matrix.vars.format-check-in-root-dir }} @@ -264,7 +270,8 @@ jobs: - name: โœ” Terraform Validate id: validate if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'validate') - uses: dsb-norge/github-actions-terraform/terraform-validate@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-validate@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -272,7 +279,8 @@ jobs: - name: ๐Ÿงน Lint with TFLint id: lint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -280,7 +288,8 @@ jobs: - name: ๐Ÿ“– Terraform Plan id: plan if: steps.init.outcome == 'success' && ( contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'plan') ) - uses: dsb-norge/github-actions-terraform/terraform-plan@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-plan@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} environment-name: ${{ matrix.vars.github-environment }} @@ -289,7 +298,8 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' && matrix.vars.add-pr-comment == 'true' - uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-docs with: environment-name: ${{ matrix.vars.github-environment }} plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} @@ -377,7 +387,8 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - uses: dsb-norge/github-actions-terraform/terraform-apply@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-apply@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.plan.outputs.terraform-plan-file }} @@ -389,7 +400,8 @@ jobs: if: | steps.init.outcome == 'success' && contains(matrix.vars.goals, 'destroy-plan') - uses: dsb-norge/github-actions-terraform/terraform-plan@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-plan@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} environment-name: "${{ matrix.vars.github-environment }}-destroy" @@ -416,7 +428,8 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - uses: dsb-norge/github-actions-terraform/terraform-apply@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-apply@tf-docs with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.destroy-plan.outputs.terraform-plan-file }} diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 815d3c7..f46a3dd 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -65,7 +65,8 @@ jobs: - name: "๐ŸŽฐ Create env matrix" id: create-matrix - uses: dsb-norge/github-actions-terraform/create-tftest-matrix@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-tftest-matrix@tf-docs - name: "๐Ÿ“ฅ Setup Terraform" uses: hashicorp/setup-terraform@v3 @@ -76,11 +77,13 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-docs - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint - uses: dsb-norge/github-actions-terraform/setup-tflint@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/setup-tflint@tf-docs with: tflint-version: ${{ inputs.tflint-version }} working-directory: ${{ github.workspace }} @@ -93,7 +96,8 @@ jobs: - name: โš™๏ธ Terraform Init id: init - uses: dsb-norge/github-actions-terraform/terraform-init@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-init@tf-docs with: working-directory: ${{ github.workspace }} additional-dirs-json: null @@ -102,7 +106,8 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt - uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-docs with: working-directory: ${{ github.workspace }} format-check-in-root-dir: true @@ -110,14 +115,16 @@ jobs: - name: โœ” Terraform Validate id: validate - uses: dsb-norge/github-actions-terraform/terraform-validate@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-validate@tf-docs with: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿงน Lint with TFLint id: lint - uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-docs with: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -125,7 +132,8 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' - uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-docs with: environment-name: "module" plan-txt-output-file: "" @@ -204,7 +212,8 @@ jobs: - name: โš™๏ธ Terraform Init id: init - uses: dsb-norge/github-actions-terraform/terraform-init@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-init@tf-docs with: working-directory: ${{ github.workspace }} additional-dirs-json: null @@ -213,7 +222,8 @@ jobs: - name: ๐Ÿงช Terraform Test id: test - uses: dsb-norge/github-actions-terraform/terraform-test@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-test@tf-docs with: test-file: ${{ matrix.test-file }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -221,7 +231,8 @@ jobs: - name: ๐Ÿ“ Create test report id: create-test-report if: github.event_name == 'pull_request' - uses: dsb-norge/github-actions-terraform/create-test-report@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/create-test-report@tf-docs with: test-out-file: ${{ steps.test.outputs.json }} status-init: ${{ steps.init.outcome }} @@ -270,7 +281,8 @@ jobs: - name: "๐Ÿ“ Validate and update README.md" id: update-readme - uses: dsb-norge/github-actions-terraform/terraform-docs@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/terraform-docs@tf-docs with: readme-file-path: ${{ inputs.readme-file-path }} continue-on-error: true diff --git a/README.md b/README.md index e97c144..f72c98e 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,8 @@ on: jobs: tf: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -130,7 +131,8 @@ Example of how to add terraform CI/CD with default operations to a github repo c # snip, 'name:' and 'on:' fields removed jobs: tf: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -153,7 +155,8 @@ jobs: # you can achieve passwordless auth to Azure tf-1: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: id-token: write # required for Azure password-less auth @@ -180,7 +183,8 @@ jobs: # hardcoded versions and modify what steps are executed tf-2: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout From acf0959673edea4e635798c8f2c6a68a5a26676a Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 13:33:44 +0100 Subject: [PATCH 05/12] fix: remove required:true from readme-path input as it has default value --- .github/workflows/terraform-module-ci.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index f46a3dd..c0a4c85 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -33,7 +33,6 @@ on: readme-file-path: description: | "README.md file path to inject terraform docs into. Default is the root of the repository." - required: true type : string default: "${{ github.workspace }}" From 292702fbdf79c0d05570150acdd558d315b9298f Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 13:42:44 +0100 Subject: [PATCH 06/12] fix: fix if condition to star update README.md job --- .github/workflows/terraform-module-ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index c0a4c85..4af5579 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -273,7 +273,7 @@ jobs: name: Update README.md needs: terraform-module-ci runs-on: ubuntu-latest - if: github.job.terraform-module-ci.result == 'success' + if: needs.terraform-module-ci.result == 'success' steps: - name: "๐Ÿ“ฅ Checkout" uses: actions/checkout@v4 From 26247b6f8019c15a7532f40aff66cf725e622ac0 Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 14:01:20 +0100 Subject: [PATCH 07/12] fix: remove error causing variable from description --- .github/workflows/terraform-module-ci.yaml | 2 +- terraform-docs/action.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 4af5579..943186d 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -34,7 +34,7 @@ on: description: | "README.md file path to inject terraform docs into. Default is the root of the repository." type : string - default: "${{ github.workspace }}" + default: ${{ github.workspace }} env: ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} diff --git a/terraform-docs/action.yaml b/terraform-docs/action.yaml index bc59ad3..9846dfc 100644 --- a/terraform-docs/action.yaml +++ b/terraform-docs/action.yaml @@ -7,7 +7,7 @@ inputs: description: | "README.md file path to inject terraform docs into. Default is the root of the repository. Path consider default name of README.md. - If README.md is in repo root then use ```${{ github-workspace }}``` as path." + If README.md is in repo root then use github-workspace as path." runs: using: "composite" From c3c1c1182c2963abb7b9d2127410264a51b03d42 Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 14:25:45 +0100 Subject: [PATCH 08/12] chore: adjust checkout to work in current branch --- .github/workflows/terraform-module-ci.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 943186d..75c3181 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -34,7 +34,7 @@ on: description: | "README.md file path to inject terraform docs into. Default is the root of the repository." type : string - default: ${{ github.workspace }} + default: "." env: ARM_TENANT_ID: ${{ secrets.REPO_AZURE_DSB_TENANT_IDย }} @@ -277,6 +277,8 @@ jobs: steps: - name: "๐Ÿ“ฅ Checkout" uses: actions/checkout@v4 + with: + ref: ${{ github.event.pull_request.head.ref }} - name: "๐Ÿ“ Validate and update README.md" id: update-readme From de45152c0eb42780f3e4c4bd59fe79c04389f4aa Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 14:42:04 +0100 Subject: [PATCH 09/12] chore: remove debug comments. chore: add new line after README.md comment --- terraform-docs/action.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/terraform-docs/action.yaml b/terraform-docs/action.yaml index 9846dfc..f6f1335 100644 --- a/terraform-docs/action.yaml +++ b/terraform-docs/action.yaml @@ -16,8 +16,6 @@ runs: shell: bash run: | set -o allexport; source "${{ github.action_path }}/helpers.sh"; set +o allexport; - # enable debug - # set -x README_FILE="${{ inputs.readme-file-path }}/README.md" @@ -39,7 +37,7 @@ runs: else log-info "Delimiters do not exist in ${README_FILE}" log-info "Adding delimiters to ${README_FILE}" - printf "\nBelow is a placeholder for Terraform-docs generated documentation. Do not edit between the delimiters." >> "${README_FILE}" + printf "\nBelow is a placeholder for Terraform-docs generated documentation. Do not edit between the delimiters.\n" >> "${README_FILE}" { echo "" echo " " From 5ffef5ed6e12cdafe75ef9c51bf0ec7cfb9fb9b9 Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 14:46:04 +0100 Subject: [PATCH 10/12] chore: remove dev tag and revert to current --- .github/workflows/terraform-ci-cd-default.yml | 39 +++++++------------ .github/workflows/terraform-module-ci.yaml | 36 ++++++----------- README.md | 12 ++---- 3 files changed, 29 insertions(+), 58 deletions(-) diff --git a/.github/workflows/terraform-ci-cd-default.yml b/.github/workflows/terraform-ci-cd-default.yml index 8a02980..9c6a10f 100644 --- a/.github/workflows/terraform-ci-cd-default.yml +++ b/.github/workflows/terraform-ci-cd-default.yml @@ -187,8 +187,7 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Create env matrix" id: create-matrix - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@tf-docs + uses: dsb-norge/github-actions-terraform/create-tf-vars-matrix@v0 with: inputs-json: ${{ toJSON(inputs) }} @@ -211,8 +210,7 @@ jobs: uses: actions/checkout@v4 - name: "๐ŸŽฐ Export environment variables and secrets" - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/export-env-vars@tf-docs + uses: dsb-norge/github-actions-terraform/export-env-vars@v0 with: extra-envs: ${{ toJSON(matrix.vars.extra-envs) }} extra-envs-from-secrets: ${{ toJSON(matrix.vars.extra-envs-from-secrets) }} @@ -227,14 +225,12 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-docs + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-tflint@tf-docs + uses: dsb-norge/github-actions-terraform/setup-tflint@v0 with: tflint-version: ${{ matrix.vars.tflint-version }} working-directory: ${{ matrix.vars.project-dir }} @@ -249,8 +245,7 @@ jobs: - name: โš™๏ธ Terraform Init id: init if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'init') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-init@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-init@v0 with: working-directory: ${{ matrix.vars.project-dir }} additional-dirs-json: ${{ toJSON(matrix.vars.terraform-init-additional-dirs) }} @@ -260,8 +255,7 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'format') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 with: working-directory: ${{ matrix.vars.project-dir }} format-check-in-root-dir: ${{ matrix.vars.format-check-in-root-dir }} @@ -270,8 +264,7 @@ jobs: - name: โœ” Terraform Validate id: validate if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'validate') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-validate@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-validate@v0 with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -279,8 +272,7 @@ jobs: - name: ๐Ÿงน Lint with TFLint id: lint if: contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'lint') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-docs + uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 with: working-directory: ${{ matrix.vars.project-dir }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -288,8 +280,7 @@ jobs: - name: ๐Ÿ“– Terraform Plan id: plan if: steps.init.outcome == 'success' && ( contains(matrix.vars.goals, 'all') || contains(matrix.vars.goals, 'plan') ) - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-plan@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-plan@v0 with: working-directory: ${{ matrix.vars.project-dir }} environment-name: ${{ matrix.vars.github-environment }} @@ -298,8 +289,7 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' && matrix.vars.add-pr-comment == 'true' - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-docs + uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 with: environment-name: ${{ matrix.vars.github-environment }} plan-txt-output-file: ${{ steps.plan.outputs.txt-output-file }} @@ -387,8 +377,7 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-apply@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-apply@v0 with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.plan.outputs.terraform-plan-file }} @@ -400,8 +389,7 @@ jobs: if: | steps.init.outcome == 'success' && contains(matrix.vars.goals, 'destroy-plan') - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-plan@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-plan@v0 with: working-directory: ${{ matrix.vars.project-dir }} environment-name: "${{ matrix.vars.github-environment }}-destroy" @@ -428,8 +416,7 @@ jobs: && github.event_name == 'pull_request' && github.base_ref == matrix.vars.caller-repo-default-branch ) ) - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-apply@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-apply@v0 with: working-directory: ${{ matrix.vars.project-dir }} terraform-plan-file: ${{ steps.destroy-plan.outputs.terraform-plan-file }} diff --git a/.github/workflows/terraform-module-ci.yaml b/.github/workflows/terraform-module-ci.yaml index 75c3181..770df6b 100644 --- a/.github/workflows/terraform-module-ci.yaml +++ b/.github/workflows/terraform-module-ci.yaml @@ -64,8 +64,7 @@ jobs: - name: "๐ŸŽฐ Create env matrix" id: create-matrix - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-tftest-matrix@tf-docs + uses: dsb-norge/github-actions-terraform/create-tftest-matrix@v0 - name: "๐Ÿ“ฅ Setup Terraform" uses: hashicorp/setup-terraform@v3 @@ -76,13 +75,11 @@ jobs: - name: "๐Ÿ—„๏ธ Setup Terraform provider plugin cache" id: setup-terraform-cache - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@tf-docs + uses: dsb-norge/github-actions-terraform/setup-terraform-plugin-cache@v0 - name: "๐Ÿ“ฅ Setup TFLint" id: setup-tflint - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/setup-tflint@tf-docs + uses: dsb-norge/github-actions-terraform/setup-tflint@v0 with: tflint-version: ${{ inputs.tflint-version }} working-directory: ${{ github.workspace }} @@ -95,8 +92,7 @@ jobs: - name: โš™๏ธ Terraform Init id: init - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-init@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-init@v0 with: working-directory: ${{ github.workspace }} additional-dirs-json: null @@ -105,8 +101,7 @@ jobs: - name: ๐Ÿ–Œ Terraform Format id: fmt - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-fmt@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-fmt@v0 with: working-directory: ${{ github.workspace }} format-check-in-root-dir: true @@ -114,16 +109,14 @@ jobs: - name: โœ” Terraform Validate id: validate - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-validate@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-validate@v0 with: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later - name: ๐Ÿงน Lint with TFLint id: lint - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/lint-with-tflint@tf-docs + uses: dsb-norge/github-actions-terraform/lint-with-tflint@v0 with: working-directory: ${{ github.workspace }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -131,8 +124,7 @@ jobs: - name: ๐Ÿ“ Create validation summary id: create-validation-summary if: github.event_name == 'pull_request' - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-validation-summary@tf-docs + uses: dsb-norge/github-actions-terraform/create-validation-summary@v0 with: environment-name: "module" plan-txt-output-file: "" @@ -211,8 +203,7 @@ jobs: - name: โš™๏ธ Terraform Init id: init - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-init@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-init@v0 with: working-directory: ${{ github.workspace }} additional-dirs-json: null @@ -221,8 +212,7 @@ jobs: - name: ๐Ÿงช Terraform Test id: test - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-test@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-test@v0 with: test-file: ${{ matrix.test-file }} continue-on-error: true # allow job to continue, step outcome is evaluated later @@ -230,8 +220,7 @@ jobs: - name: ๐Ÿ“ Create test report id: create-test-report if: github.event_name == 'pull_request' - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/create-test-report@tf-docs + uses: dsb-norge/github-actions-terraform/create-test-report@v0 with: test-out-file: ${{ steps.test.outputs.json }} status-init: ${{ steps.init.outcome }} @@ -282,8 +271,7 @@ jobs: - name: "๐Ÿ“ Validate and update README.md" id: update-readme - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/terraform-docs@tf-docs + uses: dsb-norge/github-actions-terraform/terraform-docs@v0 with: readme-file-path: ${{ inputs.readme-file-path }} continue-on-error: true diff --git a/README.md b/README.md index f72c98e..e97c144 100644 --- a/README.md +++ b/README.md @@ -112,8 +112,7 @@ on: jobs: tf: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -131,8 +130,7 @@ Example of how to add terraform CI/CD with default operations to a github repo c # snip, 'name:' and 'on:' fields removed jobs: tf: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -155,8 +153,7 @@ jobs: # you can achieve passwordless auth to Azure tf-1: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: id-token: write # required for Azure password-less auth @@ -183,8 +180,7 @@ jobs: # hardcoded versions and modify what steps are executed tf-2: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout From 5f30754720b2c2f8b3f9d5ba4be2fe374e8295da Mon Sep 17 00:00:00 2001 From: artlvns Date: Fri, 1 Nov 2024 14:58:28 +0100 Subject: [PATCH 11/12] docs: update README.md --- README.md | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e97c144..a7553f4 100644 --- a/README.md +++ b/README.md @@ -112,7 +112,8 @@ on: jobs: tf: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -130,7 +131,8 @@ Example of how to add terraform CI/CD with default operations to a github repo c # snip, 'name:' and 'on:' fields removed jobs: tf: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -153,7 +155,8 @@ jobs: # you can achieve passwordless auth to Azure tf-1: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: id-token: write # required for Azure password-less auth @@ -180,7 +183,8 @@ jobs: # hardcoded versions and modify what steps are executed tf-2: - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 + # TODO revert to @v0 + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -208,7 +212,7 @@ jobs: ```text permissions: id-token: write # Required for Azure password-less authentication - contents: read # Required for actions/checkout + contents: write # Required for actions/checkout and to update readme by PR. pull-requests: write # Required for commenting on PRs ``` @@ -216,6 +220,7 @@ jobs: - terraform-version: The version of Terraform to use for the tests (required). - tflint-version: The version of tflint (required) +- readme-file-path: path to README.md file. By default repo root used. #### Secrets @@ -259,7 +264,13 @@ Jobs: - Add validation summary as pull request comment - Validate outcomes of init and test - 3. conclusion: + 3. generate-docs: + - Steps: + - Checkout working branch + - Terraform-docs + - Validate outcome of terraform-docs + + 4. conclusion: - Steps: - Exit with status 1 if any of the previous jobs failed or were cancelled @@ -289,6 +300,7 @@ jobs: with: terraform-version: "1.9.x" tflint-version: "v0.53.0" + readme-file-path: '.' ``` ## Maintenance From 96de1b255f4f0f3d91a92571b1dc7c963e39092d Mon Sep 17 00:00:00 2001 From: artlvns Date: Mon, 11 Nov 2024 12:13:38 +0100 Subject: [PATCH 12/12] docs: remove dev tag from README.md --- README.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index a7553f4..853ded9 100644 --- a/README.md +++ b/README.md @@ -112,8 +112,7 @@ on: jobs: tf: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -131,8 +130,7 @@ Example of how to add terraform CI/CD with default operations to a github repo c # snip, 'name:' and 'on:' fields removed jobs: tf: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout @@ -155,8 +153,7 @@ jobs: # you can achieve passwordless auth to Azure tf-1: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: id-token: write # required for Azure password-less auth @@ -183,8 +180,7 @@ jobs: # hardcoded versions and modify what steps are executed tf-2: - # TODO revert to @v0 - uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@tf-docs + uses: dsb-norge/github-actions-terraform/.github/workflows/terraform-ci-cd-default.yml@v0 secrets: inherit # pass all secrets, ok since we trust our own workflow permissions: contents: read # required for actions/checkout