feat: 🚀 Added a feature to pass environment variables in Terraform wo…

…rkflows and TFDrift workflows. (#89)
clouddrove · Oct 5, 2023 · 6b14cb1 · 6b14cb1
1 parent b31b178
commit 6b14cb1
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 19 deletions.
diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml
@@ -76,14 +76,21 @@ on:
 jobs:
   terraform-workflow:
     runs-on: ubuntu-latest
-    env: ${{ fromJSON(secrets.env-vars) }}
     outputs:
       tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Set environment variables
+        run: |
+          (
+          cat <<'_EOT'
+          ${{ secrets.env-vars }}
+          _EOT
+          ) >> "$GITHUB_ENV"
+
       - name: Install AWS CLI
         if: ${{ inputs.provider == 'aws' }}
         uses: aws-actions/configure-aws-credentials@v4
@@ -139,7 +146,7 @@ jobs:
         id: validate
         uses: dflook/terraform-validate@v1
         with:
-          tf_actions_working_dir: ${{ inputs.working_directory }}
+          path: ${{ inputs.working_directory }}
 
       - name: Terraform Plan
         id: tf-plan

diff --git a/.github/workflows/tfdrift.yml b/.github/workflows/tfdrift.yml
@@ -49,6 +49,10 @@ on:
       TF_API_TOKEN:
         required: false
         description: 'Terraform cloud token if your backend is terraform cloud.'
+      env-vars:
+        required: false
+        description: 'Pass required environment variables'
+
 jobs:
   terraform-plan:
     name: 'Terraform Plan'
@@ -64,6 +68,14 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Set environment variables
+        run: |
+          (
+          cat <<'_EOT'
+          ${{ secrets.env-vars }}
+          _EOT
+          ) >> "$GITHUB_ENV"
+
       - name: Install AWS CLI
         if: ${{ inputs.provider == 'aws' }}
         uses: aws-actions/configure-aws-credentials@v4
@@ -102,20 +114,12 @@ jobs:
       - name: Terraform Plan
         id: tf-plan
         run: |
-          export exitcode=0
           cd ${{ inputs.working_directory }}
           if [ -n "${{ inputs.var_file }}" ]; then
           terraform plan -detailed-exitcode -no-color -out tfplan --var-file=${{ inputs.var_file }} || export exitcode=$?
           else
           terraform plan -detailed-exitcode -no-color -out tfplan || export exitcode=$?
           fi
-          echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
-          if [ $exitcode -eq 1 ]; then
-            echo Terraform Plan Failed!
-            exit 1
-          else
-            exit 0
-          fi
 
       # Save plan to artifacts
       - name: Publish Terraform Plan
@@ -149,7 +153,7 @@ jobs:
           echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
 
       # If changes are detected, create a new issue
-      - name: Publish Drift Report
+      - name: Publish Drift Report and create new issue
         if: steps.tf-plan.outputs.exitcode == 2
         uses: actions/github-script@v6
         env:
@@ -161,18 +165,20 @@ jobs:
               const title = 'Terraform Configuration Drift Detected';
               const creator = 'github-actions[bot]'
 
-              # Look to see if there is an existing drift issue
+              // Look to see if there is an existing drift issue
               const issues = await github.rest.issues.listForRepo({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 state: 'open',
                 creator: creator,
                 title: title
               })
+
               if( issues.data.length > 0 ) {
                 // We assume there shouldn't be more than 1 open issue, since we update any issue we find
                 const issue = issues.data[0]
-              if ( issue.body == body ) {
+
+                if ( issue.body == body ) {
                   console.log('Drift Detected: Found matching issue with duplicate content')
                 } else {
                   console.log('Drift Detected: Found matching issue, updating body')
@@ -185,6 +191,7 @@ jobs:
                 }
               } else {
                 console.log('Drift Detected: Creating new issue')
+
                 github.rest.issues.create({
                   owner: context.repo.owner,
                   repo: context.repo.repo,
@@ -203,16 +210,18 @@ jobs:
               const title = 'Terraform Configuration Drift Detected';
               const creator = 'github-actions[bot]'
 
-              # Look to see if there is an existing drift issue
+              // Look to see if there is an existing drift issue
               const issues = await github.rest.issues.listForRepo({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 state: 'open',
                 creator: creator,
                 title: title
               })
-              if( issues.data.length > 0 ){
+
+              if( issues.data.length > 0 ) {
                 const issue = issues.data[0]
+
                 github.rest.issues.update({
                   owner: context.repo.owner,
                   repo: context.repo.repo,

diff --git a/docs/terraform_workflow.md b/docs/terraform_workflow.md
@@ -30,7 +30,9 @@ jobs:
         AWS_ACCESS_KEY_ID:  # Specify AWS Access key ID
         AWS_SECRET_ACCESS_KEY: # Specify AWS Secret Access key ID
         AWS_SESSION_TOKEN:  # Specify Session ID
-        env-vars: # Specify env variables. ex. '{"KEY1":"VALUE1", "KEY2":" ${{ secrets.VALUE2 }}"}'
+        env-vars: |         # Specify env variables in following format
+               key1=value1
+               key2=value2
 
 ```
 
@@ -56,7 +58,9 @@ jobs:
         destroy:            # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
      secrets:
         AZURE_CREDENTIALS:  # Specify Azure credentilas
-        env-vars: # Specify env variables. ex. '{"KEY1":"VALUE1", "KEY2":" ${{ secrets.VALUE2 }}"}'
+        env-vars: |         # Specify env variables in following format
+               key1=value1
+               key2=value2
 ```
 
 #### Example of a Terraform workflow for a Digitalocean cloud provider
@@ -81,7 +85,9 @@ jobs:
         destroy:            # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
      secrets:
       DIGITALOCEAN_ACCESS_TOKEN:       # Digitalocean token
-      env-vars: # Specify env variables. ex. '{"KEY1":"VALUE1", "KEY2":" ${{ secrets.VALUE2 }}"}'
+      env-vars: |                      # Specify env variables in following format
+             key1=value1
+             key2=value2
 ```
 
 #### Example of a Terraform workflow for a GCP cloud provider
@@ -106,5 +112,7 @@ jobs:
         destroy:            # If the value is set to true, the workflow proceeds to the destroy step. However, the default value is false
      secrets:
       GCP_SA_KEY:           # GCP service account Secret access key
-      env-vars: # Specify env variables. ex. '{"KEY1":"VALUE1", "KEY2":" ${{ secrets.VALUE2 }}"}'
+      env-vars: |           # Specify env variables in following format
+             key1=value1
+             key2=value2
 ```