Remove pyright from npm-global dump #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Deployment | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| deploy: | |
| name: Deploy Terraform changes in changed Terramate stacks | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: read | |
| checks: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Terramate | |
| uses: terramate-io/terramate-action@v2 | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.7.4 | |
| terraform_wrapper: false | |
| - name: List changed stacks | |
| id: list | |
| run: terramate list --changed | |
| - name: Authenticate to Google Cloud via OIDC | |
| if: steps.list.outputs.stdout | |
| id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| # see: https://github.com/google-github-actions/auth?tab=readme-ov-file#preferred-direct-workload-identity-federation | |
| project_id: 'gen-ai-hironow' | |
| workload_identity_provider: 'projects/189612961347/locations/global/workloadIdentityPools/github/providers/my-repo' | |
| - name: Run Terraform init on changed stacks | |
| if: steps.list.outputs.stdout | |
| id: init | |
| run: | | |
| terramate run \ | |
| --changed \ | |
| -- \ | |
| terraform init | |
| - name: Create Terraform plan on changed stacks | |
| if: steps.list.outputs.stdout | |
| id: plan | |
| run: | | |
| terramate run \ | |
| --changed \ | |
| -- \ | |
| terraform plan -lock-timeout=5m -out out.tfplan | |
| - name: Apply planned changes on changed stacks | |
| if: steps.list.outputs.stdout | |
| id: apply | |
| run: | | |
| terramate run \ | |
| --changed \ | |
| --sync-deployment \ | |
| --terraform-plan-file=out.tfplan \ | |
| -- \ | |
| terraform apply -input=false -auto-approve -lock-timeout=5m out.tfplan | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Run drift detection | |
| if: steps.list.outputs.stdout && ! cancelled() && steps.apply.outcome != 'skipped' | |
| id: drift | |
| run: | | |
| terramate run \ | |
| --changed \ | |
| --sync-drift-status \ | |
| --terraform-plan-file=drift.tfplan \ | |
| -- \ | |
| terraform plan -out drift.tfplan -detailed-exitcode | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} |