Skip to content

Commit

Permalink
Add workflows with terramate scripts (#147)
Browse files Browse the repository at this point in the history
  • Loading branch information
@soerenmartius
soerenmartius authored Apr 23, 2024
2 parents d16e3cf + b3f4eb3 commit bbf50db
Show file tree
Hide file tree
Showing 4 changed files with 126 additions and 69 deletions.
51 changes: 19 additions & 32 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ jobs:
### Check for changed stacks

- name: List changed stacks
id: list
id: list-changed
run: terramate list -C stacks --changed

### Configure cloud credentials

- name: Configure AWS credentials
if: steps.list.outputs.stdout
if: steps.list-changed.outputs.stdout
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ${{ env.AWS_REGION }}
Expand All @@ -57,54 +57,41 @@ jobs:
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}

- name: Verify AWS credentials
if: steps.list.outputs.stdout
if: steps.list-changed.outputs.stdout
run: aws sts get-caller-identity

### Run the Terraform deployment via Terramate in each changed stack

- name: Run Terraform init on changed stacks
if: steps.list.outputs.stdout
id: init
- name: Run Terraform init on all changed stacks
if: steps.list-changed.outputs.stdout
run: |
terramate run \
terramate run-script \
-C stacks \
--changed \
-- \
--parallel 1
--changed
terraform init
- name: Create Terraform plan on changed stacks
if: steps.list.outputs.stdout
id: plan
run: |
terramate run \
-C stacks \
--changed \
-- \
terraform plan -lock-timeout=5m -out out.tfplan
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Apply planned changes on changed stacks
id: apply
if: steps.list.outputs.stdout
id: deploy
if: steps.list-changed.outputs.stdout
run: |
terramate run \
terramate run-script \
-C stacks \
--parallel 5
--changed \
--cloud-sync-deployment \
--cloud-sync-terraform-plan-file=out.tfplan \
-- \
terraform apply -input=false -auto-approve -lock-timeout=5m out.tfplan
terraform deploy
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Run drift detection
if: steps.list.outputs.stdout && ! cancelled() && steps.apply.outcome != 'skipped'
if: steps.list-changed.outputs.stdout && ! cancelled() && steps.deploy.outcome != 'skipped'
run: |
terramate run \
terramate run-script \
-C stacks \
--parallel 5
--changed \
--cloud-sync-drift-status \
--cloud-sync-terraform-plan-file=drift.tfplan \
-- \
terraform plan -out drift.tfplan -detailed-exitcode
terraform detect-drift
env:
GITHUB_TOKEN: ${{ github.token }}
42 changes: 35 additions & 7 deletions .github/workflows/drift-detection.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,16 @@ jobs:
asdf plugin add terraform
asdf install terraform
### Check for drifted stacks

- name: List changed stacks
id: list-drifted
run: terramate list -C stacks --cloud-status=drifted

### Configure cloud credentials

- name: Configure AWS credentials
if: steps.list-drifted.outputs.stdout
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ${{ env.AWS_REGION }}
Expand All @@ -51,23 +58,44 @@ jobs:
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}

- name: Verify AWS credentials
if: steps.list-drifted.outputs.stdout
run: aws sts get-caller-identity

### Run Dift Check

- name: Run Terraform init on all stacks
id: init
run: terramate run -C stacks -- terraform init
if: steps.list-drifted.outputs.stdout
run: |
terramate run-script \
-C stacks \
--parallel 1
terraform init
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Run drift detection
id: drift
if: steps.list-drifted.outputs.stdout
id: drift-detect
run: |
terramate run-script \
-C stacks \
--parallel 5 \
--continue-on-error \
-- \
terraform drift detect
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Run drift reconciliation
if: steps.list-drifted.outputs.stdout
id: drift-reconcile
run: |
terramate run \
terramate run-script \
-C stacks \
--cloud-sync-drift-status \
--cloud-sync-terraform-plan-file=drift.tfplan \
--tags reconcile \
--parallel 5
--continue-on-error \
-- \
terraform plan -out drift.tfplan -detailed-exitcode -lock=false
terraform drift reconcile
env:
GITHUB_TOKEN: ${{ github.token }}
49 changes: 19 additions & 30 deletions .github/workflows/preview.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,13 @@ jobs:
### Check for changed stacks

- name: List changed stacks
id: list
id: list-changed
run: terramate list -C stacks --changed

### Configure cloud credentials

- name: Configure AWS credentials
if: steps.list.outputs.stdout
if: steps.list-changed.outputs.stdout
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ${{ env.AWS_REGION }}
Expand All @@ -78,51 +78,40 @@ jobs:
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}

- name: Verify AWS credentials
if: steps.list.outputs.stdout
if: steps.list-changed.outputs.stdout
run: aws sts get-caller-identity

### Run the Terraform preview via Terramate in each changed stack

- name: Initialize Terraform in changed stacks
if: steps.list.outputs.stdout
- name: Run Terraform init on all changed stacks
if: steps.list-changed.outputs.stdout
run: |
terramate run \
terramate run-script \
-C stacks \
--parallel 1 \
--changed \
-- \
terraform init -lock-timeout=5m
- name: Validate Terraform configuration in changed stacks
if: steps.list.outputs.stdout
run: |
terramate run \
-C stacks \
--parallel 5 \
--changed \
-- \
terraform validate
--changed
--parallel 1
terraform init
env:
GITHUB_TOKEN: ${{ github.token }}

- name: Plan Terraform changes in changed stacks
if: steps.list.outputs.stdout
if: steps.list-changed.outputs.stdout
run: |
terramate run \
terramate run-script \
-C stacks \
--parallel 5 \
--changed \
--cloud-sync-preview \
--cloud-sync-terraform-plan-file=out.tfplan \
--parallel 5 \
--debug-preview-url preview_url.txt \
--continue-on-error \
-- \
terraform plan -out out.tfplan -detailed-exitcode -lock=false
terraform preview
env:
GITHUB_TOKEN: ${{ github.token }}

### Update Pull Request comment

- name: Generate preview details
if: steps.list.outputs.stdout
if: steps.list-changed.outputs.stdout
id: comment
run: |
echo >>pr-comment.txt "## Preview of Terraform changes in ${{ github.event.pull_request.head.sha }}"
Expand All @@ -132,7 +121,7 @@ jobs:
echo >>pr-comment.txt "### Changed Stacks"
echo >>pr-comment.txt
echo >>pr-comment.txt '```bash'
echo >>pr-comment.txt "${{ steps.list.outputs.stdout }}"
echo >>pr-comment.txt "${{ steps.list-changed.outputs.stdout }}"
echo >>pr-comment.txt '```'
echo >>pr-comment.txt
echo >>pr-comment.txt "#### Terraform Plan"
Expand All @@ -144,7 +133,7 @@ jobs:
cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
- name: Generate preview when no stacks changed
if: success() && !steps.list.outputs.stdout
if: success() && !steps.list-changed.outputs.stdout
run: |
echo >>pr-comment.txt "## Preview of Terraform changes in ${{ github.event.pull_request.head.sha }}"
echo >>pr-comment.txt
Expand All @@ -163,7 +152,7 @@ jobs:
echo >>pr-comment.txt "### Changed Stacks"
echo >>pr-comment.txt
echo >>pr-comment.txt '```bash'
echo >>pr-comment.txt "${{ steps.list.outputs.stdout }}"
echo >>pr-comment.txt "${{ steps.list-changed.outputs.stdout }}"
echo >>pr-comment.txt '```'
echo >>pr-comment.txt ':boom: Generating preview failed. Please see details in Actions output.'
cat pr-comment.txt >>$GITHUB_STEP_SUMMARY
Expand Down
53 changes: 53 additions & 0 deletions workflows.tm.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
script "terraform" "deploy" {
name = "Terraform Deployment"
description = "Run a full Terraform deployment cycle and synchronize the result to Terramate Cloud."

job {
# name = "Terraform Apply"
# description = "Initialize, validate, plan, and apply Terraform changes."
commands = [
["terraform", "init", "-lock-timeout=5m"],
["terraform", "validate"],
["terraform", "plan", "-out", "out.tfplan", "-lock=false"],
["terraform", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "out.tfplan", {
cloud_sync_deployment = true
cloud_sync_terraform_plan_file = "out.tfplan"
}],
]
}
}

script "terraform" "detect-drift" {
name = "Terraform Drift Check"
description = "Detect drifts in Terraform configuration and synchronize it to Terramate Cloud."

job {
# name = "Terraform Plan"
# description = "Initialize, validate, and plan Terraform changes."
commands = [
["terraform", "init", "-lock-timeout=5m"],
["terraform", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
cloud_sync_drift_status = true
cloud_sync_terraform_plan_file = "out.tfplan"
}],
]
}
}

script "terraform" "preview" {
name = "Terraform Deployment Preview"
description = "Create a preview of Terraform Changes and synchronize it to Terramate Cloud."

job {
# name = "Terraform Plan"
# description = "Initialize, validate, and plan Terraform changes."
commands = [
["terraform", "init", "-lock-timeout=5m"],
["terraform", "validate"],
["terraform", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
cloud_sync_preview = true
cloud_sync_terraform_plan_file = "out.tfplan"
}],
]
}
}

0 comments on commit bbf50db

Please sign in to comment.