apply

chore(deps): update aquaproj/aqua-installer action to v3.1.1 (.github… #2584

Workflow file for this run

	---
	name: apply
	on:
	push:
	branches: [main]
	env:
	TFACTION_IS_APPLY: 'true'
	jobs:
	setup:
	runs-on: ubuntu-latest
	permissions:
	contents: read # For checkout a private repository
	pull-requests: write # For ci-info and github-comment
	outputs:
	targets: ${{ steps.list-targets.outputs.targets }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: aquaproj/aqua-installer@e2d0136abcf70b7a2f6f505720640750557c4b33 # v3.1.1
	with:
	aqua_version: v2.41.0

	- uses: suzuki-shunsuke/tfaction/list-targets@98da3c71e2f14697e6cd56217d4a62882586e4da # v1.13.3
	id: list-targets

	apply:
	name: "apply (${{matrix.target.target}})"
	runs-on: ${{matrix.target.runs_on}}
	needs: setup
	# if services is empty, the build job is skipped
	if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
	strategy:
	fail-fast: false
	matrix:
	target: ${{fromJSON(needs.setup.outputs.targets)}}
	env:
	TFACTION_TARGET: ${{matrix.target.target}}
	TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
	permissions:
	id-token: write # For OIDC
	contents: read # To checkout a private repository
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Generate token for aqua-installer
	id: aqua_installer_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# If you use private registries, contents:read is required
	permissions: >-
	{}
	# If you use private registries, please add private repositories
	repositories: >-
	[]

	- uses: aquaproj/aqua-installer@e2d0136abcf70b7a2f6f505720640750557c4b33 # v3.1.1
	with:
	aqua_version: v2.41.0
	env:
	AQUA_GITHUB_TOKEN: ${{ steps.aqua_installer_token.outputs.token }}

	- uses: suzuki-shunsuke/tfaction/export-secrets@98da3c71e2f14697e6cd56217d4a62882586e4da # v1.13.3
	with:
	secrets: ${{ toJSON(secrets) }}

	- name: Generate token to download private Terraform Modules
	id: gh_setup_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# If you use private registries, contents:read is required
	permissions: >-
	{
	"contents": "read"
	}
	# private repositories hosting private modules
	repositories: >-
	[]

	# This is required to download private modules in `terraform init`
	- run: gh auth setup-git
	env:
	GITHUB_TOKEN: ${{ steps.gh_setup_token.outputs.token }}

	- name: Generate token to update drift issues
	id: drift_issue_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# issues:write - Create and update drift issues
	permissions: >-
	{
	"issues": "write"
	}
	# GitHub Repository where Drift Detection issues are hosted
	# https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
	repositories: >-
	["${{github.event.repository.name}}"]

	- run: tfaction get-or-create-drift-issue
	shell: bash
	env:
	GITHUB_TOKEN: ${{ steps.drift_issue_token.outputs.token }}

	- name: Generate token for setup
	id: setup_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# pull_requests:write - Post comments
	# issues:write - Update drift issues
	permissions: >-
	{
	"pull_requests": "write",
	"issues": "write"
	}
	repositories: >-
	["${{github.event.repository.name}}"]

	- uses: suzuki-shunsuke/tfaction/setup@98da3c71e2f14697e6cd56217d4a62882586e4da # v1.13.3
	with:
	github_token: ${{ steps.setup_token.outputs.token }}
	ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules

	- name: Generate token for apply
	id: apply_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# pull_requests:write - Post comments
	# actions:read - Download plan files
	# issues:write - Update drift issues
	# contents:write - Update related pull requests
	permissions: >-
	{
	"pull_requests": "write",
	"actions": "read",
	"contents": "write",
	"issues": "write"
	}
	repositories: >-
	["${{github.event.repository.name}}"]

	- uses: suzuki-shunsuke/tfaction/apply@98da3c71e2f14697e6cd56217d4a62882586e4da # v1.13.3
	with:
	github_token: ${{ steps.apply_token.outputs.token }}
	env:
	CLOUDFLARE_API_TOKEN: ${{secrets.CLOUDFLARE_API_TOKEN}} # For cloudflare provider


	- name: Generate token for creating follow up pr
	id: follow_up_pr_token
	if: failure()
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# contents:write - Push commits
	# pull_requests:write - Create a pull request
	permissions: >-
	{
	"contents": "write",
	"pull_requests": "write"
	}
	repositories: >-
	["${{github.event.repository.name}}"]

	- uses: suzuki-shunsuke/tfaction/create-follow-up-pr@98da3c71e2f14697e6cd56217d4a62882586e4da # v1.13.3
	if: failure()
	with:
	github_token: ${{steps.follow_up_pr_token.outputs.token}}

	- uses: suzuki-shunsuke/tfaction/update-drift-issue@98da3c71e2f14697e6cd56217d4a62882586e4da # v1.13.3
	if: always()
	with:
	status: ${{job.status}}
	github_token: ${{steps.drift_issue_token.outputs.token}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update aquaproj/aqua-installer action to v3.1.1 (.github… #2584

Workflow file

chore(deps): update aquaproj/aqua-installer action to v3.1.1 (.github… #2584

Jobs

Run details

Workflow file for this run