diff --git a/README.md b/README.md index 2b7a803ec..1a0025c90 100644 --- a/README.md +++ b/README.md @@ -137,6 +137,7 @@ this action. For more on setting up those components, see the `gitops` component | debug | Enable action debug mode. Default: 'false' | false | false | | enable-infracost | Whether to enable infracost summary. Requires secret `infracost-api-key` to be specified. Default: 'false | false | false | | infracost-api-key | Infracost API key | N/A | false | +| plan-id | Suffix that will be used for plan file name to uniquely identify it. Default: github.sha | ${{ github.sha }} | true | | stack | The stack name for the given component. | N/A | true | | terraform-plan-role | The AWS role to be used to plan Terraform. | N/A | true | | terraform-state-bucket | The S3 Bucket where the planfiles are stored. | N/A | true | @@ -146,6 +147,11 @@ this action. For more on setting up those components, see the `gitops` component | token | Used to pull node distributions for Atmos from Cloud Posse's GitHub repository. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. | ${{ github.server\_url == 'https://github.com' && github.token \|\| '' }} | false | +## Outputs + +| Name | Description | +|------|-------------| +| has-changes | Has Changes | diff --git a/action.yml b/action.yml index e723e3b00..87853b5e4 100644 --- a/action.yml +++ b/action.yml @@ -14,6 +14,10 @@ inputs: component-path: description: "The path to the base component. Atmos defines this value as component_path." required: true + plan-id: + description: "Suffix that will be used for plan file name to uniquely identify it. Default: github.sha" + required: true + default: "${{ github.sha }}" terraform-plan-role: description: "The AWS role to be used to plan Terraform." required: true @@ -55,6 +59,16 @@ inputs: not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. default: ${{ github.server_url == 'https://github.com' && github.token || '' }} +outputs: + plan-file-path: + description: Plan File + value: ${{ steps.atmos-plan.outputs.plan_file_path }} + plan-file: + description: Plan File + value: ${{ steps.atmos-plan.outputs.plan_file }} + has-changes: + description: Has Changes + value: ${{ steps.atmos-plan.outputs.has_changes }} runs: using: "composite" @@ -83,7 +97,7 @@ runs: stack: ${{ inputs.stack }} settings-path: github.actions_enabled - - name: Check if Action is Enable + - name: Check if Action is Enabled id: settings shell: bash run: | @@ -120,17 +134,29 @@ runs: id: atmos-plan shell: bash run: | - PLAN_FILE=$(echo "${{ inputs.stack }}-${{ inputs.component }}-${{github.sha}}.planfile" | sed 's#/#_#g') + PLAN_FILE=$(echo "${{ inputs.stack }}-${{ inputs.component }}-${{ inputs.plan-id }}.planfile" | sed 's#/#_#g') PLAN_FILE_PATH=$(pwd) - ATMOS_BASE_PATH=$GITHUB_WORKSPACE atmos terraform plan ${{ inputs.component }} \ + + TERRAFORM_OUTPUT=$(ATMOS_BASE_PATH=$GITHUB_WORKSPACE atmos terraform plan ${{ inputs.component }} \ --stack ${{ inputs.stack }} \ -out=$PLAN_FILE_PATH/$PLAN_FILE \ - -input=false + -lock=false \ + -input=false \ + -no-color) + + if echo "$TERRAFORM_OUTPUT" | grep -q '^No changes. Your infrastructure matches the configuration.'; then + echo "has_changes=false" >> $GITHUB_OUTPUT + echo "No changes" + else + echo "has_changes=true" >> $GITHUB_OUTPUT + echo "Found changes" + fi + echo "plan_file=$PLAN_FILE" >> $GITHUB_OUTPUT echo "plan_file_path=$PLAN_FILE_PATH" >> $GITHUB_OUTPUT - name: Configure State AWS Credentials - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) }} + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) }} uses: aws-actions/configure-aws-credentials@v2.2.0 with: aws-region: ${{ inputs.aws-region }} @@ -139,36 +165,38 @@ runs: mask-aws-account-id: "no" - name: Store Plan - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) }} - uses: cloudposse/github-action-terraform-plan-storage@v1 + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) }} + uses: cloudposse/github-action-terraform-plan-storage@added-commitsha-overwrite-input id: store-plan with: action: storePlan planPath: ${{ steps.atmos-plan.outputs.plan_file }} component: ${{ inputs.component }} stack: ${{ inputs.stack }} + commitSHA: ${{ inputs.plan-id }} tableName: ${{ inputs.terraform-state-table }} bucketName: ${{ inputs.terraform-state-bucket }} - name: Store Lockfile - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) }} - uses: cloudposse/github-action-terraform-plan-storage@v1 + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) }} + uses: cloudposse/github-action-terraform-plan-storage@added-commitsha-overwrite-input with: action: storePlan planPath: ${{ inputs.component-path}}/.terraform.lock.hcl component: ${{ inputs.component }} stack: "${{ inputs.stack }}-lockfile" + commitSHA: ${{ inputs.plan-id }} tableName: ${{ inputs.terraform-state-table }} bucketName: ${{ inputs.terraform-state-bucket }} - name: Setup Infracost - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(inputs.enable-infracost) }} + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) && fromJSON(inputs.enable-infracost) }} uses: infracost/actions/setup@v2 with: api-key: ${{ inputs.infracost-api-key }} - name: Generate Infracost diff - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(inputs.enable-infracost) }} + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) && fromJSON(inputs.enable-infracost) }} shell: bash run: | PLAN_FILE="${{ steps.atmos-plan.outputs.plan_file_path }}/${{ steps.atmos-plan.outputs.plan_file }}" @@ -188,7 +216,7 @@ runs: --project-name ${{ inputs.stack }}-${{ inputs.component }} \ --out-file=/tmp/infracost.json - - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(inputs.enable-infracost) && fromJSON(inputs.debug) }} + - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) && fromJSON(inputs.enable-infracost) && fromJSON(inputs.debug) }} shell: bash run: | cat ${{ steps.atmos-plan.outputs.plan_file_path }}/${{ steps.atmos-plan.outputs.plan_file }}.json @@ -196,7 +224,7 @@ runs: cat /tmp/infracost.json - name: Set infracost variables - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) }} + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) && fromJSON(inputs.enable-infracost) }} id: infracost-diff shell: bash run: | @@ -212,7 +240,7 @@ runs: echo "infracost_diff_total_monthly_cost=$INFRACOST_DIFF_TOTAL_MONTHLY_COST" >> "$GITHUB_OUTPUT" - name: Post Plan - if: ${{ fromJSON(steps.settings.outputs.actions_enabled) }} + if: ${{ fromJSON(steps.settings.outputs.actions_enabled) && fromJSON(steps.atmos-plan.outputs.has_changes) }} id: post-plan shell: bash run: | diff --git a/config/atmos_github_summary.yaml b/config/atmos_github_summary.yaml index 7cf172323..16e4ab845 100644 --- a/config/atmos_github_summary.yaml +++ b/config/atmos_github_summary.yaml @@ -13,7 +13,7 @@ templates: ## :x: Plan Failed for `{{.Vars.component}}` in `{{.Vars.stack}}`! {{ end }} {{- if eq .ExitCode 0 }} - ## Plan Succeeded for `{{.Vars.component}}` in `{{.Vars.stack}}` + ## Changes Found for `{{.Vars.component}}` in `{{.Vars.stack}}` {{ if .CreatedResources}}[![create](https://shields.io/badge/PLAN-CREATE-success?style=for-the-badge)](#user-content-create-{{.Vars.stack}}-{{.Vars.component}}){{ end }} {{- if .UpdatedResources }} [![change](https://shields.io/badge/PLAN-CHANGE-important?style=for-the-badge)](#user-content-change-{{.Vars.stack}}-{{.Vars.component}}){{ end }} diff --git a/docs/github-action.md b/docs/github-action.md index 30196e79f..57768176e 100644 --- a/docs/github-action.md +++ b/docs/github-action.md @@ -11,6 +11,7 @@ | debug | Enable action debug mode. Default: 'false' | false | false | | enable-infracost | Whether to enable infracost summary. Requires secret `infracost-api-key` to be specified. Default: 'false | false | false | | infracost-api-key | Infracost API key | N/A | false | +| plan-id | Suffix that will be used for plan file name to uniquely identify it. Default: github.sha | ${{ github.sha }} | true | | stack | The stack name for the given component. | N/A | true | | terraform-plan-role | The AWS role to be used to plan Terraform. | N/A | true | | terraform-state-bucket | The S3 Bucket where the planfiles are stored. | N/A | true | @@ -20,4 +21,9 @@ | token | Used to pull node distributions for Atmos from Cloud Posse's GitHub repository. Since there's a default, this is typically not supplied by the user. When running this action on github.com, the default value is sufficient. When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. | ${{ github.server\_url == 'https://github.com' && github.token \|\| '' }} | false | +## Outputs + +| Name | Description | +|------|-------------| +| has-changes | Has Changes |