Merge pull request #49 from steled/fix #99
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Terraform' | |
| # Controls when the workflow will run | |
| on: | |
| workflow_dispatch: | |
| # Triggers the workflow on push (only for the "main" branch) or pull request events | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| # if a new commit is pushed to the main branch while a previous run is still in progress, the previous run will be cancelled and the new one will start | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| tffmt: | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Clone git repo elasticdog/transcrypt | |
| run: | | |
| echo 'Cloning transcrypt main branch' | |
| git clone https://github.com/elasticdog/transcrypt.git ../transcrypt | |
| cd ../transcrypt | |
| sudo ln -s ${PWD}/transcrypt /usr/local/bin/transcrypt | |
| - name: Configure transcrypt | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| transcrypt -c aes-256-cbc -p ${{ secrets.TRANSCRYPT_PASSWORD }} -y | |
| - name: terraform fmt | |
| uses: dflook/terraform-fmt@v1 | |
| with: | |
| path: . | |
| - name: Create Pull Request | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| base: ${{ github.head_ref }} | |
| body: Update Terraform files to canonical format using `terraform fmt` | |
| branch: automated-terraform-fmt | |
| commit-message: terraform fmt | |
| title: Reformat terraform files | |
| tflint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Cache plugin dir | |
| uses: actions/cache@v4 | |
| with: | |
| key: tflint-${{ hashFiles('.tflint.hcl') }} | |
| path: ~/.tflint.d/plugins | |
| - name: Setup TFLint | |
| uses: terraform-linters/setup-tflint@v4 | |
| - name: Show version | |
| run: tflint --version | |
| - name: Init TFLint | |
| env: | |
| # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: tflint --init | |
| - name: Run TFLint | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| run: | | |
| # replace SSH cloning wiht HTTPS cloning method | |
| sed -i 's/[email protected]:steled/github.com\/steled/' *.tf | |
| terraform init | |
| tflint --call-module-type=all | |
| tfdocs: | |
| permissions: | |
| contents: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Render terraform docs inside the README.md and push changes back to PR branch | |
| uses: terraform-docs/[email protected] | |
| with: | |
| git-push: "true" | |
| output-file: README.md | |
| output-method: inject | |
| working-dir: . |