From cbb0fbe4f4b6e5c11b052b2892c20f2074d923e6 Mon Sep 17 00:00:00 2001 From: Mykhailo Nikiforov Date: Tue, 12 Dec 2023 09:58:43 +0200 Subject: [PATCH] fix(ci): update terraform job template --- .gitea/workflows/tf-apply.yml | 27 +++++++++++++++++++++++---- .gitea/workflows/tf-plan.yml | 25 ++++++++++++------------- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/.gitea/workflows/tf-apply.yml b/.gitea/workflows/tf-apply.yml index 3fb0b9f..3e8ae3c 100644 --- a/.gitea/workflows/tf-apply.yml +++ b/.gitea/workflows/tf-apply.yml @@ -21,58 +21,77 @@ jobs: runs-on: ubuntu-latest steps: + - name: Retrieve artifacts + uses: actions/download-artifact@v3 + with: + name: artifacts + - name: Check if job errored + shell: bash + id: check + run: | + echo "code=$(cat exitcode)" >> $GITHUB_OUTPUT + if [ "$(cat exitcode)" -lt 2 ]; then + exit "$(cat exitcode)"; + fi - name: Clone blackbox repo uses: actions/checkout@v4 + if: ${{ steps.check.outputs.code == 2 }} with: repository: xaked/blackbox path: blackbox ref: master - name: Install blackbox shell: bash + if: ${{ steps.check.outputs.code == 2 }} run: | cd blackbox || exit 1; make copy-install; cd ${{ github.workspace }}; rm -rf blackbox; - uses: hashicorp/setup-terraform@v2 + if: ${{ steps.check.outputs.code == 2 }} with: terraform_version: 1.5.7 cli_config_credentials_token: ${{ secrets.tf-api-token }} - name: Clone repo + if: ${{ steps.check.outputs.code == 2 }} uses: actions/checkout@v4 - name: Decrypt secrets + if: ${{ steps.check.outputs.code == 2 }} shell: bash run: | echo ${{ secrets.gpg-key }} | base64 -d | gpg --import; blackbox_decrypt_all_files; - name: Setup SSH key + if: ${{ steps.check.outputs.code == 2 }} uses: benoitchantre/setup-ssh-authentication-action@1.0.1 with: private-key: ${{ secrets.ssh-private-key }} private-key-name: id_ed25519 known-hosts: ${{ secrets.ssh-known-hosts }} - name: Restore terraform cache + if: ${{ steps.check.outputs.code == 2 }} uses: actions/cache@v3 id: cache-terraform-restore with: path: .terraform key: ${{ github.repository }}-${{ runner.os }}-${{ runner.arch }}-tf - - name: Download terraform plan - uses: actions/download-artifact@v3 - with: - name: tfplan - name: Run terraform init + if: ${{ steps.check.outputs.code == 2 }} shell: bash run: terraform init - name: Run terraform validate + if: ${{ steps.check.outputs.code == 2 }} shell: bash run: terraform validate - name: Run terraform apply + if: ${{ steps.check.outputs.code == 2 }} id: tfplan shell: bash run: | terraform apply -input=false -auto-approve tfplan.binary; - name: Save terraform cache + if: ${{ steps.check.outputs.code == 2 }} uses: actions/cache/save@v3 id: cache-terraform-save with: diff --git a/.gitea/workflows/tf-plan.yml b/.gitea/workflows/tf-plan.yml index c667720..37e3bed 100644 --- a/.gitea/workflows/tf-plan.yml +++ b/.gitea/workflows/tf-plan.yml @@ -14,16 +14,11 @@ on: ssh-known-hosts: required: true type: string - outputs: - tfplanexitcode: - value: ${{ jobs.tf-plan.outputs.tfplanexitcode }} jobs: tf-plan: name: Terraform Plan runs-on: ubuntu-latest - outputs: - tfplanexitcode: ${{ steps.tfplan.outputs.exitcode }} steps: - uses: hashicorp/setup-terraform@v2 @@ -73,17 +68,21 @@ jobs: shell: bash run: | terraform plan -detailed-exitcode -out=tfplan.binary -input=false; + printf "$?" > exitcode; continue-on-error: true - - name: Check if job errored - if: ${{ steps.tfplan.outputs.exitcode == 1 }} - shell: sh - run: exit 1 - - name: Upload terraform plan if diffs are detected - if: ${{ steps.tfplan.outputs.exitcode == 2 }} + - name: Upload artifacts uses: actions/upload-artifact@v3 with: - name: tfplan - path: tfplan.binary + name: artifacts + path: | + tfplan.binary + exitcode + - name: Check if job errored + shell: bash + run: | + if [ "$(cat exitcode)" == "1" ]; then + exit 1; + fi - name: Save terraform cache uses: actions/cache/save@v3 id: cache-terraform-save