mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-05-06 04:14:43 +00:00
Compare commits
No commits in common. "7d22ad1ce1cc0d237c5a4ae32b1091c54504a4f3" and "9bde71fbf94ca652bada1977c3c8e2ea11b4a839" have entirely different histories.
7d22ad1ce1
...
9bde71fbf9
4 changed files with 20 additions and 80 deletions
4
.github/workflows/terraform.yml
vendored
4
.github/workflows/terraform.yml
vendored
|
|
@ -20,7 +20,7 @@ jobs:
|
||||||
- name: Install OpenTofu
|
- name: Install OpenTofu
|
||||||
uses: opentofu/setup-opentofu@v2
|
uses: opentofu/setup-opentofu@v2
|
||||||
with:
|
with:
|
||||||
tofu_version: 1.9.0
|
tofu_version: latest
|
||||||
|
|
||||||
- name: Install SOPS
|
- name: Install SOPS
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -71,7 +71,7 @@ jobs:
|
||||||
- name: Install OpenTofu
|
- name: Install OpenTofu
|
||||||
uses: opentofu/setup-opentofu@v2
|
uses: opentofu/setup-opentofu@v2
|
||||||
with:
|
with:
|
||||||
tofu_version: 1.9.0
|
tofu_version: latest
|
||||||
|
|
||||||
- name: Install SOPS
|
- name: Install SOPS
|
||||||
run: |
|
run: |
|
||||||
|
|
|
||||||
90
.github/workflows/validate-terraform.yml
vendored
90
.github/workflows/validate-terraform.yml
vendored
|
|
@ -2,20 +2,10 @@ name: Validate Terraform
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request:
|
||||||
paths:
|
|
||||||
- "terraform/**"
|
|
||||||
- ".github/workflows/validate-terraform.yml"
|
|
||||||
|
|
||||||
permissions:
|
|
||||||
contents: read
|
|
||||||
pull-requests: write
|
|
||||||
|
|
||||||
# Requires these repository secrets:
|
|
||||||
# AGE_SECRET_KEY — age private key for SOPS decryption
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
plan:
|
tofu-validate:
|
||||||
name: tofu plan
|
name: tofu validate
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v6
|
- uses: actions/checkout@v6
|
||||||
|
|
@ -23,7 +13,7 @@ jobs:
|
||||||
- name: Install OpenTofu
|
- name: Install OpenTofu
|
||||||
uses: opentofu/setup-opentofu@v2
|
uses: opentofu/setup-opentofu@v2
|
||||||
with:
|
with:
|
||||||
tofu_version: 1.9.0
|
tofu_version: latest
|
||||||
|
|
||||||
- name: Install SOPS
|
- name: Install SOPS
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -40,64 +30,18 @@ jobs:
|
||||||
echo "Decrypted: $f -> $out"
|
echo "Decrypted: $f -> $out"
|
||||||
done
|
done
|
||||||
|
|
||||||
- name: Set backend credentials
|
- name: Find and validate Terraform roots
|
||||||
working-directory: terraform/
|
|
||||||
run: |
|
run: |
|
||||||
echo "AWS_ACCESS_KEY_ID=$(yq '.backblaze_keyID' secrets.yaml)" >> "$GITHUB_ENV"
|
found=0
|
||||||
echo "AWS_SECRET_ACCESS_KEY=$(yq '.backblaze_applicationKey' secrets.yaml)" >> "$GITHUB_ENV"
|
for dir in $(find terraform/ -name '*.tf' -printf '%h\n' | sort -u); do
|
||||||
|
echo "::group::Validating $dir"
|
||||||
- name: tofu init
|
cd "$dir"
|
||||||
working-directory: terraform/
|
tofu init -backend=false
|
||||||
run: tofu init
|
tofu validate
|
||||||
|
cd "$GITHUB_WORKSPACE"
|
||||||
- name: tofu validate
|
echo "::endgroup::"
|
||||||
working-directory: terraform/
|
found=1
|
||||||
run: tofu validate
|
done
|
||||||
|
if [ "$found" -eq 0 ]; then
|
||||||
- name: tofu plan
|
echo "No .tf files found — skipping validation."
|
||||||
id: plan
|
fi
|
||||||
working-directory: terraform/
|
|
||||||
continue-on-error: true
|
|
||||||
run: |
|
|
||||||
set -o pipefail
|
|
||||||
tofu plan -no-color 2>&1 | tee plan_output.txt
|
|
||||||
|
|
||||||
- name: Post plan as PR comment
|
|
||||||
uses: actions/github-script@v7
|
|
||||||
with:
|
|
||||||
script: |
|
|
||||||
const fs = require('fs');
|
|
||||||
const raw = fs.readFileSync('terraform/plan_output.txt', 'utf8');
|
|
||||||
const filtered = raw.split('\n').filter(l => !l.includes(': Refreshing state...')).join('\n');
|
|
||||||
const truncated = filtered.length > 65000
|
|
||||||
? filtered.slice(0, 65000) + '\n\n...(output truncated)'
|
|
||||||
: filtered;
|
|
||||||
const outcome = '${{ steps.plan.outcome }}';
|
|
||||||
const header = outcome === 'failure' ? '## Terraform Plan — FAILED' : '## Terraform Plan';
|
|
||||||
const body = `${header}\n\`\`\`\n${truncated}\n\`\`\``;
|
|
||||||
|
|
||||||
const { data: comments } = await github.rest.issues.listComments({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
issue_number: context.issue.number,
|
|
||||||
});
|
|
||||||
const existing = comments.find(c => c.body.startsWith('## Terraform Plan'));
|
|
||||||
if (existing) {
|
|
||||||
await github.rest.issues.updateComment({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
comment_id: existing.id,
|
|
||||||
body,
|
|
||||||
});
|
|
||||||
} else {
|
|
||||||
await github.rest.issues.createComment({
|
|
||||||
owner: context.repo.owner,
|
|
||||||
repo: context.repo.repo,
|
|
||||||
issue_number: context.issue.number,
|
|
||||||
body,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
- name: Fail if plan failed
|
|
||||||
if: steps.plan.outcome == 'failure'
|
|
||||||
run: exit 1
|
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,3 @@
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: caddy
|
name: caddy
|
||||||
state: reloaded
|
state: reloaded
|
||||||
register: caddy_reload_result
|
|
||||||
until: caddy_reload_result is succeeded
|
|
||||||
retries: 3
|
|
||||||
delay: 5
|
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
{
|
{
|
||||||
admin localhost:2019
|
admin 100.67.6.27:2019
|
||||||
metrics {
|
metrics {
|
||||||
per_host
|
per_host
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue