468: move terraform-deploy to hercules-ci-effects r=Mic92 a=zowoq



Co-authored-by: zowoq <59103226+zowoq@users.noreply.github.com>
This commit is contained in:
bors[bot] 2023-03-14 17:23:43 +00:00 committed by GitHub
commit 851255b2bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 56 additions and 53 deletions
.github/workflows

View file

@ -1,50 +0,0 @@
name: "terraform"
# for security should only run on push to bors branches (staging/trying)
on:
push:
branches:
- staging
- trying
jobs:
terraform-deploy:
if: github.repository == 'nix-community/infra'
runs-on: ubuntu-latest
defaults:
run:
working-directory: terraform
env:
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
TF_TOKEN_app_terraform_io: ${{ secrets.TF_TOKEN_APP_TERRAFORM_IO }}
TF_IN_AUTOMATION: true
TF_INPUT: 0
steps:
- uses: actions/checkout@v3
- uses: dorny/paths-filter@v2
id: changes
with:
filters: |
terraform:
- 'terraform/**'
- uses: cachix/install-nix-action@v20
if: steps.changes.outputs.terraform == 'true'
with:
extra_nix_config: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: init
if: steps.changes.outputs.terraform == 'true'
run: nix develop -c terraform init
- name: validate
if: steps.changes.outputs.terraform == 'true'
run: nix develop -c terraform validate
- name: fmt
if: steps.changes.outputs.terraform == 'true'
run: nix develop -c terraform fmt -check
- name: plan
if: steps.changes.outputs.terraform == 'true' && github.ref == 'refs/heads/trying'
run: nix develop -c terraform plan
- name: apply
if: steps.changes.outputs.terraform == 'true' && github.ref == 'refs/heads/staging'
run: nix develop -c terraform apply -auto-approve