add terraform deploy action
This commit is contained in:
zowoq
parent
4297a0369c
commit
9e78bac1b9
4 changed files with 53 additions and 7 deletions
45
.github/workflows/terraform.yml
vendored
Normal file
45
.github/workflows/terraform.yml
vendored
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
name: "terraform"
|
||||
|
||||
# for security should only run on push to bors branches (staging/trying)
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- staging
|
||||
- trying
|
||||
|
||||
jobs:
|
||||
terraform-deploy:
|
||||
if: github.repository == 'nix-community/infra'
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }}
|
||||
TF_IN_AUTOMATION: true
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: dorny/paths-filter@v2
|
||||
id: changes
|
||||
with:
|
||||
filters: |
|
||||
terraform:
|
||||
- 'terraform/**'
|
||||
- uses: cachix/install-nix-action@v18
|
||||
if: steps.changes.outputs.terraform == 'true'
|
||||
with:
|
||||
extra_nix_config: |
|
||||
experimental-features = nix-command flakes
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
- name: init
|
||||
if: steps.changes.outputs.terraform == 'true'
|
||||
run: nix develop -c ./terraform/deploy terraform init -input=false
|
||||
- name: validate
|
||||
if: steps.changes.outputs.terraform == 'true'
|
||||
run: nix develop -c ./terraform/deploy terraform validate
|
||||
- name: fmt
|
||||
if: steps.changes.outputs.terraform == 'true'
|
||||
run: nix develop -c ./terraform/deploy terraform fmt -check
|
||||
- name: plan
|
||||
if: steps.changes.outputs.terraform == 'true' && github.ref == 'refs/heads/trying'
|
||||
run: nix develop -c ./terraform/deploy terraform plan -input=false
|
||||
- name: apply
|
||||
if: steps.changes.outputs.terraform == 'true' && github.ref == 'refs/heads/staging'
|
||||
run: nix develop -c ./terraform/deploy terraform apply -auto-approve -input=false
|
||||
|
|
@ -3,4 +3,6 @@ status = [
|
|||
"ci/hercules/derivations",
|
||||
"ci/hercules/effects",
|
||||
"ci/hercules/evaluation",
|
||||
# not a required status check
|
||||
"terraform-deploy",
|
||||
]
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
source_up
|
||||
|
||||
# terraform cloud without the remote execution part
|
||||
export TF_FORCE_LOCAL_BACKEND="1";
|
||||
eval "$("$direnv" dotenv bash <(sops -d --output-type dotenv secrets.yaml))"
|
||||
|
|
@ -1,5 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
terraform init
|
||||
terraform apply
|
||||
pushd "$(dirname "$0")" >/dev/null
|
||||
|
||||
# terraform cloud without the remote execution part
|
||||
TF_FORCE_LOCAL_BACKEND="1" sops exec-env secrets.yaml "${*}"
|
||||
|
||||
popd >/dev/null
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue