diff --git a/.github/workflows/preview.yaml b/.github/workflows/tf-preview.yaml similarity index 64% rename from .github/workflows/preview.yaml rename to .github/workflows/tf-preview.yaml index 20ef8db..b4e4453 100644 --- a/.github/workflows/preview.yaml +++ b/.github/workflows/tf-preview.yaml @@ -1,5 +1,4 @@ -name: Speculative Run - +name: Terraform on: workflow_dispatch: inputs: @@ -7,25 +6,27 @@ on: description: "URL from which to download the workspace" required: true type: string - jobs: plan: - name: Plan + name: Speculative Plan runs-on: ubuntu-22.04 env: + # renovate: datasource=github-releases depName=hashicorp/terraform + TERRAFORM_VERSION: "1.9.3" + TF_HTTP_PASSWORD: ${{ github.token }} TF_IN_AUTOMATION: "true" - TF_CLI_ARGS: "-input=false" - TF_LOG: "debug" + TF_CLI_ARGS: -input=false + NETBOX_API_TOKEN: ${{ secrets.NETBOX_API_TOKEN }} PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }} PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }} steps: - name: Download Workspace run: | - curl ${{ inputs.workspace_transfer_url }} --fail --silent | tar -xzf - + curl ${{ inputs.workspace_transfer_url }} --user github_pat:${TF_HTTP_PASSWORD} --fail --silent | tar -xzf - - uses: hashicorp/setup-terraform@v3 with: - terraform_version: "1.6.6" + terraform_version: ${TERRAFORM_VERSION} - run: terraform init - run: terraform plan diff --git a/.github/workflows/terraform.yaml b/.github/workflows/tf-run.yaml similarity index 77% rename from .github/workflows/terraform.yaml rename to .github/workflows/tf-run.yaml index e4ad2f3..6ceb3e9 100644 --- a/.github/workflows/terraform.yaml +++ b/.github/workflows/tf-run.yaml @@ -1,10 +1,8 @@ name: Terraform - on: push: branches: [main] pull_request: - jobs: run: name: Run @@ -20,10 +18,17 @@ jobs: pull-requests: write checks: write env: - TF_HTTP_USERNAME: ffddorf/supernodes-v2@${{ matrix.domain }} + # renovate: datasource=github-releases depName=hashicorp/terraform + TERRAFORM_VERSION: "1.9.3" + + TF_HTTP_ADDRESS: https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/${{ matrix.domain }} + TF_HTTP_LOCK_ADDRESS: https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/${{ matrix.domain }} + TF_HTTP_UNLOCK_ADDRESS: https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/${{ matrix.domain }} TF_HTTP_PASSWORD: ${{ github.token }} + TF_IN_AUTOMATION: "true" TF_CLI_ARGS: "-input=false -var-file=domains/${{ matrix.domain }}.tfvars" + NETBOX_API_TOKEN: ${{ secrets.NETBOX_API_TOKEN }} PM_API_TOKEN_ID: ${{ secrets.PM_API_TOKEN_ID }} PM_API_TOKEN_SECRET: ${{ secrets.PM_API_TOKEN_SECRET }} @@ -33,21 +38,16 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - - uses: hashicorp/setup-terraform@v3 with: - terraform_version: "1.6.6" - + terraform_version: ${TERRAFORM_VERSION} - run: terraform init - - run: terraform plan -out=tfplan - name: terraform apply - env: - TF_LOG: "debug" + if: ${{ github.event_name == 'push' && github.ref_name == 'main' }} run: | set -o pipefail terraform apply tfplan | tee apply.log - if: ${{ github.event_name == 'push' && github.ref_name == 'main' }} - name: Backup state if: ${{ github.event_name == 'push' && github.ref_name == 'main' }} env: @@ -68,14 +68,12 @@ jobs: jq -r '.Contents | map(.Key) | sort | reverse | .[5:] | .[]' \ ) for file in ${DELETE_FILES}; do aws s3 rm s3://${S3_BUCKET}/$file; done - - run: terraform show -json tfplan > tfplan.json env: TF_CLI_ARGS: "" - run: terraform show -no-color tfplan > summary.txt env: TF_CLI_ARGS: "" - - name: Create status check with details uses: actions/github-script@v7 with: @@ -103,6 +101,7 @@ jobs: ? `${createCount} added, ${updateCount} changed, ${deleteCount} destroyed` : `${createCount} to add, ${updateCount} to change, ${deleteCount} to destroy` ) + await fs.writeFile("terraform/title.txt", title) const codefence = "```" const summary = ` @@ -127,13 +126,30 @@ jobs: head_sha: sha, status: 'completed', conclusion: noChanges ? 'neutral' : 'success', - name: context.eventName === 'push' ? "Apply" : "Plan", + name: `${context.eventName === 'push' ? "Apply" : "Plan"} (${{ matrix.domain }})`, output: { title, summary, }, }); + - name: Upload summary + uses: actions/upload-artifact@v4 + with: + name: tf-summary-${{ matrix.domain }} + path: | + terraform/summary.txt + terraform/title.txt + summary: + name: Summary + runs-on: ubuntu-22.04 + needs: run + steps: + - name: Download outputs from workspaces + uses: actions/download-artifact@v4 + with: + path: outputs + pattern: tf-summary-* - name: Show plan on PR uses: actions/github-script@v7 if: ${{ github.event_name == 'pull_request' }} @@ -181,14 +197,28 @@ jobs: } const fs = require('fs').promises - const plan = await fs.readFile('terraform/summary.txt', 'utf-8') - const codefence = "```" - const body = ` - 🏗️ Terraform Plan - ${codefence} - ${plan.trim("\n")} - ${codefence}` + const summaries = await fs.readdir('outputs'); + let body = "#### :building_construction: Terraform Plan"; + + for (const dir of summaries) { + const plan = await fs.readFile(`outputs/${dir}/summary.txt`, 'utf-8') + const title = await fs.readFile(`outputs/${dir}/title.txt`, 'utf-8') + + const domain = dir.slice("tf-summary-".length) + + const codefence = "```" + body += ` +
+ + ${domain} - ${title} + + ${codefence} + ${plan.trim("\n")} + ${codefence} + +
` + } github.rest.issues.createComment({ issue_number: context.issue.number, diff --git a/renovate.json b/renovate.json index 5db72dd..0d4ac62 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,7 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:recommended" + "config:recommended", + "regexManagers:githubActionsVersions" ] -} +} \ No newline at end of file diff --git a/terraform/backend.tf b/terraform/backend.tf index 2b5a329..a16be13 100644 --- a/terraform/backend.tf +++ b/terraform/backend.tf @@ -1,11 +1,8 @@ terraform { backend "http" { - # see https://tfstate.dev/ for instructions - address = "https://api.tfstate.dev/github/v1" - lock_address = "https://api.tfstate.dev/github/v1/lock" - unlock_address = "https://api.tfstate.dev/github/v1/lock" - lock_method = "PUT" - unlock_method = "DELETE" - username = "ffddorf/supernodes-v2@dev" + address = "https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/dev" + lock_address = "https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/dev" + unlock_address = "https://ffddorf-terraform-backend.fly.dev/state/supernodes-v2/dev" + username = "github_pat" } } diff --git a/terraform/modules/supernode/provider.tf b/terraform/modules/supernode/provider.tf index 69e7f44..03c25d0 100644 --- a/terraform/modules/supernode/provider.tf +++ b/terraform/modules/supernode/provider.tf @@ -5,7 +5,7 @@ terraform { } proxmox = { source = "Telmate/proxmox" - version = "~> 3.0.1" + version = "~> 3.0.0" } iphelpers = { source = "ffddorf/iphelpers"