Skip to content

Commit

Permalink
feat: use workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@soerenmartius
soerenmartius committed Nov 12, 2024
1 parent a90282e commit 96c3228
Show file tree
Hide file tree
Showing 5 changed files with 119 additions and 175 deletions.
72 changes: 11 additions & 61 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,90 +65,40 @@ jobs:
- name: Run Terraform init in all changed stacks
if: steps.list-changed.outputs.stdout
run: |
terramate run \
terramate script run \
--parallel 1 \
--changed \
-- \
terraform init
# terramate script run \
# --parallel 1 \
# --changed \
# init
#
init
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Create Terraform plan on changed stacks
if: steps.list-changed.outputs.stdout
run: |
terramate run \
--changed \
-- \
terraform plan -lock-timeout=5m -out out.tfplan
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Apply planned changes on changed stacks
- name: Run Terraform apply in all changed stacks
id: deploy
if: steps.list-changed.outputs.stdout
run: |
terramate run \
--enable-sharing \
--mock-on-fail \
terramate script run \
--parallel 5 \
--changed \
--sync-deployment \
--terraform-plan-file=out.tfplan \
-- \
terraform apply -input=false -auto-approve -lock-timeout=5m out.tfplan
deploy
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# - name: Run Terraform apply in all changed stacks
# id: deploy
# if: steps.list-changed.outputs.stdout
# run: |
# terramate script run \
# --enable-sharing \
# --mock-on-fail \
# --parallel 5 \
# --changed \
# deploy
# env:
# GITHUB_TOKEN: ${{ github.token }}
# ARM_USE_OIDC: true
# ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
# ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
# ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Run drift detection in all deployed stacks
if: steps.list-changed.outputs.stdout && ! cancelled() && steps.deploy.outcome != 'skipped'
run: |
terramate run \
--enable-sharing \
--mock-on-fail \
terramate script run \
--parallel 5 \
--changed \
--sync-drift-status \
--terraform-plan-file=drift.tfplan \
-- \
terraform plan -out drift.tfplan -detailed-exitcode
# terramate script run \
# --enable-sharing \
# --mock-on-fail \
# --parallel 5 \
# --changed \
# drift detect
drift detect
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
Expand Down
60 changes: 23 additions & 37 deletions .github/workflows/drift-detection.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,9 @@ jobs:

- name: Run Terraform init in all stacks
run: |
terramate run -- terraform init
# terramate script run \
# --parallel 1 \
# init
terramate script run \
--parallel 1 \
init
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
Expand All @@ -74,44 +73,31 @@ jobs:
- name: Run drift detection
id: drift-detect
run: |
terramate run \
--enable-sharing \
--mock-on-fail \
--sync-drift-status \
--terraform-plan-file=drift.tfplan \
--continue-on-error \
terramate script run \
--parallel 5 \
--continue-on-error \
-- \
drift detect
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Run drift reconciliation
id: drift-reconcile
run: |
terramate script run \
--tags reconcile \
--status=drifted \
--parallel 5 \
--continue-on-error \
-- \
terraform plan -out drift.tfplan -detailed-exitcode -lock=false
# terramate script run \
# --enable-sharing \
# --mock-on-fail \
# --parallel 5 \
# --continue-on-error \
# -- \
# drift detect
drift reconcile
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

# - name: Run drift reconciliation
# id: drift-reconcile
# run: |
# terramate script run \
# --enable-sharing \
# --mock-on-fail \
# --tags reconcile \
# --status=drifted \
# --parallel 5 \
# --continue-on-error \
# -- \
# drift reconcile
# env:
# GITHUB_TOKEN: ${{ github.token }}
# ARM_USE_OIDC: true
# ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
# ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
# ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
57 changes: 22 additions & 35 deletions .github/workflows/preview.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,29 +56,28 @@ jobs:

### Configure cloud credentials

- name: 'configure azure credentials'
if: steps.list-changed.outputs.stdout
uses: azure/login@v2
with:
client-id: ${{ secrets.azure_client_id }}
tenant-id: ${{ secrets.azure_tenant_id }}
subscription-id: ${{ secrets.azure_subscription_id }}

- name: verify azure credentials
if: steps.list-changed.outputs.stdout
run: |
az account show
# - name: 'configure azure credentials'
# if: steps.list-changed.outputs.stdout
# uses: azure/login@v2
# with:
# client-id: ${{ secrets.azure_client_id }}
# tenant-id: ${{ secrets.azure_tenant_id }}
# subscription-id: ${{ secrets.azure_subscription_id }}

# - name: verify azure credentials
# if: steps.list-changed.outputs.stdout
# run: |
# az account show

### Run the Terraform preview via Terramate in each changed stack

- name: Run Terraform init in all changed stacks
if: steps.list-changed.outputs.stdout
run: |
terramate run -- terraform init
# terramate script run \
# --changed \
# --parallel 1 \
# init
terramate script run \
--changed \
--parallel 1 \
init
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
Expand All @@ -89,24 +88,12 @@ jobs:
- name: Plan Terraform changes in changed stacks
if: steps.list-changed.outputs.stdout
run: |
terramate run \
--enable-sharing \
--mock-on-fail \
--parallel 5 \
--changed \
--sync-preview \
--terraform-plan-file=out.tfplan \
--continue-on-error \
-- \
terraform plan -out out.tfplan -detailed-exitcode -lock=false
# terramate script run \
# --enable-sharing \
# --mock-on-fail \
# --changed \
# --parallel 5 \
# --continue-on-error \
# -- \
# preview
terramate script run \
--changed \
--parallel 5 \
--continue-on-error \
-- \
preview
env:
GITHUB_TOKEN: ${{ github.token }}
ARM_USE_OIDC: true
Expand Down
52 changes: 31 additions & 21 deletions 01_example_outputs/workflows.tm.hcl
View file
Original file line number Diff line number Diff line change
@@ -1,83 +1,93 @@
script "init" {
name = "Terraform Init"
name = "OpenTofu Init"
description = "Download the required provider plugins and modules and set up the backend"

job {
commands = [
["terraform", "init", "-lock-timeout=5m"],
["tofu", "init", "-lock-timeout=5m"],
]
}
}

script "preview" {
name = "Terraform Deployment Preview"
description = "Create a preview of Terraform changes and synchronize it to Terramate Cloud"
name = "OpenTofu Deployment Preview"
description = "Create a preview of OpenTofu changes and synchronize it to Terramate Cloud"

job {
commands = [
["terraform", "validate"],
["terraform", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
["tofu", "validate"],
["tofu", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
sync_preview = true
tofu_plan_file = "out.tfplan"
mock_on_fail = true,
enable_sharing = true,
}],
]
}
}

script "deploy" {
name = "Terraform Deployment"
description = "Run a full Terraform deployment cycle and synchronize the result to Terramate Cloud"
name = "OpenTofu Deployment"
description = "Run a full OpenTofu deployment cycle and synchronize the result to Terramate Cloud"

job {
commands = [
["terraform", "validate"],
["terraform", "plan", "-out", "out.tfplan", "-lock=false"],
["terraform", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "out.tfplan", {
["tofu", "validate"],
["tofu", "plan", "-out", "out.tfplan", "-lock=false", {
mock_on_fail = true,
enable_sharing = true,
}],
["tofu", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "out.tfplan", {
sync_deployment = true
tofu_plan_file = "out.tfplan"
mock_on_fail = true,
enable_sharing = true,
}],
]
}
}

script "drift" "detect" {
name = "Terraform Drift Check"
description = "Detect drifts in Terraform configuration and synchronize it to Terramate Cloud"
name = "OpenTofu Drift Check"
description = "Detect drifts in OpenTofu configuration and synchronize it to Terramate Cloud"

job {
commands = [
["terraform", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
["tofu", "plan", "-out", "out.tfplan", "-detailed-exitcode", "-lock=false", {
sync_drift_status = true
tofu_plan_file = "out.tfplan"
mock_on_fail = true,
enable_sharing = true,
}],
]
}
}

script "drift" "reconcile" {
name = "Terraform Drift Reconciliation"
name = "OpenTofu Drift Reconciliation"
description = "Reconcile drifts in all changed stacks"

job {
commands = [
["terraform", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "drift.tfplan", {
["tofu", "apply", "-input=false", "-auto-approve", "-lock-timeout=5m", "drift.tfplan", {
sync_deployment = true
tofu_plan_file = "drift.tfplan"
mock_on_fail = true,
enable_sharing = true,
}],

]
}
}

script "terraform" "render" {
name = "Terraform Show Plan"
description = "Render an Terraform plan"
script "tofu" "render" {
name = "OpenTofu Show Plan"
description = "Render an OpenTofu plan"

job {
commands = [
["echo", "Stack: `${terramate.stack.path.absolute}`"],
["echo", "```terraform"],
["terraform", "show", "-no-color", "out.tfplan"],
["tofu", "show", "-no-color", "out.tfplan"],
["echo", "```"],
]
}
Expand Down
Loading

0 comments on commit 96c3228

Please sign in to comment.