Skip to content

State Sync 🔄

State Sync 🔄 #206

Workflow file for this run

name: branch-deploy
on:
issue_comment:
types: [ created ]
env:
WORKING_DIR: terraform/
# Permissions needed for reacting and adding comments for IssueOps commands
permissions:
pull-requests: write
deployments: write
contents: write
checks: read
jobs:
branch-deploy:
name: branch-deploy
if: # only run on pull request comments and very specific comment body string as defined in our branch-deploy settings
${{ github.event.issue.pull_request &&
(startsWith(github.event.comment.body, '.deploy') ||
startsWith(github.event.comment.body, '.noop') ||
startsWith(github.event.comment.body, '.lock') ||
startsWith(github.event.comment.body, '.help') ||
startsWith(github.event.comment.body, '.wcid') ||
startsWith(github.event.comment.body, '.unlock')) }}
runs-on: ubuntu-latest
environment: secrets
defaults:
run:
working-directory: ${{ env.WORKING_DIR }}
steps:
- name: branch-deploy
id: branch-deploy
uses: github/branch-deploy@v9
with:
admins: the-hideout/core-contributors
admins_pat: ${{ secrets.BRANCH_DEPLOY_ADMINS_PAT }}
environment_targets: production
sticky_locks: "true"
- name: checkout
if: steps.branch-deploy.outputs.continue == 'true'
uses: actions/checkout@v4
with:
ref: ${{ steps.branch-deploy.outputs.ref }}
- uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # [email protected]
if: steps.branch-deploy.outputs.continue == 'true'
with:
terraform_version: 1.1.7
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform init
if: steps.branch-deploy.outputs.continue == 'true'
run: terraform init
- name: Terraform plan
if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }}
env:
TF_VAR_CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
id: plan
continue-on-error: true
run: |
set -o pipefail
terraform plan -no-color -compact-warnings | tee terraform-output.txt
- name: Terraform apply
if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }}
env:
TF_VAR_CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
id: apply
continue-on-error: true
run: |
set -o pipefail
terraform apply -no-color -auto-approve -compact-warnings | tee terraform-output.txt
- name: terratrash
if: ${{ steps.branch-deploy.outputs.continue == 'true' }}
uses: GrantBirki/[email protected]
with:
input_file_path: terraform/terraform-output.txt
erb_render_template: .github/deployment_message.md
erb_render_save_path: .github/deployment_message.md
- name: Check Terraform plan output
if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' && steps.plan.outcome == 'failure' }}
run: exit 1
- name: Check Terraform apply output
if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' && steps.apply.outcome == 'failure' }}
run: exit 1