From c2ab77473a5026a1c3f696935fb58a6498ccfd23 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 4 Mar 2024 16:40:18 -0700 Subject: [PATCH 1/4] gate branch deploy --- .github/workflows/branch-deploy.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 9f2c075..4b8c48d 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -17,6 +17,14 @@ permissions: jobs: branch-deploy: name: branch-deploy + if: # only run on pull request comments and very specific comment body string as defined in our branch-deploy settings + ${{ github.event.issue.pull_request && + (startsWith(github.event.comment.body, '.deploy') || + startsWith(github.event.comment.body, '.noop') || + startsWith(github.event.comment.body, '.lock') || + startsWith(github.event.comment.body, '.help') || + startsWith(github.event.comment.body, '.wcid') || + startsWith(github.event.comment.body, '.unlock')) }} runs-on: ubuntu-latest environment: secrets defaults: From 54764bc5882f5126b9850c34f898d0efe6095381 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 4 Mar 2024 18:02:25 -0700 Subject: [PATCH 2/4] use a custom deployment message --- .github/deployment_message.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/deployment_message.md diff --git a/.github/deployment_message.md b/.github/deployment_message.md new file mode 100644 index 0000000..9bb56ef --- /dev/null +++ b/.github/deployment_message.md @@ -0,0 +1,9 @@ +### Deployment Results {{ ":white_check_mark:" if status === "success" else ":x:" }} + +{% if status === "success" %} **{{ actor }}** successfully **{{ "noop" if noop else "branch" }}** deployed branch `{{ ref }}` to **{{ environment }}**{% endif %} +{% if status === "failure" %} **{{ actor }}** your **{{ "noop" if noop else "branch" }}** deployment of `{{ ref }}` failed to deploy to the **{{ environment }}** environment{% endif %} +{% if status === "unknown" %} **{{ actor }}** your **{{ "noop" if noop else "branch" }}** deployment of `{{ ref }}` is in an unknown state when trying to deploy to the **{{ environment }}** environment.{% endif %} + +```terraform +<%= results %> +``` From a078d8576a4013f4cf421c0daff3963eee4929b4 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 4 Mar 2024 18:14:08 -0700 Subject: [PATCH 3/4] use terratrash for formatting --- .github/workflows/branch-deploy.yml | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 4b8c48d..51d719b 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -62,36 +62,24 @@ jobs: env: TF_VAR_CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} id: plan - run: terraform plan -no-color continue-on-error: true + run: | + set -o pipefail + terraform plan -no-color -compact-warnings | tee terraform-output.txt - name: Terraform apply if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }} env: TF_VAR_CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} id: apply - run: terraform apply -no-color -auto-approve continue-on-error: true - - - name: Terraform plan output - if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }} - env: - TF_STDOUT: ${{ steps.plan.outputs.stdout }} run: | - TF_OUTPUT="\`\`\`terraform\n${TF_STDOUT}\n\`\`\`" - echo 'DEPLOY_MESSAGE<> $GITHUB_ENV - echo "$TF_OUTPUT" >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV + set -o pipefail + terraform apply -no-color -auto-approve -compact-warnings | tee terraform-output.txt - - name: Terraform apply output - if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }} - env: - TF_STDOUT: ${{ steps.apply.outputs.stdout }} - run: | - TF_OUTPUT="\`\`\`terraform\n${TF_STDOUT}\n\`\`\`" - echo 'DEPLOY_MESSAGE<> $GITHUB_ENV - echo "$TF_OUTPUT" >> $GITHUB_ENV - echo 'EOF' >> $GITHUB_ENV + - name: terratrash + if: ${{ steps.branch-deploy.outputs.continue == 'true' }} + uses: GrantBirki/terratrash-action@v0.0.1 - name: Check Terraform plan output if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' && steps.plan.outcome == 'failure' }} From eed819c7bbb33bb3437f363d966167f6aa7eb364 Mon Sep 17 00:00:00 2001 From: GrantBirki Date: Mon, 4 Mar 2024 18:17:36 -0700 Subject: [PATCH 4/4] Add terratrash action and update erb_render_template path --- .github/workflows/branch-deploy.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 51d719b..28b718b 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -80,6 +80,10 @@ jobs: - name: terratrash if: ${{ steps.branch-deploy.outputs.continue == 'true' }} uses: GrantBirki/terratrash-action@v0.0.1 + with: + input_file_path: terraform/terraform-output.txt + erb_render_template: ./github/deployment_message.md + erb_render_save_path: ./github/deployment_message.md - name: Check Terraform plan output if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' && steps.plan.outcome == 'failure' }}