From fa60426742e65e1dea47f0ea3a4f6cfa460328d8 Mon Sep 17 00:00:00 2001 From: stephen lewis Date: Wed, 11 Sep 2024 12:59:23 -0400 Subject: [PATCH] Add Terraform validation workflow with org-wide PAT --- .github/workflows/org-terraform-validate.yml | 22 ++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/workflows/org-terraform-validate.yml b/.github/workflows/org-terraform-validate.yml index dbedc53..d559532 100644 --- a/.github/workflows/org-terraform-validate.yml +++ b/.github/workflows/org-terraform-validate.yml @@ -1,6 +1,13 @@ name: Terraform Validate + on: - workflow_call: + push: + branches: + - '**' + pull_request: + branches: + - '**' + workflow_dispatch: inputs: terraform_version: description: 'The version of Terraform to use' @@ -19,8 +26,14 @@ jobs: - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: - terraform_version: ${{ inputs.terraform_version }} + terraform_version: ${{ inputs.terraform_version || '1.5.0' }} + - name: Configure Git for private modules + env: + GH_TOKEN: ${{ secrets.ORG_GITHUB_PAT }} + run: | + git config --global url."https://${GH_TOKEN}@github.com/".insteadOf "https://github.com/" + - name: Initialise with no backend run: terraform init -backend=false @@ -31,11 +44,12 @@ jobs: OUTPUT=$(terraform validate) CLEAN_OUTPUT=$(echo "$OUTPUT" | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g") echo "$CLEAN_OUTPUT" - echo "::set-output name=result::$CLEAN_OUTPUT" + echo "result=$CLEAN_OUTPUT" >> $GITHUB_OUTPUT set -e continue-on-error: true - name: Create comment + if: github.event_name == 'pull_request' uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -47,4 +61,4 @@ jobs: repo: context.repo.repo, issue_number: issue_number, body: `Terraform validation output:\n\`\`\`\n${result}\n\`\`\`` - }); + }); \ No newline at end of file