Update main.tf (#277) #587
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: plan-examples | |
on: | |
# this will allow to run test on main and not modify the status badge when opening a PR | |
push: | |
workflow_dispatch: | |
concurrency: | |
group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}" | |
cancel-in-progress: true | |
jobs: | |
getExampleDirectories: | |
name: Get example directories | |
runs-on: ubuntu-latest | |
# Do not remove environment setup without considering changes to pull_request_target and checkout of PR, as it may lead to checks running automatically against malicious code in PRs. | |
environment: Observability Test | |
# Skip running on forks since it won't have access to secrets | |
if: github.repository == 'aws-observability/terraform-aws-observability-accelerator' | |
outputs: | |
directories: ${{ steps.dirs.outputs.directories }} | |
steps: | |
# Be careful not to change this to explicit checkout from PR ref/code, as below we run a python code that may change from the PR code. | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Get Terraform directories for evaluation | |
id: dirs | |
run: | | |
DIRS=$(python3 .github/workflows/plan-examples.py) | |
echo "directories=$DIRS" >> $GITHUB_OUTPUT | |
plan: | |
name: Plan examples | |
needs: getExampleDirectories | |
runs-on: ubuntu-latest | |
# Skip running on forks since it won't have access to secrets | |
if: github.repository == 'aws-observability/terraform-aws-observability-accelerator' | |
# These permissions are needed to interact with GitHub's OIDC Token endpoint. | |
permissions: | |
id-token: write | |
contents: read | |
strategy: | |
fail-fast: false | |
matrix: | |
directory: ${{ fromJson(needs.getExampleDirectories.outputs.directories) }} | |
steps: | |
- name: Remove default Terraform | |
run: rm -rf $(which terraform) | |
- name: checkout-merge | |
if: "contains(github.event_name, 'pull_request')" | |
uses: actions/checkout@v3 | |
with: | |
ref: refs/pull/${{github.event.pull_request.number}}/merge | |
- name: checkout | |
if: "!contains(github.event_name, 'pull_request')" | |
uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@v2 | |
id: changes | |
with: | |
# Need to check not only the example directory | |
# but also the supporting module(s) code | |
# for plans (not for pre-commit) | |
filters: | | |
src: | |
- '${{ matrix.directory }}/**/*.(tf|yml|yaml)' | |
- 'modules/**/*.(tf|yml|yaml)' | |
- '*.tf' | |
- name: Configure AWS credentials from Test account | |
uses: aws-actions/configure-aws-credentials@v2 | |
if: steps.changes.outputs.src== 'true' | |
with: | |
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }} | |
aws-region: us-west-2 | |
role-duration-seconds: 3600 | |
role-session-name: GithubActions-Session | |
- name: Terraform plan from CodeBuild | |
if: steps.changes.outputs.src== 'true' | |
uses: aws-actions/aws-codebuild-run-build@v1 | |
env: | |
TF_VAR_aws_region: us-west-2 | |
TF_VAR_managed_grafana_workspace_id: ${{ secrets.GRAFANA_WORKSPACE_ID }} | |
TF_VAR_eks_cluster_id: e2e-tests | |
TF_VAR_eks_cluster_1_id: e2e-tests | |
TF_VAR_eks_cluster_2_id: e2e-tests | |
TF_VAR_managed_prometheus_workspace_ids: ${{ secrets.PROMETHEUS_WORKSPACE_ID }} | |
with: | |
project-name: terraform-plan | |
disable-source-override: false | |
env-vars-for-codebuild: | | |
TF_VAR_aws_region, | |
TF_VAR_managed_grafana_workspace_id, | |
TF_VAR_eks_cluster_id, | |
TF_VAR_managed_prometheus_workspace_ids, | |
TF_VAR_eks_cluster_1_id, | |
TF_VAR_eks_cluster_2_id | |
buildspec-override: | | |
version: 0.2 | |
phases: | |
build: | |
commands: | |
- export TF_VAR_grafana_api_key="fakeapikey" | |
- curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - | |
- sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | |
- sudo apt-get update && sudo apt-get install terraform | |
- terraform -version | |
- aws --version | |
- cd ${{ matrix.directory }} | |
- sed -i 's/#//' versions.tf | |
- terraform init | |
- terraform plan |