Skip to content

upgrade-terraform

upgrade-terraform #65

name: upgrade-terraform
on:
schedule:
- cron: 32 21 * * 0
workflow_dispatch: {}
concurrency: ${{ github.workflow }}-${{ github.ref }}
jobs:
upgrade:
name: Upgrade Terraform
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Install
run: yarn install
- name: Get current Terraform version
id: current_version
run: |-
CURRENT_VERSION=$(npm pkg get terraform.version | tr -d '"')
CURRENT_VERSION_MINOR=$(cut -d "." -f 2 <<< "$CURRENT_VERSION")
echo "value=$CURRENT_VERSION" >> $GITHUB_OUTPUT
echo "minor=$CURRENT_VERSION_MINOR" >> $GITHUB_OUTPUT
- name: Get latest Terraform version
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |-
const script = require('./scripts/check-terraform-version.js')
await script({github, context, core})
- name: Parse latest Terraform version into variables
id: latest_version
run: |-
TERRAFORM_VERSION_MINOR=$(cut -d "." -f 2 <<< "$NEW_TERRAFORM_VERSION")
echo "NEW_TERRAFORM_VERSION_MINOR=$TERRAFORM_VERSION_MINOR" >> $GITHUB_ENV
echo "value=$NEW_TERRAFORM_VERSION" >> $GITHUB_OUTPUT
echo "minor=$TERRAFORM_VERSION_MINOR" >> $GITHUB_OUTPUT
- name: Update the Terraform version used in GitHub Actions workflows
run: |-
find ./.github/workflows -type f -name "*.yml" ! -path "./.github/workflows/upgrade-terraform.yml" -print0 | xargs -0 sed -i "s/terraform_version: .*/terraform_version: $NEW_TERRAFORM_VERSION/g"
- name: Save the new version in package.json
run: npm pkg set terraform.version="$NEW_TERRAFORM_VERSION"
- name: Create pull request for a new patch release
if: steps.current_version.outputs.minor == steps.latest_version.outputs.minor
uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2
with:
base: main
branch: auto/upgrade-terraform-1-${{ steps.latest_version.outputs.minor }}
commit-message: "chore: upgrade Terraform to ${{ steps.latest_version.outputs.value }}"
title: "chore: upgrade Terraform to ${{ steps.latest_version.outputs.value }}"
body: |-
This PR upgrades the version of Terraform used by this project's `diff` and `deploy` workflows to `${{ steps.latest_version.outputs.value }}`.
labels: auto-approve,automerge,dependencies
token: ${{ secrets.GH_TOKEN_ACTIONS_UPDATER }}
author: team-tf-cdk <[email protected]>
committer: team-tf-cdk <[email protected]>
signoff: true
delete-branch: true
- name: Create pull request for a new minor version
if: steps.current_version.outputs.minor != steps.latest_version.outputs.minor
uses: peter-evans/create-pull-request@d121e62763d8cc35b5fb1710e887d6e69a52d3a4 # v7.0.2
with:
base: main
branch: auto/upgrade-terraform-1-${{ steps.latest_version.outputs.minor }}
commit-message: "chore: upgrade Terraform to ${{ steps.latest_version.outputs.value }}"
title: "chore: upgrade Terraform to ${{ steps.latest_version.outputs.value }}"
body: |-
This PR initiates the upgrade of the version of Terraform used by this project's `diff` and `deploy` workflows to `${{ steps.latest_version.outputs.value }}`.
Unfortunately, not everything can be automated, and the following steps need to be completed manually:
- Set the _Terraform Version_ to `~>${{ steps.latest_version.outputs.value }} latest` in the TFC web UI in the following workspaces:
- [ ] [custom-constructs](https://app.terraform.io/app/cdktf-team/workspaces/custom-constructs/settings/general)
- [ ] [prebuilt-providers](https://app.terraform.io/app/cdktf-team/workspaces/prebuilt-providers/settings/general)
- [ ] [prebuilt-providers-official-new](https://app.terraform.io/app/cdktf-team/workspaces/prebuilt-providers-official-new/settings/general)
- [ ] [prebuilt-providers-partners](https://app.terraform.io/app/cdktf-team/workspaces/prebuilt-providers-partners/settings/general)
- Rerun the checks and carefully inspect the diff output before merging this PR.
labels: automated,dependencies
token: ${{ secrets.GH_TOKEN_ACTIONS_UPDATER }}
author: team-tf-cdk <[email protected]>
committer: team-tf-cdk <[email protected]>
signoff: true
delete-branch: true
draft: true