From b4d0dbd70709b954bd2cb95f139e47b2ac90ae85 Mon Sep 17 00:00:00 2001 From: Nara Kasbergen Kwon <855115+xiehan@users.noreply.github.com> Date: Wed, 20 Dec 2023 10:49:42 +0100 Subject: [PATCH] chore(ci): replace mergify with automerge workflow (#241) This also makes sure the required status checks (the diff jobs) actually fail if there is an error while running `terraform plan`. --- .github/workflows/automerge.yml | 24 ++++++++++++++++++++++++ .github/workflows/diff-cdktf-stacks.yml | 15 ++++++++++++--- 2 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/automerge.yml diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml new file mode 100644 index 0000000..3247165 --- /dev/null +++ b/.github/workflows/automerge.yml @@ -0,0 +1,24 @@ +name: automerge +on: + pull_request_target: + types: + - opened + - labeled + - ready_for_review + - reopened + - synchronize +concurrency: ${{ github.workflow }}-${{ github.head_ref }} +jobs: + automerge: + runs-on: ubuntu-latest + permissions: + contents: read + if: contains(github.event.pull_request.labels.*.name, 'automerge') && !contains(github.event.pull_request.labels.*.name, 'do-not-merge') && github.event.pull_request.draft == false + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Turn on automerge for this PR by a trusted user or bot + if: github.event.pull_request.user.login == 'team-tf-cdk' || contains(fromJSON('["OWNER", "MEMBER", "COLLABORATOR"]'), github.event.pull_request.author_association) || github.actor == 'dependabot[bot]' + env: + GH_TOKEN: ${{ secrets.GH_COMMENT_TOKEN }} + run: gh pr merge --auto --squash ${{ github.event.pull_request.number }} diff --git a/.github/workflows/diff-cdktf-stacks.yml b/.github/workflows/diff-cdktf-stacks.yml index 9f257d9..42f5690 100644 --- a/.github/workflows/diff-cdktf-stacks.yml +++ b/.github/workflows/diff-cdktf-stacks.yml @@ -28,11 +28,13 @@ jobs: cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }} terraform_wrapper: false - - uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + - name: Setup Node.js + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 with: node-version: "18" - - run: yarn install + - name: Install + run: yarn install - name: Synth run: "$(yarn bin)/cdktf synth" - name: Plan @@ -45,8 +47,9 @@ jobs: terraform plan -no-color | tee ../../../plan_stdout_${{ matrix.stack }}.txt; echo $? set +o pipefail continue-on-error: true - - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + - name: Comment the plan output on the PR if: contains(github.event_name, 'pull_request') # pull_request or pull_request_target + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GH_COMMENT_TOKEN }} script: | @@ -62,3 +65,9 @@ jobs: workflowName: "${{github.workflow}}", stackName: "${{matrix.stack}}" }) + - name: Fail this check if the plan was not successful + if: ${{ steps.plan.outcome != "success" }} + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + script: | + core.setFailed('Terraform plan was not successful')