name: 'Terraform GitHub Actions' on: - pull_request env: tf_version: 'latest' tf_working_dir: '.' GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} jobs: terraform: environment: main name: 'Terraform' runs-on: ubuntu-latest # These permissions are needed to interact with GitHub's OIDC Token endpoint. permissions: id-token: write contents: read steps: - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v1 with: aws-region: ap-southeast-2 role-to-assume: arn:aws:iam::143841941773:role/github role-session-name: Terraform - uses: hashicorp/setup-terraform@v1 - name: 'Checkout' uses: actions/checkout@master - name: Terraform fmt id: fmt run: terraform fmt continue-on-error: true - uses: EndBug/add-and-commit@v7 with: message: Terraform fmt [skip ci] committer_name: GitHub Actions committer_email: actions@github.com - name: Terraform Init id: init run: terraform init - name: Terraform Validate id: validate run: terraform validate -no-color - name: Terraform Plan id: plan run: terraform plan -no-color -out prod.plan continue-on-error: true - uses: actions/github-script@0.9.0 if: github.event_name == 'pull_request' env: PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` #### Terraform Validation 🤖\`${{ steps.validate.outputs.stdout }}\` #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
Show Plan \`\`\`\n ${process.env.PLAN} \`\`\`
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; github.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: output })