chore: fix name #102
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Pipeline' | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
workflow_dispatch: | |
permissions: | |
contents: read | |
jobs: | |
checks: | |
name: 'Checks' | |
if: ${{ github.event_name == 'pull_request'}} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- uses: extractions/setup-just@v1 | |
name: Setup just | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
- name: 'Pre-commit' | |
uses: ./.github/workflows/templates/checks | |
terraform_plan: | |
name: 'Terraform Plan' | |
runs-on: ubuntu-latest | |
environment: production | |
needs: checks | |
if: always() && (needs.checks.result == 'success' || needs.checks.result == 'skipped') | |
defaults: | |
run: | |
shell: bash | |
working-directory: . | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
- uses: extractions/setup-just@v1 | |
name: Setup just | |
- name: Terraform Init | |
run: terraform -chdir=infra init -backend-config ./vars/prd/prd-backend-config.tfvars | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
- name: Terraform Plan | |
run: terraform -chdir=infra plan -input=false -out=main.tfplan -var-file="./vars/prd/prd.tfvars" | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
- name: Upload Terraform Plan | |
uses: actions/upload-artifact@v3 | |
with: | |
name: terraform-plan | |
path: infra/main.tfplan | |
terraform_apply: | |
name: 'Terraform Apply' | |
runs-on: ubuntu-latest | |
permissions: write-all | |
environment: production | |
needs: terraform_plan | |
if: always() && (needs.terraform_plan.result == 'success' && github.ref == 'refs/heads/main' && github.event_name != 'pull_request') | |
defaults: | |
run: | |
shell: bash | |
working-directory: . | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
- name: Terraform Init | |
run: terraform -chdir=infra init -backend-config ./vars/prd/prd-backend-config.tfvars | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
- name: Download Terraform Plan | |
uses: actions/download-artifact@v3 | |
with: # NB: downloaded to main directory | |
name: terraform-plan | |
path: infra | |
# - uses: trstringer/manual-approval@v1 | |
# name: 'Manual Approval' | |
# with: | |
# secret: ${{ github.TOKEN }} | |
# approvers: JasperHG90 | |
# minimum-approvals: 1 | |
# issue-title: "Terraform apply approval" | |
# issue-body: "Please approve or deny the deployment" | |
# exclude-workflow-initiator-as-approver: false | |
- name: Terraform Apply | |
run: terraform -chdir=infra apply -auto-approve -input=false main.tfplan | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} |