chore(deps): update dependency aquaproj/aqua-registry to v4.245.1 (te… #1255

Workflow file for this run

	---
	name: apply
	on:
	push:
	branches: [main]
	env:
	TFACTION_IS_APPLY: 'true'
	jobs:
	setup:
	timeout-minutes: 30
	runs-on: ubuntu-latest
	permissions:
	contents: read # For checkout a private repository
	pull-requests: write # For ci-info and github-comment
	outputs:
	targets: ${{ steps.list-targets.outputs.targets }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
	with:
	aqua_version: v2.36.2

	- uses: suzuki-shunsuke/tfaction/list-targets@50688bc5e4bf266c7db4b841d348eaff199bff95 # v1.11.1
	id: list-targets

	apply:
	timeout-minutes: 30
	name: "apply (${{matrix.target.target}})"
	runs-on: ${{matrix.target.runs_on}}
	needs: setup
	# if services is empty, the build job is skipped
	if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
	strategy:
	fail-fast: false
	matrix:
	target: ${{fromJSON(needs.setup.outputs.targets)}}
	env:
	TFACTION_TARGET: ${{matrix.target.target}}
	TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
	permissions:
	id-token: write # For OIDC
	contents: read # To checkout a private repository
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Generate token for aqua-installer
	id: aqua_installer_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# If you use private registries, contents:read is required
	permissions: >-
	{}
	# If you use private registries, please add private repositories
	repositories: >-
	[]

	- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
	with:
	aqua_version: v2.36.2
	env:
	AQUA_GITHUB_TOKEN: ${{ steps.aqua_installer_token.outputs.token }}

	# - uses: suzuki-shunsuke/tfaction/export-secrets@53097591cf15d9eefd7ee9af0511c536e71e9a67 # v1.7.0
	# with:
	# # If this action doesn't export secrets as you expect, please check if secrets are passed to this action properly.
	# # If you use reusable workflows, maybe secrets aren't passed to the reusable workflow.
	# # If so, please pass secrets properly.
	# #
	# # - https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow
	# # - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecrets
	# secrets: ${{ toJSON(secrets) }}

	- name: Generate token to download private Terraform Modules
	id: gh_setup_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# If you use private registries, contents:read is required
	permissions: >-
	{
	"contents": "read"
	}
	# private repositories hosting private modules
	repositories: >-
	[]

	# This is required to download private modules in `terraform init`
	- run: gh auth setup-git
	env:
	GITHUB_TOKEN: ${{ steps.gh_setup_token.outputs.token }}

	- name: Generate token to update drift issues
	id: drift_issue_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# issues:write - Create and update drift issues
	permissions: >-
	{
	"issues": "write"
	}
	# GitHub Repository where Drift Detection issues are hosted
	# https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
	repositories: >-
	[
	"tfaction-example"
	]

	- run: tfaction get-or-create-drift-issue
	shell: bash
	env:
	GITHUB_TOKEN: ${{ steps.drift_issue_token.outputs.token }}

	- name: Generate token for setup
	id: setup_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# pull_requests:write - Post comments
	# issues:write - Update drift issues
	permissions: >-
	{
	"pull_requests": "write",
	"issues": "write"
	}
	repositories: >-
	[
	"${{github.event.repository.name}}",
	"tfaction-example"
	]

	- uses: suzuki-shunsuke/tfaction/setup@50688bc5e4bf266c7db4b841d348eaff199bff95 # v1.11.1
	with:
	github_token: ${{ steps.setup_token.outputs.token }}
	ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules
	env:
	TF_TOKEN_app_terraform_io: ${{secrets.TFE_TOKEN}}

	- name: Generate token for apply
	id: apply_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# pull_requests:write - Post comments
	# actions:read - Download plan files
	# issues:write - Update drift issues
	# contents:write - Update related pull requests
	permissions: >-
	{
	"pull_requests": "write",
	"actions": "read",
	"contents": "write",
	"issues": "write"
	}
	repositories: >-
	[
	"${{github.event.repository.name}}",
	"tfaction-example"
	]

	- uses: suzuki-shunsuke/tfaction/apply@50688bc5e4bf266c7db4b841d348eaff199bff95 # v1.11.1
	with:
	github_token: ${{ steps.apply_token.outputs.token }}
	env:
	TF_TOKEN_app_terraform_io: ${{secrets.TFE_TOKEN}} # For Hashicorp Cloud Backend
	TFE_TOKEN: ${{secrets.TFE_TOKEN}} # For tfe provider

	- name: Generate token for creating follow up pr
	id: follow_up_pr_token
	if: failure()
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# contents:write - Push commits
	# pull_requests:write - Create a pull request
	permissions: >-
	{
	"contents": "write",
	"pull_requests": "write"
	}
	repositories: >-
	[
	"${{github.event.repository.name}}"
	]

	- uses: suzuki-shunsuke/tfaction/create-follow-up-pr@50688bc5e4bf266c7db4b841d348eaff199bff95 # v1.11.1
	if: failure()
	with:
	github_token: ${{steps.follow_up_pr_token.outputs.token}}

	- uses: suzuki-shunsuke/tfaction/update-drift-issue@50688bc5e4bf266c7db4b841d348eaff199bff95 # v1.11.1
	if: always()
	with:
	status: ${{job.status}}
	github_token: ${{steps.drift_issue_token.outputs.token}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency aquaproj/aqua-registry to v4.245.1 (te… #1255

Workflow file

chore(deps): update dependency aquaproj/aqua-registry to v4.245.1 (te… #1255

Jobs

Run details

Workflow file for this run