Skip to content
apply

chore(deps): update dependency rhysd/actionlint to v1.7.4 (aqua/impor… #1279

Sign in to view logs

chore(deps): update dependency rhysd/actionlint to v1.7.4 (aqua/impor…

chore(deps): update dependency rhysd/actionlint to v1.7.4 (aqua/impor… #1279

Workflow file for this run

.github/workflows/apply.yaml at ccdc6c2
---
name: apply
on:
push:
branches: [main]
env:
TFACTION_IS_APPLY: 'true'
jobs:
setup:
timeout-minutes: 30
runs-on: ubuntu-latest
permissions:
contents: read # For checkout a private repository
pull-requests: write # For ci-info and github-comment
outputs:
targets: ${{ steps.list-targets.outputs.targets }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.37.1
- uses: suzuki-shunsuke/tfaction/list-targets@9751dd9b04be9d10d643c0a46d3c23ac21075c43 # v1.11.2
id: list-targets
apply:
timeout-minutes: 30
name: "apply (${{matrix.target.target}})"
runs-on: ${{matrix.target.runs_on}}
needs: setup
# if services is empty, the build job is skipped
if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
strategy:
fail-fast: false
matrix:
target: ${{fromJSON(needs.setup.outputs.targets)}}
env:
TFACTION_TARGET: ${{matrix.target.target}}
TFACTION_WORKING_DIR: ${{matrix.target.working_directory}}
TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
permissions:
id-token: write # For OIDC
contents: read # To checkout a private repository
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Generate token for aqua-installer
id: aqua_installer_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# If you use private registries, contents:read is required
permissions: >-
{}
# If you use private registries, please add private repositories
repositories: >-
[]
- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.37.1
env:
AQUA_GITHUB_TOKEN: ${{ steps.aqua_installer_token.outputs.token }}
# - uses: suzuki-shunsuke/tfaction/export-secrets@53097591cf15d9eefd7ee9af0511c536e71e9a67 # v1.7.0
# with:
# # If this action doesn't export secrets as you expect, please check if secrets are passed to this action properly.
# # If you use reusable workflows, maybe secrets aren't passed to the reusable workflow.
# # If so, please pass secrets properly.
# #
# # - https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow
# # - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecrets
# secrets: ${{ toJSON(secrets) }}
- name: Generate token to download private Terraform Modules
id: gh_setup_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# If you use private registries, contents:read is required
permissions: >-
{
"contents": "read"
}
# private repositories hosting private modules
repositories: >-
[]
# This is required to download private modules in `terraform init`
- run: gh auth setup-git
env:
GITHUB_TOKEN: ${{ steps.gh_setup_token.outputs.token }}
- name: Generate token to update drift issues
id: drift_issue_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# issues:write - Create and update drift issues
permissions: >-
{
"issues": "write"
}
# GitHub Repository where Drift Detection issues are hosted
# https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
repositories: >-
[
"tfaction-example"
]
- run: tfaction get-or-create-drift-issue
shell: bash
env:
GITHUB_TOKEN: ${{ steps.drift_issue_token.outputs.token }}
- name: Generate token for setup
id: setup_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# pull_requests:write - Post comments
# issues:write - Update drift issues
permissions: >-
{
"pull_requests": "write",
"issues": "write"
}
repositories: >-
[
"${{github.event.repository.name}}",
"tfaction-example"
]
- uses: suzuki-shunsuke/tfaction/setup@9751dd9b04be9d10d643c0a46d3c23ac21075c43 # v1.11.2
with:
github_token: ${{ steps.setup_token.outputs.token }}
ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules
env:
TF_TOKEN_app_terraform_io: ${{secrets.TFE_TOKEN}}
# These steps are optional. If you don't want lock mechanism, please remove them.
- uses: suzuki-shunsuke/lock-action@95020dd05b8976fd85ad4d777411a41d2d2928fa # v0.1.1
id: check-lock
with:
mode: check # If you want to acquire lock, please check this to `lock`
key: ${{env.TFACTION_WORKING_DIR}}
- run: |
github-comment post \
-k already-locked \
-var "actor:$ACTOR" \
-var "message:$MESSAGE" \
-var "workflow_url:$WORKFLOW_URL" \
-var "datetime:$DATETIME" \
-var "tfaction_target:${TFACTION_TARGET}"
exit 1
if: steps.check-lock.outputs.already_locked == 'true'
env:
RESULT: ${{steps.check-lock.outputs.result}}
GITHUB_TOKEN: ${{steps.setup_token.outputs.token}}
- name: Generate token for apply
id: apply_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# pull_requests:write - Post comments
# actions:read - Download plan files
# issues:write - Update drift issues
# contents:write - Update related pull requests
permissions: >-
{
"pull_requests": "write",
"actions": "read",
"contents": "write",
"issues": "write"
}
repositories: >-
[
"${{github.event.repository.name}}",
"tfaction-example"
]
- uses: suzuki-shunsuke/tfaction/apply@9751dd9b04be9d10d643c0a46d3c23ac21075c43 # v1.11.2
with:
github_token: ${{ steps.apply_token.outputs.token }}
env:
TF_TOKEN_app_terraform_io: ${{secrets.TFE_TOKEN}} # For Hashicorp Cloud Backend
TFE_TOKEN: ${{secrets.TFE_TOKEN}} # For tfe provider
- name: Generate token for creating follow up pr
id: follow_up_pr_token
if: failure()
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# contents:write - Push commits
# pull_requests:write - Create a pull request
permissions: >-
{
"contents": "write",
"pull_requests": "write"
}
repositories: >-
[
"${{github.event.repository.name}}"
]
- uses: suzuki-shunsuke/tfaction/create-follow-up-pr@9751dd9b04be9d10d643c0a46d3c23ac21075c43 # v1.11.2
if: failure()
with:
github_token: ${{steps.follow_up_pr_token.outputs.token}}
- uses: suzuki-shunsuke/tfaction/update-drift-issue@9751dd9b04be9d10d643c0a46d3c23ac21075c43 # v1.11.2
if: always()
with:
status: ${{job.status}}
github_token: ${{steps.drift_issue_token.outputs.token}}