chore(deps): update dependency aquaproj/aqua-registry to v4.254.0 (te… #1344

Workflow file for this run

	---
	name: apply
	on:
	push:
	branches: [main]
	env:
	TFACTION_IS_APPLY: 'true'
	jobs:
	setup:
	timeout-minutes: 30
	runs-on: ubuntu-latest
	permissions:
	contents: read # For checkout a private repository
	pull-requests: write # For ci-info and github-comment
	outputs:
	targets: ${{ steps.list-targets.outputs.targets }}
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
	with:
	aqua_version: v2.37.2

	- uses: suzuki-shunsuke/tfaction/list-targets@2b9d52f60b37e9331ebfe8f06df7ec2d0ee493a6 # v1.12.1
	id: list-targets

	apply:
	timeout-minutes: 30
	name: "apply (${{matrix.target.target}})"
	runs-on: ${{matrix.target.runs_on}}
	needs: setup
	# if services is empty, the build job is skipped
	if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
	strategy:
	fail-fast: false
	matrix:
	target: ${{fromJSON(needs.setup.outputs.targets)}}
	env:
	TFACTION_TARGET: ${{matrix.target.target}}
	TFACTION_WORKING_DIR: ${{matrix.target.working_directory}}
	TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
	permissions:
	id-token: write # For OIDC
	contents: read # To checkout a private repository
	steps:
	- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

	- name: Generate token for aqua-installer
	id: aqua_installer_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# If you use private registries, contents:read is required
	permissions: >-
	{}
	# If you use private registries, please add private repositories
	repositories: >-
	[]

	- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
	with:
	aqua_version: v2.37.2
	env:
	AQUA_GITHUB_TOKEN: ${{ steps.aqua_installer_token.outputs.token }}

	# - uses: suzuki-shunsuke/tfaction/[email protected]
	# with:
	# # If this action doesn't export secrets as you expect, please check if secrets are passed to this action properly.
	# # If you use reusable workflows, maybe secrets aren't passed to the reusable workflow.
	# # If so, please pass secrets properly.
	# #
	# # - https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow
	# # - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecrets
	# secrets: ${{ toJSON(secrets) }}

	- name: Generate token to download private Terraform Modules
	id: gh_setup_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# If you use private registries, contents:read is required
	permissions: >-
	{
	"contents": "read"
	}
	# private repositories hosting private modules
	repositories: >-
	[]

	# This is required to download private modules in `terraform init`
	- run: gh auth setup-git
	env:
	GITHUB_TOKEN: ${{ steps.gh_setup_token.outputs.token }}

	- name: Generate token to update drift issues
	id: drift_issue_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# issues:write - Create and update drift issues
	permissions: >-
	{
	"issues": "write"
	}
	# GitHub Repository where Drift Detection issues are hosted
	# https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
	repositories: >-
	[
	"tfaction-example"
	]

	- run: tfaction get-or-create-drift-issue
	shell: bash
	env:
	GITHUB_TOKEN: ${{ steps.drift_issue_token.outputs.token }}

	- name: Generate token for setup
	id: setup_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# pull_requests:write - Post comments
	# issues:write - Update drift issues
	permissions: >-
	{
	"pull_requests": "write",
	"issues": "write"
	}
	repositories: >-
	[
	"${{github.event.repository.name}}",
	"tfaction-example"
	]

	- uses: suzuki-shunsuke/tfaction/setup@2b9d52f60b37e9331ebfe8f06df7ec2d0ee493a6 # v1.12.1
	with:
	github_token: ${{ steps.setup_token.outputs.token }}
	ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules
	env:
	TF_TOKEN_app_terraform_io: ${{secrets.TFE_TOKEN}}

	# These steps are optional. If you don't want lock mechanism, please remove them.
	- uses: suzuki-shunsuke/lock-action@c752be910ac812e0adc50316855416514d364b57 # v0.1.3
	id: check-lock
	with:
	mode: check # If you want to acquire lock, please check this to `lock`
	key: ${{env.TFACTION_WORKING_DIR}}
	- run: \|
	github-comment post \
	-k already-locked \
	-var "actor:$ACTOR" \
	-var "message:$MESSAGE" \
	-var "workflow_url:$WORKFLOW_URL" \
	-var "datetime:$DATETIME" \
	-var "tfaction_target:${TFACTION_TARGET}"
	exit 1
	if: steps.check-lock.outputs.already_locked == 'true'
	env:
	RESULT: ${{steps.check-lock.outputs.result}}
	GITHUB_TOKEN: ${{steps.setup_token.outputs.token}}

	- name: Generate token for apply
	id: apply_token
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# pull_requests:write - Post comments
	# actions:read - Download plan files
	# issues:write - Update drift issues
	# contents:write - Update related pull requests
	permissions: >-
	{
	"pull_requests": "write",
	"actions": "read",
	"contents": "write",
	"issues": "write"
	}
	repositories: >-
	[
	"${{github.event.repository.name}}",
	"tfaction-example"
	]

	- uses: suzuki-shunsuke/tfaction/apply@2b9d52f60b37e9331ebfe8f06df7ec2d0ee493a6 # v1.12.1
	with:
	github_token: ${{ steps.apply_token.outputs.token }}
	env:
	TF_TOKEN_app_terraform_io: ${{secrets.TFE_TOKEN}} # For Hashicorp Cloud Backend
	TFE_TOKEN: ${{secrets.TFE_TOKEN}} # For tfe provider

	- name: Generate token for creating follow up pr
	id: follow_up_pr_token
	if: failure()
	uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
	with:
	app_id: ${{ secrets.APP_ID }}
	private_key: ${{ secrets.APP_PRIVATE_KEY }}
	# contents:write - Push commits
	# pull_requests:write - Create a pull request
	permissions: >-
	{
	"contents": "write",
	"pull_requests": "write"
	}
	repositories: >-
	[
	"${{github.event.repository.name}}"
	]

	- uses: suzuki-shunsuke/tfaction/create-follow-up-pr@2b9d52f60b37e9331ebfe8f06df7ec2d0ee493a6 # v1.12.1
	if: failure()
	with:
	github_token: ${{steps.follow_up_pr_token.outputs.token}}

	- uses: suzuki-shunsuke/tfaction/update-drift-issue@2b9d52f60b37e9331ebfe8f06df7ec2d0ee493a6 # v1.12.1
	if: always()
	with:
	status: ${{job.status}}
	github_token: ${{steps.drift_issue_token.outputs.token}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency aquaproj/aqua-registry to v4.254.0 (te… #1344

Workflow file

chore(deps): update dependency aquaproj/aqua-registry to v4.254.0 (te… #1344

Jobs

Run details

Workflow file for this run