Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to support Terraform cloud with Terraform 1.6 #328

Merged
merged 4 commits into from
Feb 11, 2024
Merged

Update to support Terraform cloud with Terraform 1.6 #328

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
efdd1c2
Fix cloud applies with Terraform 1.6
dflook Feb 9, 2024
7f5594b
Increase page size to max
dflook Feb 11, 2024
5544c09
Cache github api responses
dflook Feb 11, 2024
d71de61
Also cache alternate comment path
dflook Feb 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
207 changes: 198 additions & 9 deletions .github/workflows/test-cloud.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -314,13 +314,13 @@ jobs:
exit 1
fi

if [[ -n "${{ steps.auto_apply.outputs.text_plan_path }}" ]]; then
echo "::error:: text_plan_path should not be set"
if ! grep -q "Terraform will perform the following actions" '${{ steps.auto_apply.outputs.text_plan_path }}'; then
echo "::error:: text_plan_path not set correctly"
exit 1
fi

if [[ -n "${{ steps.auto_apply.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should not be set"
if [[ ! -f "${{ steps.auto_apply.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

Expand Down Expand Up @@ -378,12 +378,13 @@ jobs:
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-1

- name: Plan workspace
- name: Plan changes
uses: ./terraform-plan
id: plan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud plan
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-2

Expand All @@ -399,18 +400,24 @@ jobs:
exit 1
fi

if [[ ! -f "${{ steps.auto_apply.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

echo '${{ steps.plan.outputs.run_id }}'
if [[ "${{ steps.plan.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

- name: Apply workspace
- name: Apply changes
uses: ./terraform-apply
id: apply
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud plan
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-2

Expand All @@ -425,9 +432,9 @@ jobs:
echo "::error:: text_plan_path not set correctly"
exit 1
fi

if [[ -n "${{ steps.apply.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should not be set"
if [[ ! -f "${{ steps.apply.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

Expand All @@ -437,6 +444,188 @@ jobs:
exit 1
fi

- name: Plan no changes
uses: ./terraform-plan
id: plan-no-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud plan-no-changes
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-2

- name: Apply no changes
uses: ./terraform-apply
id: apply-no-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud plan-no-changes
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-2

- name: Verify apply with no changes
run: |
if [[ "${{ steps.plan-no-changes.outputs.changes }}" != "false" ]]; then
echo "::error:: changes output not set correctly"
exit 1
fi

if [[ "${{ steps.apply-no-changes.outputs.len }}" != "5" ]]; then
echo "::error:: Variables not set correctly"
exit 1
fi

if ! grep -q "No changes. Your infrastructure matches the configuration." '${{ steps.plan-no-changes.outputs.text_plan_path }}'; then
echo "::error:: text_plan_path not set correctly"
exit 1
fi

if ! grep -q "No changes. Your infrastructure matches the configuration." '${{ steps.apply-no-changes.outputs.text_plan_path }}'; then
echo "::error:: text_plan_path not set correctly"
exit 1
fi

if [[ ! -f "${{ steps.plan-no-changes.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

if [[ ! -f "${{ steps.apply-no-changes.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

echo '${{ steps.plan-no-changes.outputs.run_id }}'
if [[ "${{ steps.plan-no-changes.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

echo '${{ steps.apply-no-changes.outputs.run_id }}'
if [[ "${{ steps.apply-no-changes.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

- name: Saved plan with changes
uses: ./terraform-plan
id: saved-plan-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud save-plan-changes
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-2
variables: |
length=8

- name: Saved apply with changes
uses: ./terraform-apply
id: saved-apply-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud save-plan-changes
path: tests/workflows/test-cloud/partial
plan_path: ${{ steps.saved-plan-changes.outputs.plan_path }}
workspace: ${{ github.head_ref }}-cloud-2
variables: |
length=8

- name: Verify saved apply with changes
run: |
if [[ "${{ steps.saved-plan-changes.outputs.changes }}" != "true" ]]; then
echo "::error:: changes output not set correctly"
exit 1
fi

if [[ "${{ steps.saved-apply-changes.outputs.len }}" != "8" ]]; then
echo "::error:: Variables not set correctly"
exit 1
fi

if ! grep -q "Terraform will perform the following actions" '${{ steps.saved-plan-changes.outputs.text_plan_path }}'; then
echo "::error:: text_plan_path not set correctly"
exit 1
fi

if [[ ! -f "${{ steps.saved-plan-changes.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

echo '${{ steps.saved-plan-changes.outputs.run_id }}'
if [[ "${{ steps.saved-plan-changes.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

echo '${{ steps.saved-apply-changes.outputs.run_id }}'
if [[ "${{ steps.saved-apply-changes.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

- name: Saved plan with no changes
uses: ./terraform-plan
id: saved-plan-no-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud save-plan-no-changes
path: tests/workflows/test-cloud/partial
workspace: ${{ github.head_ref }}-cloud-2
variables: |
length=8

- name: Saved apply with no changes
uses: ./terraform-apply
id: saved-apply-no-changes
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
label: test-cloud cloud save-plan-no-changes
path: tests/workflows/test-cloud/partial
plan_path: ${{ steps.saved-plan-no-changes.outputs.plan_path }}
workspace: ${{ github.head_ref }}-cloud-2
variables: |
length=8

- name: Verify saved apply with no changes
run: |
if [[ "${{ steps.saved-plan-no-changes.outputs.changes }}" != "false" ]]; then
echo "::error:: changes output not set correctly"
exit 1
fi

if [[ "${{ steps.saved-apply-no-changes.outputs.len }}" != "8" ]]; then
echo "::error:: Variables not set correctly"
exit 1
fi

if ! grep -q "No changes. Your infrastructure matches the configuration." '${{ steps.saved-plan-no-changes.outputs.text_plan_path }}'; then
echo "::error:: text_plan_path not set correctly"
exit 1
fi

if [[ ! -f "${{ steps.saved-plan-no-changes.outputs.json_plan_path }}" ]]; then
echo "::error:: json_plan_path should be set"
exit 1
fi

echo '${{ steps.saved-plan-no-changes.outputs.run_id }}'
if [[ "${{ steps.saved-plan-no-changes.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

echo '${{ steps.saved-apply-no-changes.outputs.run_id }}'
if [[ "${{ steps.saved-apply-no-changes.outputs.run_id }}" != "run-"* ]]; then
echo "::error:: output run_id not set correctly"
exit 1
fi

- name: Destroy the last workspace
uses: ./terraform-destroy-workspace
with:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test-version.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -503,7 +503,7 @@ jobs:

- name: Check the version
run: |
if [[ "${{ steps.terraform-version.outputs.terraform }}" != *"1.6"* ]]; then
if [[ "${{ steps.terraform-version.outputs.terraform }}" != *"1.7"* ]]; then
echo "::error:: Latest version was not used"
exit 1
fi
Expand Down
10 changes: 10 additions & 0 deletions image/actions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -456,6 +456,16 @@ function plan() {
# shellcheck disable=SC2034
PLAN_EXIT=${PIPESTATUS[0]}
set -e

if [[ "$TERRAFORM_BACKEND_TYPE" == "remote" || "$TERRAFORM_BACKEND_TYPE" == "cloud" ]]; then
if remote-run-id "$STEP_TMP_DIR/terraform_plan.stdout" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
RUN_ID="$(<"$STEP_TMP_DIR/remote-run-id.stdout")"
set_output run_id "$RUN_ID"
else
debug_log "Failed to get remote run-id"
debug_file "$STEP_TMP_DIR/remote-run-id.stderr"
fi
fi
}

function destroy() {
Expand Down
46 changes: 32 additions & 14 deletions image/entrypoints/apply.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,18 @@ set-plan-args
PLAN_OUT="$STEP_TMP_DIR/plan.out"

function update_comment() {
if ! github_pr_comment "$@" 2>"$STEP_TMP_DIR/github_pr_comment.stderr"; then
debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
else
debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
if [[ -v TERRAFORM_ACTIONS_GITHUB_TOKEN ]]; then

if ! github_pr_comment "$@" 2>"$STEP_TMP_DIR/github_pr_comment.stderr"; then
debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
else
debug_file "$STEP_TMP_DIR/github_pr_comment.stderr"
fi

fi
}

if [[ -v TERRAFORM_ACTIONS_GITHUB_TOKEN ]]; then
update_comment begin-apply
fi
update_comment begin-apply

exec 3>&1

Expand All @@ -29,12 +31,14 @@ function apply() {

set +e
if [[ -n "$PLAN_OUT" ]]; then

# shellcheck disable=SC2086
debug_log $TOOL_COMMAND_NAME apply -input=false -no-color -auto-approve -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT
debug_log $TOOL_COMMAND_NAME apply -input=false -no-color -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT
# shellcheck disable=SC2086
(cd "$INPUT_PATH" && $TOOL_COMMAND_NAME apply -input=false -no-color -auto-approve -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT) \
(cd "$INPUT_PATH" && $TOOL_COMMAND_NAME apply -input=false -no-color -lock-timeout=300s $PARALLEL_ARG $PLAN_OUT) \
2>"$STEP_TMP_DIR/terraform_apply.stderr" \
| $TFMASK
| $TFMASK \
| tee "$STEP_TMP_DIR/terraform_apply.stdout"
APPLY_EXIT=${PIPESTATUS[0]}
>&2 cat "$STEP_TMP_DIR/terraform_apply.stderr"
else
Expand All @@ -51,17 +55,25 @@ function apply() {
APPLY_EXIT=${PIPESTATUS[0]}
>&2 cat "$STEP_TMP_DIR/terraform_apply.stderr"

if remote-run-id "$STEP_TMP_DIR/terraform_apply.stdout" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
fi
set -e

if [[ "$TERRAFORM_BACKEND_TYPE" == "cloud" || "$TERRAFORM_BACKEND_TYPE" == "remote" ]]; then
if remote-run-id "$STEP_TMP_DIR/terraform_apply.stdout" "$STEP_TMP_DIR/terraform_apply.stderr" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
RUN_ID="$(<"$STEP_TMP_DIR/remote-run-id.stdout")"
set_output run_id "$RUN_ID"
else
debug_log "Failed to get remote run-id"
debug_file "$STEP_TMP_DIR/remote-run-id.stderr"
fi
fi
set -e

if [[ $APPLY_EXIT -eq 0 ]]; then
if [[ "$TERRAFORM_BACKEND_TYPE" == "cloud" && $APPLY_EXIT -ne 0 ]] && grep -q "Error: Saved plan has no changes" "$STEP_TMP_DIR/terraform_apply.stderr"; then
# Not really an error then is it?
APPLY_EXIT=0
output
update_comment cloud-no-changes-to-apply "$STEP_TMP_DIR/terraform_output.json"
elif [[ $APPLY_EXIT -eq 0 ]]; then
output
update_comment apply-complete "$STEP_TMP_DIR/terraform_output.json"
else
Expand Down Expand Up @@ -134,7 +146,13 @@ fi

### Apply the plan

if [[ "$INPUT_AUTO_APPROVE" == "true" || $PLAN_EXIT -eq 0 ]]; then
if [[ "$TERRAFORM_BACKEND_TYPE" == "cloud" && $PLAN_EXIT -eq 0 ]]; then
# Terraform cloud will just error if we try to apply a plan with no changes
echo "No changes to apply"
output
update_comment cloud-no-changes-to-apply "$STEP_TMP_DIR/terraform_output.json"

elif [[ "$INPUT_AUTO_APPROVE" == "true" || $PLAN_EXIT -eq 0 ]]; then
echo "Automatically approving plan"
apply

Expand Down
10 changes: 0 additions & 10 deletions image/entrypoints/plan.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,6 @@ fi

cat "$STEP_TMP_DIR/terraform_plan.stderr"

if [[ -z "$PLAN_OUT" ]]; then
if remote-run-id "$STEP_TMP_DIR/terraform_plan.stdout" >"$STEP_TMP_DIR/remote-run-id.stdout" 2>"$STEP_TMP_DIR/remote-run-id.stderr"; then
RUN_ID="$(<"$STEP_TMP_DIR/remote-run-id.stdout")"
set_output run_id "$RUN_ID"
else
debug_log "Failed to get remote run-id"
debug_file "$STEP_TMP_DIR/remote-run-id.stderr"
fi
fi

if [[ "$GITHUB_EVENT_NAME" == "pull_request" || "$GITHUB_EVENT_NAME" == "issue_comment" || "$GITHUB_EVENT_NAME" == "pull_request_review_comment" || "$GITHUB_EVENT_NAME" == "pull_request_target" || "$GITHUB_EVENT_NAME" == "pull_request_review" || "$GITHUB_EVENT_NAME" == "repository_dispatch" ]]; then
if [[ "$INPUT_ADD_GITHUB_COMMENT" == "true" || "$INPUT_ADD_GITHUB_COMMENT" == "changes-only" || "$INPUT_ADD_GITHUB_COMMENT" == "always-new" ]]; then

Expand Down
1 change: 1 addition & 0 deletions image/setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
},
install_requires=[
'requests',
'requests-cache',
'python-hcl2',
'canonicaljson'
]
Expand Down
Loading
Loading