rollback só com aprovação #44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Apply | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| Terraform-Plan: | |
| runs-on: ubuntu-latest | |
| environment: pre-prod | |
| outputs: | |
| plan_exitcode: ${{ steps.plan.outputs.exitcode }} | |
| tag: ${{ steps.bump.outputs.new_tag }} | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Bump version and push tag | |
| id: bump | |
| uses: anothrNick/github-tag-action@1.73.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| WITH_V: true | |
| - name: Versão criada | |
| run: | | |
| echo "Tag criada: ${{ steps.bump.outputs.new_tag }}" | |
| # echo "version_tag=${{ steps.bump.outputs.new_tag }}" >> $GITHUB_OUTPUT | |
| - name: ls files | |
| run: ls -ltr | |
| - name: Install Terraform CLI | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "1.12.2" | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate | |
| - name: Terraform Plan | |
| id: plan | |
| run: terraform plan -detailed-exitcode -out=state_file-${{ steps.bump.outputs.new_tag }} || export exitcode=$? >> $GITHUB_OUTPUT | |
| continue-on-error: true # Allow the step to continue even if -detailed-exitcode returns 2 | |
| - name: get value of terraform plan | |
| run: | | |
| echo "The value is: ${{ steps.plan.outputs.exitcode }}" | |
| - name: Check Plan Exit Code | |
| id: check_plan | |
| if: steps.plan.outcome == 'success' && steps.plan.outputs.exitcode == '2' | |
| run: | | |
| echo "Terraform plan detected changes. Proceeding with apply (or manual approval)." | |
| # Add logic for manual approval or direct apply here | |
| - name: No Changes Detected | |
| if: steps.plan.outcome == 'success' && steps.plan.outputs.exitcode == '0' | |
| run: | | |
| echo "No changes detected by Terraform plan. Skipping apply." | |
| - name: Terraform Plan Failed | |
| if: steps.plan.outcome == 'failure' || steps.plan.outputs.exitcode == '1' | |
| run: | | |
| echo "Terraform plan failed. Review the logs for errors." | |
| exit 1 # Fail the workflow | |
| - name: Send plan via email | |
| if: steps.plan.outcome == 'success' && steps.plan.outputs.exitcode == '2' | |
| uses: dawidd6/action-send-mail@v6 | |
| with: | |
| server_address: smtp.gmail.com | |
| server_port: 587 | |
| username: ${{ secrets.SMTP_USER }} | |
| password: ${{ secrets.SMTP_PASS }} | |
| subject: "O ${{ github.repository }} Inforrrrrma" | |
| to: ${{ secrets.SMTP_USER }} | |
| from: "Terraform <${{ secrets.SMTP_USER }}>" | |
| body: | | |
| Foram detectadas alterações a serem feitas em sua infraestrutura. | |
| Aprove ou rejeite aqui: | |
| https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| - name: Remove unnecessary folders | |
| run: | | |
| rm -rf some_examples | |
| rm -rf .github | |
| rm -rf .gitignore | |
| rm -rf .git | |
| - name: ls files | |
| run: ls -ltra | |
| - name: Upload artifacts | |
| if: steps.plan.outcome == 'success' && steps.plan.outputs.exitcode == '2' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.bump.outputs.new_tag }} | |
| path: . | |
| Terraform-Apply: | |
| runs-on: ubuntu-latest | |
| needs: Terraform-Plan | |
| environment: pre-prod-apply | |
| if: needs.Terraform-Plan.outputs.plan_exitcode == '2' | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| steps: | |
| - name: Get build artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ needs.Terraform-Plan.outputs.tag }} | |
| path: terraform_plan_artifacts | |
| - name: Install Terraform CLI | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "1.12.2" | |
| - name: Terraform Init | |
| run: terraform init | |
| working-directory: terraform_plan_artifacts | |
| - name: Terraform Apply | |
| id: apply | |
| working-directory: terraform_plan_artifacts | |
| run: | | |
| terraform apply -auto-approve state_file-${{ needs.Terraform-Plan.outputs.tag }} |