|
1 | | -name: 'Terraform' |
| 1 | +name: Terraform CI/CD |
2 | 2 |
|
3 | 3 | on: |
| 4 | + push: |
| 5 | + branches: |
| 6 | + - main |
4 | 7 | workflow_dispatch: |
5 | 8 |
|
6 | 9 | jobs: |
7 | | - terraform: |
8 | | - name: 'Terraform' |
| 10 | + plan: |
| 11 | + name: Terraform Plan |
9 | 12 | runs-on: ubuntu-latest |
| 13 | + outputs: |
| 14 | + plan-exit-code: ${{ steps.plan.outcome }} |
| 15 | + steps: |
| 16 | + - name: Checkout code |
| 17 | + uses: actions/checkout@v4 |
| 18 | + |
| 19 | + - name: Authenticate with GCP |
| 20 | + uses: google-github-actions/auth@v2 |
| 21 | + with: |
| 22 | + credentials_json: ${{ secrets.GCP_CREDENTIALS }} |
| 23 | + |
| 24 | + - name: Setup Terraform |
| 25 | + uses: hashicorp/setup-terraform@v3 |
| 26 | + with: |
| 27 | + terraform_version: latest |
| 28 | + |
| 29 | + - name: Initialize Terraform |
| 30 | + run: terraform init |
10 | 31 |
|
11 | | - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest |
12 | | - defaults: |
13 | | - run: |
14 | | - shell: bash |
| 32 | + - name: Terraform Plan |
| 33 | + id: plan |
| 34 | + run: terraform plan -out=tfplan |
| 35 | + continue-on-error: false |
| 36 | + |
| 37 | + - name: Upload Plan Artifact |
| 38 | + uses: actions/upload-artifact@v4 |
| 39 | + with: |
| 40 | + name: tfplan |
| 41 | + path: tfplan |
15 | 42 |
|
| 43 | + apply: |
| 44 | + name: Terraform Apply |
| 45 | + needs: plan |
| 46 | + if: github.event_name == 'workflow_dispatch' |
| 47 | + runs-on: ubuntu-latest |
16 | 48 | steps: |
17 | | - # Checkout the repository to the GitHub Actions runner |
18 | | - - name: Checkout |
| 49 | + - name: Checkout code |
19 | 50 | uses: actions/checkout@v4 |
20 | 51 |
|
21 | | - # Run yarn install |
22 | | - - name: Run install |
23 | | - uses: borales/actions-yarn@v4 |
| 52 | + - name: Authenticate with GCP |
| 53 | + uses: google-github-actions/auth@v2 |
24 | 54 | with: |
25 | | - dir: lambda |
26 | | - cmd: install |
| 55 | + credentials_json: ${{ secrets.GCP_CREDENTIALS }} |
27 | 56 |
|
28 | | - # Run yarn build |
29 | | - - name: Run build |
30 | | - uses: borales/actions-yarn@v4 |
| 57 | + - name: Setup Terraform |
| 58 | + uses: hashicorp/setup-terraform@v3 |
31 | 59 | with: |
32 | | - dir: lambda |
33 | | - cmd: build |
| 60 | + terraform_version: latest |
34 | 61 |
|
35 | | - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token |
36 | | - - name: Setup Terraform |
37 | | - uses: hashicorp/setup-terraform@v1 |
| 62 | + - name: Download Plan Artifact |
| 63 | + uses: actions/download-artifact@v4 |
38 | 64 | with: |
39 | | - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} |
| 65 | + name: tfplan |
40 | 66 |
|
41 | | - # Generates an execution plan for Terraform |
42 | | - - name: Terraform Plan |
43 | | - working-directory: ./terraform |
44 | | - run: | |
45 | | - terraform init |
46 | | - terraform plan -input=false |
47 | | -
|
48 | | - # On push to "main", build or change infrastructure according to Terraform configuration files |
49 | | - - name: Terraform Apply |
50 | | - working-directory: ./terraform |
51 | | - run: terraform apply -auto-approve -input=false |
| 67 | + - name: Initialize Terraform |
| 68 | + run: terraform init |
| 69 | + |
| 70 | + - name: Apply Terraform Changes |
| 71 | + run: terraform apply -auto-approve tfplan |
0 commit comments