fix: use managed caching policy #54
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SlashDev CICD | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| - develop | |
| jobs: | |
| base-ci-testing: | |
| runs-on: ubuntu-22.04 | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install asdf tools | |
| uses: asdf-vm/actions/install@v3 | |
| with: | |
| asdf_branch: v0.14.1 | |
| - name: Validate using pre-commit | |
| uses: pre-commit/action@v3.0.1 | |
| terraform-plan: | |
| runs-on: ubuntu-22.04 | |
| needs: base-ci-testing | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install asdf tools | |
| uses: asdf-vm/actions/install@v3 | |
| with: | |
| asdf_branch: v0.14.1 | |
| - name: Terraform Lint | |
| run: | | |
| cd terraform | |
| tflint | |
| - name: Terraform Security | |
| run: | | |
| cd terraform | |
| tfsec -m CRITICAL --no-code -s | |
| - name: Terraform Validate/Plan | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_KEY }}" | |
| run: | | |
| cd terraform | |
| terraform init | |
| terraform validate && terraform plan -out slashdev-${{ github.run_id }}.tfplan | |
| - name: Publish Terraform Plan | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: slashdev-terraform-plan | |
| path: terraform/slashdev-${{ github.run_id }}.tfplan | |
| terraform-apply: | |
| if: github.ref == 'refs/heads/master' | |
| runs-on: ubuntu-22.04 | |
| needs: terraform-plan | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install asdf tools | |
| uses: asdf-vm/actions/install@v3 | |
| with: | |
| asdf_branch: v0.14.1 | |
| - name: Download Terraform Plan | |
| id: download-tfplan | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: slashdev-terraform-plan | |
| path: terraform/ | |
| - name: Check TFPLAN for changes | |
| id: check_tfplan | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_KEY }}" | |
| run: | | |
| cd terraform/ | |
| terraform init | |
| terraform show -no-color slashdev-${{ github.run_id }}.tfplan > slashdev-plan-output.txt | |
| cat slashdev-plan-output.txt | |
| if grep -q "Plan: 0 to add, 0 to change, 0 to destroy." slashdev-plan-output.txt; then | |
| echo "No changes detected" | |
| echo "changed=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "Changes detected" | |
| echo "changed=true" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Terraform APPLY | |
| if: steps.check_tfplan.outputs.changed == 'true' | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_KEY }}" | |
| run: | | |
| cd terraform | |
| terraform init | |
| terraform apply -auto-approve slashdev-${{ github.run_id }}.tfplan | |
| hugo-build: | |
| runs-on: ubuntu-22.04 | |
| needs: base-ci-testing | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install asdf tools | |
| uses: asdf-vm/actions/install@v3 | |
| with: | |
| asdf_branch: v0.14.1 | |
| - name: Hugo build | |
| run: "hugo -s src --cleanDestinationDir -e production -b ''" | |
| hugo-publish: | |
| if: github.ref == 'refs/heads/master' | |
| runs-on: ubuntu-22.04 | |
| needs: hugo-build | |
| environment: | |
| name: production | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install asdf tools | |
| uses: asdf-vm/actions/install@v3 | |
| with: | |
| asdf_branch: v0.14.1 | |
| - name: Hugo build | |
| run: "hugo -s src --cleanDestinationDir -e production -b ''" | |
| - name: Set Shortened Commit SHA | |
| id: set_short_sha | |
| run: | | |
| COMMIT_SHA=${{ github.sha }} | |
| COMMIT_SHA_SHORT=${COMMIT_SHA:0:7} | |
| echo "COMMIT_SHA_SHORT=$COMMIT_SHA_SHORT" >> $GITHUB_OUTPUT | |
| - name: Upload artifact to Github | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: slashdev-public-${{ github.ref_name }}-${{ env.COMMIT_SHA_SHORT }} | |
| path: src/public |