Skip to content
.github/workflows/terraform-pr.yml

Update workflow to use bash #1

Sign in to view logs

Update workflow to use bash

Update workflow to use bash #1

Workflow file for this run

.github/workflows/terraform-pr.yml at eba9102
name: 'Terraform Pull Request'

Check failure on line 1 in .github/workflows/terraform-pr.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/terraform-pr.yml

Invalid workflow file 

`inputs` is not a valid event name
on:
workflow_call:
inputs:
debug:
required: false
type: boolean
permissions:
contents: write
packages: read
env:
TF_VERSION: ${{ github.event.inputs.terraform-version }}
jobs:
pre-configuration:
runs-on: ubuntu-latest
outputs:
directories: ${{ steps.changes.outputs.directories }}
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: 'Generate matrix from changed Terraform directories'
id: changes
run: |
set -e
VALID_DIRECTORIES=()
INVALID_DIRECTORIES=()
DIRECTORIES=$(git diff --name-only HEAD^ HEAD | (grep '\.tf$' || true) | xargs -I {} dirname {} | sort -t'/' -k1,1r -k2,2n)
for DIRECTORY in $DIRECTORIES; do
if [[ "$DIRECTORY" =~ ^(core-services|applications)/[0-9]+-[^/]+$ ]]; then
VALID_DIRECTORIES+=("$DIRECTORY")
else
INVALID_DIRECTORIES+=("$DIRECTORY")
fi
done
if [ ${#INVALID_DIRECTORIES[@]} -ne 0 ]; then
echo 'Error: All Terraform must be within the core-services or applications directories.' >&2
echo ' Each directory within must be named with a number prefix (e.g. core-services/01-foo, applications/01-bar).' >&2
echo ' Invalid directories:' >&2
printf ' %s\n' "${INVALID_DIRECTORIES[@]}" >&2
exit 1
fi
echo "directories=(${VALID_DIRECTORIES[*]})" >> $GITHUB_OUTPUT
terraform:
runs-on: ubuntu-latest
needs: [ pre-configuration ]
if: needs.pre-configuration.outputs.directories != '()'
container:
image: ghcr.io/ukhsa-internal/devops-terraform-ci:latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Terraform Processing'
shell: bash
run: |
set -e
function process_output() {
if [ "${{ github.event.inputs.debug }}" == "true" ]; then
cat
else
cat > /dev/null
fi
}
VALID_DIRECTORIES=${{ needs.pre-configuration.outputs.directories }}
GIT_CHANGES="false"
echo -e "Using directories: ${VALID_DIRECTORIES[*]}"
echo -e "\033[1m\nProcessing Terraform:\033[0m"
for DIRECTORY in "${VALID_DIRECTORIES[@]}"; do
echo -e "\033[1m\t$DIRECTORY\033[0m"
cd "${{ github.workspace }}/$DIRECTORY"
echo -e "\t\t[+] Initialising Terraform"
terraform init -no-color -input=false | process_output
echo -e "\t\t[+] Validating Terraform"
terraform validate -no-color | process_output
echo -e "\t\t[+] Checkov scan"
checkov --quiet --compact | process_output
echo -e "\t\t[+] Formatting Terraform"
terraform fmt -no-color | process_output
echo -e "\t\t[+] Linting Terraform"
tflint | process_output
echo -e "\t\t[+] Documenting Terraform"
terraform-docs markdown table --output-file README.md --output-mode inject "$(pwd)" | process_output
if git status --porcelain | grep -q "$DIRECTORY"; then
git add "${{ github.workspace }}/$DIRECTORY"
echo -e "\t\t[+] Added changes to git"
GIT_CHANGES="true"
fi
echo -e "\t\t[+] Done\n"
done
echo -e "\033[1mProcessing any git changes...\033[0m"
cd "${{ github.workspace }}"
git config --global --add safe.directory "$(pwd)"
if "$GIT_CHANGES"; then
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -m "[automated] Terraform formatting and documentation updates."
# git push
fi
echo -e "\033[1m\nRunning Terraform:\033[0m"
for FOLDER in "${VALID_DIRECTORIES[@]}"; do
echo -e "\033[1m\t$FOLDER\033[0m"
cd "${{ github.workspace }}/$DIRECTORY"
echo -e "\033[1m\t\t[+] Terraform Plan\033[0m"
terraform plan -no-color -input=false -out=tfplan; echo ""
done