ben/cluster-state
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions
cluster-state/.gitea/workflows/cicd.yaml
Ben Martin ba83c03b6d
Some checks failed
Terraform CI/CD / Terraform Format, Validate, Lint, Scan (push) Failing after 6m9s
Details
Terraform CI/CD / Terraform Plan (push) Has been skipped
Details
Terraform CI/CD / Terraform Apply (push) Has been skipped
Details
fix(cicd): create tf plugin cache so tf format check can see it
2025-04-20 10:21:34 +00:00

132 lines
3.5 KiB
YAML
Raw Blame History

name: Terraform CI/CD
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
NOMAD_ADDR: "${{ vars.NOMAD_ADDR }}"
NOMAD_TOKEN: "${{ secrets.NOMAD_TOKEN }}"
PG_CONN_STR: "${{ secrets.PG_CONN_STR }}"
TF_CLI_ARGS: "-no-color"
TF_IN_AUTOMATION: true
TF_PLUGIN_CACHE_DIR: ${{ gitea.workspace }}/.terraform.d/plugin-cache
jobs:
terraform-ci:
name: Terraform Format, Validate, Lint, Scan
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Setup Nomad
uses: hashicorp/setup-nomad@main
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Terraform Format Check
run: terraform fmt -check -recursive
- name: Nomad fmt
run: nomad fmt -recursive -check
- name: Cache Terraform Plugin Dir
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-plugins-
- name: Cache TFLint Dir
uses: actions/cache@v4
with:
path: ~/.tflint.d/plugins
key: ${{ runner.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
restore-keys: |
${{ runner.os }}-tflint-
- name: Terraform Init
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: TFLint
uses: terraform-linters/setup-tflint@v4
- run: |
tflint --init
tflint
- name: tfsec
uses: aquasecurity/tfsec-action@v1.0.0
with:
soft_fail: true
terraform-plan:
name: Terraform Plan
runs-on: ubuntu-latest
needs: terraform-ci
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- uses: hashicorp/setup-nomad@main
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Cache Terraform Plugin Dir
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-plugins-
- name: Terraform Init
run: terraform init
- name: Terraform Plan
run: terraform plan -out=tfplan
- name: Upload Terraform Plan
uses: actions/upload-artifact@v4
with:
name: tfplan
path: tfplan
terraform-apply:
name: Terraform Apply
runs-on: ubuntu-latest
needs: terraform-ci
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
- uses: hashicorp/setup-nomad@main
- name: Create Terraform Plugin Cache Dir
run: mkdir -v -p $TF_PLUGIN_CACHE_DIR
- name: Cache Terraform Plugin Dir
uses: actions/cache@v4
with:
path: ${{ env.TF_PLUGIN_CACHE_DIR }}
key: ${{ runner.os }}-terraform-plugins-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-plugins-
- name: Terraform Init
run: terraform init
- name: Terraform Apply
run: terraform apply -auto-approve
Reference in a new issue View git blame Copy permalink