Improve parsing of tf files #697
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test terraform-apply | |
| on: | |
| - pull_request | |
| permissions: | |
| contents: read | |
| jobs: | |
| auto_approve: | |
| runs-on: ubuntu-24.04 | |
| name: Auto Approve | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| with: | |
| path: tests/workflows/test-apply/remote | |
| auto_approve: true | |
| - name: Verify outputs | |
| env: | |
| MY_STRING: ${{ steps.output.outputs.my_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$MY_STRING" != "hello" ]]; then | |
| echo "::error:: output my_string not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.my_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_error: | |
| runs-on: ubuntu-24.04 | |
| name: Auto Approve plan error | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: apply | |
| continue-on-error: true | |
| with: | |
| path: tests/workflows/test-apply/remote | |
| auto_approve: true | |
| - name: Check failed to apply | |
| env: | |
| OUTCOME: ${{ steps.apply.outcome }} | |
| FAILURE_REASON: ${{ steps.apply.outputs.failure-reason }} | |
| JSON_PLAN_PATH: ${{ steps.apply.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.apply.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Apply did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FAILURE_REASON" != "" ]]; then | |
| echo "::error:: failure-reason not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$JSON_PLAN_PATH" ]]; then | |
| echo "::error:: json_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$TEXT_PLAN_PATH" ]]; then | |
| echo "::error:: text_plan_path should not be set" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_apply_error: | |
| runs-on: ubuntu-24.04 | |
| name: Apply apply phase error | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_apply_error | |
| path: tests/workflows/test-apply/apply-error | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: apply | |
| continue-on-error: true | |
| with: | |
| label: test-apply apply_apply_error | |
| path: tests/workflows/test-apply/apply-error | |
| - name: Check failed to apply | |
| env: | |
| OUTCOME: ${{ steps.apply.outcome }} | |
| FAILURE_REASON: ${{ steps.apply.outputs.failure-reason }} | |
| JSON_PLAN_PATH: ${{ steps.apply.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.apply.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Apply did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FAILURE_REASON" != "apply-failed" ]]; then | |
| echo "::error:: failure-reason not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .format_version "$JSON_PLAN_PATH") != "1.2" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_no_token: | |
| runs-on: ubuntu-24.04 | |
| name: Apply without token | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: apply | |
| continue-on-error: true | |
| with: | |
| path: tests/workflows/test-apply/changes | |
| - name: Check failed to apply | |
| env: | |
| OUTCOME: ${{ steps.apply.outcome }} | |
| FAILURE_REASON: ${{ steps.apply.outputs.failure-reason }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Apply did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FAILURE_REASON" != "" ]]; then | |
| echo "::error:: failure-reason not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply: | |
| runs-on: ubuntu-24.04 | |
| name: Apply approved changes | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply | |
| path: tests/workflows/test-apply/changes | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: first-apply | |
| with: | |
| label: test-apply apply | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.first-apply.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.first-apply.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.first-apply.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.first-apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output output_string not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: second-apply | |
| with: | |
| label: test-apply apply | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.second-apply.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.second-apply.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.second-apply.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.second-apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .format_version "$JSON_PLAN_PATH") != "1.2" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ ! -f "$TEXT_PLAN_PATH" ]]; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_variables: | |
| runs-on: ubuntu-24.04 | |
| name: Apply approved changes with variables | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_variables | |
| path: tests/workflows/test-apply/vars | |
| variables: | | |
| my_var="hello" | |
| complex_input=[ | |
| { | |
| internal = 2000 | |
| external = 3000 | |
| protocol = "udp" | |
| }, | |
| { | |
| internal = 4000 | |
| external = 5000 | |
| protocol = "tcp" | |
| }, | |
| ] | |
| var_file: tests/workflows/test-apply/test.tfvars | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| label: test-apply apply_variables | |
| path: tests/workflows/test-apply/vars | |
| variables: | | |
| my_var="hello" | |
| complex_input=[ | |
| { | |
| internal = 2000 | |
| external = 3000 | |
| protocol = "udp" | |
| }, | |
| { | |
| internal = 4000 | |
| external = 5000 | |
| protocol = "tcp" | |
| }, | |
| ] | |
| var_file: tests/workflows/test-apply/test.tfvars | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| FROM_VAR: ${{ steps.output.outputs.from_var }} | |
| FROM_VARFILE: ${{ steps.output.outputs.from_varfile }} | |
| COMPLEX_OUTPUT: ${{ steps.output.outputs.complex_output }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FROM_VAR" != "hello" ]]; then | |
| echo "::error:: output from_var not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FROM_VARFILE" != "monkey" ]]; then | |
| echo "::error:: output from_varfile not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$COMPLEX_OUTPUT" != "2000:3000:udp,4000:5000:tcp" ]]; then | |
| echo "::error:: output complex_output not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| backend_config_12: | |
| runs-on: ubuntu-24.04 | |
| name: backend_config terraform 12 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply backend_config_12 backend_config_file | |
| path: tests/workflows/test-apply/backend_config_12 | |
| backend_config_file: tests/workflows/test-apply/backend_config_12/backend_config | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: backend_config_file_12 | |
| with: | |
| label: test-apply backend_config_12 backend_config_file | |
| path: tests/workflows/test-apply/backend_config_12 | |
| backend_config_file: tests/workflows/test-apply/backend_config_12/backend_config | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_TEST: ${{ steps.backend_config_file_12.outputs.test }} | |
| JSON_PLAN_PATH: ${{ steps.backend_config_file_12.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.backend_config_file_12.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.backend_config_file_12.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_TEST" != "hello" ]]; then | |
| echo "::error:: output from backend_config file not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.test.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply backend_config_12 backend_config | |
| path: tests/workflows/test-apply/backend_config_12 | |
| backend_config: | | |
| bucket=terraform-github-actions | |
| key=backend_config | |
| region=eu-west-2 | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: backend_config_12 | |
| with: | |
| label: test-apply backend_config_12 backend_config | |
| path: tests/workflows/test-apply/backend_config_12 | |
| backend_config: | | |
| bucket=terraform-github-actions | |
| key=backend_config | |
| region=eu-west-2 | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_TEST: ${{ steps.backend_config_12.outputs.test }} | |
| JSON_PLAN_PATH: ${{ steps.backend_config_12.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.backend_config_12.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.backend_config_12.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_TEST" != "hello" ]]; then | |
| echo "::error:: Output from backend_config not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.test.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| backend_config_13: | |
| runs-on: ubuntu-24.04 | |
| name: backend_config terraform 13 | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply backend_config_12 backend_config_file | |
| path: tests/workflows/test-apply/backend_config_13 | |
| backend_config_file: tests/workflows/test-apply/backend_config_13/backend_config | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: backend_config_file_13 | |
| with: | |
| label: test-apply backend_config_12 backend_config_file | |
| path: tests/workflows/test-apply/backend_config_13 | |
| backend_config_file: tests/workflows/test-apply/backend_config_13/backend_config | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_TEST: ${{ steps.backend_config_file_13.outputs.test }} | |
| JSON_PLAN_PATH: ${{ steps.backend_config_file_13.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.backend_config_file_13.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.backend_config_file_13.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_TEST" != "hello" ]]; then | |
| echo "::error:: output from backend_config file not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.test.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply backend_config_12 backend_config | |
| path: tests/workflows/test-apply/backend_config_13 | |
| backend_config: | | |
| bucket=terraform-github-actions | |
| key=backend_config_13 | |
| region=eu-west-2 | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: backend_config_13 | |
| with: | |
| label: test-apply backend_config_12 backend_config | |
| path: tests/workflows/test-apply/backend_config_13 | |
| backend_config: | | |
| bucket=terraform-github-actions | |
| key=backend_config_13 | |
| region=eu-west-2 | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_TEST: ${{ steps.backend_config_13.outputs.test }} | |
| JSON_PLAN_PATH: ${{ steps.backend_config_13.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.backend_config_13.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.backend_config_13.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_TEST" != "hello" ]]; then | |
| echo "::error:: Output from backend_config not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.test.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_label: | |
| runs-on: ubuntu-24.04 | |
| name: Apply approved with a variable and label | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-apply/vars | |
| label: test-apply apply_label | |
| variables: my_var="world" | |
| var_file: tests/workflows/test-apply/test.tfvars | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| path: tests/workflows/test-apply/vars | |
| label: test-apply apply_label | |
| variables: my_var="world" | |
| var_file: tests/workflows/test-apply/test.tfvars | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_no_changes: | |
| runs-on: ubuntu-24.04 | |
| name: Apply when there are no planned changes | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| path: tests/workflows/test-apply/remote | |
| - name: Verify outputs | |
| env: | |
| MY_STRING: ${{ steps.output.outputs.my_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$MY_STRING" != "hello" ]]; then | |
| echo "::error:: output my_string not set correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .format_version "$JSON_PLAN_PATH") != "0.1" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "No changes" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_no_plan: | |
| runs-on: ubuntu-24.04 | |
| name: Apply when there is no approved plan | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: apply | |
| continue-on-error: true | |
| with: | |
| path: tests/workflows/test-apply/no_plan | |
| - name: Check failed to apply | |
| env: | |
| OUTCOME: ${{ steps.apply.outcome }} | |
| JSON_PLAN_PATH: ${{ steps.apply.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.apply.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.apply.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Apply did not fail correctly" | |
| exit 1 | |
| fi | |
| cat "$JSON_PLAN_PATH" | |
| if [[ $(jq -r .format_version "$JSON_PLAN_PATH") != "1.2" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_user_token: | |
| runs-on: ubuntu-24.04 | |
| name: Apply using a personal access token | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.USER_GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_user_token | |
| path: tests/workflows/test-apply/changes | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| label: test-apply apply_user_token | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_fine_grained_pat: | |
| runs-on: ubuntu-24.04 | |
| name: Apply using a fine grained personal access token | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.FINE_PAT_GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_fine_grained_pat | |
| path: tests/workflows/test-apply/changes | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| label: test-apply apply_fine_grained_pat | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_terraform_actions_github_token: | |
| runs-on: ubuntu-24.04 | |
| name: Apply using a token in TERRAFORM_ACTIONS_GITHUB_TOKEN | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: No | |
| TERRAFORM_ACTIONS_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_terraform_actions_github_token | |
| path: tests/workflows/test-apply/changes | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| label: test-apply apply_terraform_actions_github_token | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "Terraform will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_vars: | |
| runs-on: ubuntu-24.04 | |
| name: Apply approved changes with deprecated vars | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-apply/deprecated_var | |
| var: my_var=hello | |
| var_file: tests/workflows/test-apply/test.tfvars | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| path: tests/workflows/test-apply/deprecated_var | |
| var: my_var=hello | |
| var_file: tests/workflows/test-apply/test.tfvars | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| FROM_VAR: ${{ steps.output.outputs.from_var }} | |
| FROM_VARFILE: ${{ steps.output.outputs.from_varfile }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FROM_VAR" != "this should be overridden" ]]; then | |
| echo "::error:: output from_var not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FROM_VARFILE" != "monkey" ]]; then | |
| echo "::error:: output from_varfile not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| apply_refresh: | |
| runs-on: ubuntu-24.04 | |
| name: Apply changes are refresh | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan 1 | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_refresh 1 | |
| path: tests/workflows/test-apply/refresh_15 | |
| variables: len=10 | |
| - name: Apply 1 | |
| uses: ./terraform-apply | |
| with: | |
| label: test-apply apply_refresh 1 | |
| path: tests/workflows/test-apply/refresh_15 | |
| variables: len=10 | |
| - name: Plan 2 | |
| uses: ./terraform-plan | |
| id: plan | |
| with: | |
| label: test-apply apply_refresh 2 | |
| path: tests/workflows/test-apply/refresh_15 | |
| variables: len=20 | |
| - name: Verify outputs | |
| env: | |
| CHANGES: ${{ steps.plan.outputs.changes }} | |
| TO_ADD: ${{ steps.plan.outputs.to_add }} | |
| TO_CHANGE: ${{ steps.plan.outputs.to_change }} | |
| TO_DESTROY: ${{ steps.plan.outputs.to_destroy }} | |
| run: | | |
| echo "changes=$CHANGES" | |
| if [[ "$CHANGES" != "true" ]]; then | |
| echo "::error:: output changes not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_ADD" -ne 1 ]]; then | |
| echo "::error:: to_add not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_CHANGE" -ne 0 ]]; then | |
| echo "::error:: to_change not set correctly" | |
| exit 1 | |
| fi | |
| if [[ "$TO_DESTROY" -ne 1 ]]; then | |
| echo "::error:: to_destroy not set correctly" | |
| exit 1 | |
| fi | |
| - name: Test output expressions | |
| if: steps.plan.outputs.to_add != 1 || steps.plan.outputs.to_change != 0 || steps.plan.outputs.to_destroy != 1 | |
| run: | | |
| echo "if expression should not have evaluated true" | |
| exit 1 | |
| - name: Apply 2 | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| label: test-apply apply_refresh 2 | |
| path: tests/workflows/test-apply/refresh_15 | |
| variables: len=20 | |
| apply_with_pre_run: | |
| runs-on: ubuntu-24.04 | |
| name: Apply with pre-run script | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TERRAFORM_PRE_RUN: | | |
| echo "testing command 1" | |
| echo "testing command 2" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply apply_with_pre_run | |
| path: tests/workflows/test-apply/changes | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: output | |
| with: | |
| label: test-apply apply_with_pre_run | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output_string not set correctly" | |
| exit 1 | |
| fi | |
| warnings_hash: | |
| runs-on: ubuntu-24.04 | |
| name: Apply with inconsistent warnings | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply warnings_hash | |
| path: tests/workflows/test-apply/warnings | |
| - name: Create warning | |
| run: | | |
| mv tests/workflows/test-apply/warnings/warning.tfn tests/workflows/test-apply/warnings/warning.tf | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| label: test-apply warnings_hash | |
| path: tests/workflows/test-apply/warnings | |
| warnings_text: | |
| runs-on: ubuntu-24.04 | |
| name: Apply with inconsistent warnings (plan text) | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: dflook/[email protected] | |
| with: | |
| label: test-apply warnings_text | |
| path: tests/workflows/test-apply/warnings | |
| - name: Create warning | |
| run: | | |
| mv tests/workflows/test-apply/warnings/warning.tfn tests/workflows/test-apply/warnings/warning.tf | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| label: test-apply warnings_text | |
| path: tests/workflows/test-apply/warnings | |
| long_plan: | |
| runs-on: ubuntu-24.04 | |
| name: Apply a plan that doesn't fit in a comment | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply long_plan | |
| path: tests/workflows/test-apply/long_plan | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| label: test-apply long_plan | |
| path: tests/workflows/test-apply/long_plan | |
| long_plan_changes: | |
| runs-on: ubuntu-24.04 | |
| name: Don't apply a changed plan that doesn't fit in a comment | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply long_plan_changes | |
| path: tests/workflows/test-apply/long_plan | |
| - name: Apply | |
| uses: ./terraform-apply | |
| id: apply | |
| continue-on-error: true | |
| with: | |
| label: test-apply long_plan_changes | |
| path: tests/workflows/test-apply/long_plan | |
| variables: | | |
| length = 2 | |
| - name: Check failed to apply | |
| env: | |
| OUTCOME: ${{ steps.apply.outcome }} | |
| FAILURE_REASON: ${{ steps.apply.outputs.failure-reason }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Apply did not fail correctly" | |
| exit 1 | |
| fi | |
| if [[ "$FAILURE_REASON" != "plan-changed" ]]; then | |
| echo "::error:: failure-reason not set correctly" | |
| exit 1 | |
| fi | |
| partial_backend_fingerprint: | |
| runs-on: ubuntu-24.04 | |
| name: Get comment using partial fingerprint | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: dflook/[email protected] | |
| with: | |
| path: tests/workflows/test-apply/partial_backend | |
| backend_config_file: tests/workflows/test-apply/partial_backend/backend_config | |
| backend_config: key=${{ github.run_id }}${{ github.run_attempt }} | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-apply/partial_backend | |
| backend_config_file: tests/workflows/test-apply/partial_backend/backend_config | |
| backend_config: key=${{ github.run_id }}${{ github.run_attempt }} | |
| destroy_mode: | |
| runs-on: ubuntu-24.04 | |
| name: Generate and apply a destroy mode plan | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-apply/destroy_mode | |
| auto_approve: true | |
| - name: Plan destroy | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-apply/destroy_mode | |
| destroy: true | |
| - name: Apply destroy | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-apply/destroy_mode | |
| destroy: true | |
| destroy_mode_label: | |
| runs-on: ubuntu-24.04 | |
| name: Generate and apply a destroy mode plan with a label | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-apply/destroy_mode | |
| auto_approve: true | |
| - name: Plan destroy | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply destroy_mode_label | |
| path: tests/workflows/test-apply/destroy_mode | |
| destroy: true | |
| - name: Apply destroy | |
| uses: ./terraform-apply | |
| with: | |
| label: test-apply destroy_mode_label | |
| path: tests/workflows/test-apply/destroy_mode | |
| destroy: true | |
| apply_opentofu: | |
| runs-on: ubuntu-24.04 | |
| name: Apply OpenTofu | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.USER_GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| env: | |
| OPENTOFU_VERSION: "1.6.0-alpha3" | |
| with: | |
| label: test-apply apply_opentofu | |
| path: tests/workflows/test-apply/changes | |
| - name: Apply | |
| uses: ./terraform-apply | |
| env: | |
| OPENTOFU_VERSION: "1.6.0-alpha3" | |
| id: output | |
| with: | |
| label: test-apply apply_opentofu | |
| path: tests/workflows/test-apply/changes | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.output.outputs.output_string }} | |
| JSON_PLAN_PATH: ${{ steps.output.outputs.json_plan_path }} | |
| TEXT_PLAN_PATH: ${{ steps.output.outputs.text_plan_path }} | |
| RUN_ID: ${{ steps.output.outputs.run_id }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "the_string" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| if [[ $(jq -r .output_changes.output_string.actions[0] "$JSON_PLAN_PATH") != "create" ]]; then | |
| echo "::error:: json_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if ! grep -q "OpenTofu will perform the following actions" "$TEXT_PLAN_PATH"; then | |
| echo "::error:: text_plan_path not set correctly" | |
| exit 1 | |
| fi | |
| if [[ -n "$RUN_ID" ]]; then | |
| echo "::error:: run_id should not be set" | |
| exit 1 | |
| fi | |
| long_outputs: | |
| runs-on: ubuntu-24.04 | |
| name: Apply a plan with long outputs | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-apply/long_outputs | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-apply/long_outputs | |
| outputs: | |
| runs-on: ubuntu-24.04 | |
| name: Apply a plan with outputs | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan | |
| uses: ./terraform-plan | |
| with: | |
| path: tests/workflows/test-apply/outputs | |
| - name: Apply | |
| uses: ./terraform-apply | |
| with: | |
| path: tests/workflows/test-apply/outputs | |
| ephemeral: | |
| runs-on: ubuntu-24.04 | |
| name: Apply a plan with ephemeral variables | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Plan using default ephemeral value | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply ephemeral | |
| path: tests/workflows/test-apply/ephemeral | |
| - name: Apply using default ephemeral value | |
| uses: ./terraform-apply | |
| id: apply | |
| with: | |
| label: test-apply ephemeral | |
| path: tests/workflows/test-apply/ephemeral | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.apply.outputs.v }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "non-ephemeral" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| ## | |
| - name: Plan using explicit ephemeral value | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply ephemeral 2 | |
| path: tests/workflows/test-apply/ephemeral | |
| variables: | | |
| region = "eu-west-1" | |
| mv = "hello" | |
| - name: Apply using explicit ephemeral value | |
| uses: ./terraform-apply | |
| id: apply2 | |
| with: | |
| label: test-apply ephemeral 2 | |
| path: tests/workflows/test-apply/ephemeral | |
| variables: | | |
| region = "eu-west-1" | |
| mv = "hello" | |
| - name: Verify outputs | |
| env: | |
| OUTPUT_STRING: ${{ steps.apply2.outputs.v }} | |
| run: | | |
| if [[ "$OUTPUT_STRING" != "hello" ]]; then | |
| echo "::error:: output s not set correctly" | |
| exit 1 | |
| fi | |
| ## | |
| - name: Plan using explicit non-ephemeral value | |
| uses: ./terraform-plan | |
| with: | |
| label: test-apply ephemeral 3 | |
| path: tests/workflows/test-apply/ephemeral | |
| variables: | | |
| region = "eu-west-2" | |
| mv = "goodbye" | |
| - name: Apply using mismatched explicit non-ephemeral value | |
| uses: ./terraform-apply | |
| continue-on-error: true | |
| id: apply3 | |
| with: | |
| label: test-apply ephemeral 3 | |
| path: tests/workflows/test-apply/ephemeral | |
| variables: | | |
| region = "eu-west-2" | |
| mv = "mismatch" | |
| - name: Check failed to apply | |
| env: | |
| OUTCOME: ${{ steps.apply3.outcome }} | |
| run: | | |
| if [[ "$OUTCOME" != "failure" ]]; then | |
| echo "Apply did not fail correctly" | |
| exit 1 | |
| fi |