Skip to content
.github/workflows/call_code_review.yml

Updates #90

Sign in to view logs

Updates

Updates #90

Workflow file for this run

.github/workflows/call_code_review.yml at c9a4ab1
on:
workflow_call:
inputs:
environment:
type: string
required: false
dir:
type: string
required: true
agent:
type: string
required: true
env:
ENV_NAME: "${{ inputs.environment != null && inputs.environment || (github.base_ref == 'main' && 'prod' || (github.base_ref == 'develop' && 'uat' || 'dev')) }}"
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CI }}
ARM_USE_OIDC: true
ARM_USE_AZUREAD: true
ARM_STORAGE_USE_AZUREAD: true
jobs:
plan:
name: Terraform Plan

Check failure on line 25 in .github/workflows/call_code_review.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/call_code_review.yml

Invalid workflow file 

You have an error in your yaml syntax on line 25
runs-on: [ ${{ inputs.agent }}, ${{ inputs.environment }} ]
environment: "${{ inputs.environment != null && inputs.environment || (github.base_ref == 'main' && 'prod' || (github.base_ref == 'develop' && 'uat' || 'dev')) }}-ci"
permissions:
id-token: write
pull-requests: write
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout
# this workaround is necessary to pass the environment value to the next job
# unexpectly, global env vars cannot be read to set the environment and I don't
# want to repeat that complex expression (already repeated twice)
- name: Read Environment
id: env_read
shell: bash
run: |
echo "environment=$ENV_NAME" >> $GITHUB_OUTPUT
echo "$ENV_NAME"
- name: Azure Login
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set Terraform Version
id: set-terraform-version
run: |
echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
name: Setup Terraform
with:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version }}
terraform_wrapper: true
- name: Terraform Init
working-directory: ${{ inputs.dir }}
run: |
bash ./terraform.sh init ${{ steps.env_read.outputs.environment }}
- name: Terraform Plan
working-directory: ${{ inputs.dir }}
continue-on-error: true
run: |
bash ./terraform.sh plan ${{ steps.env_read.outputs.environment }} | tee plan_output.txt
echo "plan terminated"
OUTPUT="$(cat plan_output.txt | grep -v "Refreshing state" | tail -c 60000)"
echo "$OUTPUT" > plan_output_multiline.txt
- uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6
name: Post Plan on PR
if: success() && github.event_name == 'pull_request'
with:
script: |
const fs = require('fs');
const output = fs.readFileSync('${{ inputs.dir }}/plan_output_multiline.txt', 'utf8');
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Plan')
})
const commentBody = `#### Terraform Plan 📖
<details>
<summary>Terraform Plan</summary>
\`\`\`hcl
${output}
\`\`\`
</details>
`;
if (botComment) {
await github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody,
comment_id: botComment.id
})
} else {
await github.rest.issues.createComment({
owner: context.repo.owner,
repo: context.repo.repo,
body: commentBody,
issue_number: context.issue.number
})
}