Adding terraform #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Base CI Checks | ||
| on: | ||
| # https://help.github.com/en/actions/reference/events-that-trigger-workflows#pull-request-event-pull_request | ||
| pull_request: | ||
| types: [opened, synchronize, reopened] | ||
| # Only run for PRs with main as base branch | ||
| branches: | ||
| - main | ||
| env: | ||
| # Force pipenv to create virtualenv in .venv dir (relative to repo's root dir) | ||
| PIPENV_VENV_IN_PROJECT: 1 | ||
| jobs: | ||
| lint-golang: | ||
| name: Run linting and formatting for GO | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Setup Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.22.x' | ||
| cache: true | ||
| - name: Install dependencies | ||
| run: go get ./... | ||
| - name: golangci-lint | ||
| uses: golangci/golangci-lint-action@v6 | ||
| with: | ||
| version: v1.60 | ||
| test-golang: | ||
| name: Build and test GO CLI | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Setup Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version: '1.22.x' | ||
| cache: true | ||
| - name: Install dependencies | ||
| run: go get ./... | ||
| - name: Build | ||
| run: go build -v cmd/main.go | ||
| - name: Test with the Go CLI | ||
| run: go test ./... | ||
| lint-python: | ||
| name: Run style and type checks | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Setup Python | ||
| id: python-setup | ||
| uses: actions/setup-python@v2 | ||
| with: | ||
| python-version: 3.11.6 | ||
| - uses: actions/cache@v2 | ||
| id: poetry-cache | ||
| working-directory: recommender | ||
|
Check failure on line 63 in .github/workflows/base-ci.yml
|
||
| with: | ||
| path: .venv | ||
| key: ${{ runner.os }}-${{ steps.python-setup.outputs.python-version }}-${{ hashFiles('recommendor/poetry.lock') }} | ||
| - name: Install poetry | ||
| working-directory: recommender | ||
| run: pip install poetry | ||
| - name: Install dev packages | ||
| working-directory: recommender | ||
| if: steps.poetry-cache.outputs.cache-hit != 'true' | ||
| run: poetry install --with dev | ||
| - name: Run linters | ||
| working-directory: recommender | ||
| run: poetry run tox -e lint | ||
| - name: Run type checker | ||
| working-directory: recommender | ||
| run: poetry run tox -e type-check | ||
| test-python: | ||
| name: Run tests | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| # Checkout a copy of the repo | ||
| - uses: actions/checkout@v2 | ||
| - name: Setup Python | ||
| id: python-setup | ||
| uses: actions/setup-python@v2 | ||
| with: | ||
| python-version: 3.11.6 | ||
| - uses: actions/cache@v2 | ||
| working-directory: recommender | ||
| id: poetry-cache | ||
| with: | ||
| path: .venv | ||
| key: ${{ runner.os }}-${{ steps.python-setup.outputs.python-version }}-${{ hashFiles('recommendor/poetry.lock') }} | ||
| - name: Install poetry | ||
| working-directory: recommender | ||
| run: pip install poetry | ||
| - name: Install dev packages | ||
| working-directory: recommender | ||
| if: steps.poetry-cache.outputs.cache-hit != 'true' | ||
| run: poetry install --with dev | ||
| - name: Run unit tests | ||
| working-directory: recommender | ||
| run: poetry run tox -e unit | ||
| terraform-lint: | ||
| name: Run terraform lint | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - uses: dorny/paths-filter@v2 | ||
| name: Check for terraform changes | ||
| id: changes | ||
| with: | ||
| filters: | | ||
| src: | ||
| - 'terraform/**' | ||
| - if: steps.changes.outputs.src == 'true' | ||
| name: Setup terraform | ||
| id: terraform-setup | ||
| uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_version: 1.5.6 | ||
| - if: steps.changes.outputs.src == 'true' | ||
| name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: ${{ secrets.AWS_REGION }} | ||
| - if: steps.changes.outputs.src == 'true' | ||
| name: Terraform init | ||
| id: init | ||
| working-directory: terraform/root-modules/warnings | ||
| env: | ||
| TF_WORKSPACE: default | ||
| run: | | ||
| terraform init | ||
| - if: steps.changes.outputs.src == 'true' | ||
| id: fmt | ||
| name: Lint terraform | ||
| run: | | ||
| terraform fmt -recursive -check terraform/ | ||
| - if: steps.changes.outputs.src == 'true' | ||
| name: Terraform plan | ||
| id: dev-plan | ||
| working-directory: terraform/root-modules/warnings | ||
| env: | ||
| TF_WORKSPACE: gimmedat | ||
| run: | | ||
| terraform plan -out=tf.out -var-file dev.tfvars | ||
| - if: steps.changes.outputs.src == 'true' | ||
| uses: actions/github-script@v7 | ||
| env: | ||
| PLAN: "terraform\n${{ steps.dev-plan.outputs.stdout }}" | ||
| with: | ||
| github-token: ${{ secrets.TOKEN }} | ||
| script: | | ||
| const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | ||
| #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | ||
| #### Terraform Plan 📖\`${{ steps.dev-plan.outcome }}\` | ||
| <details><summary>Show Plan</summary> | ||
| \`\`\`\n | ||
| ${process.env.PLAN} | ||
| \`\`\` | ||
| </details> | ||
| *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; | ||
| github.rest.issues.createComment({ | ||
| issue_number: context.issue.number, | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| body: output | ||
| }) | ||
