Merge pull request #3 from terramate-io/soerenmartius/add-trigger #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terragrunt Deployment | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| deploy: | |
| name: Deploy Terragrunt changes in changed Terramate stacks | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| ### Check out the code | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ### Install tooling | |
| - name: Install Terramate | |
| uses: terramate-io/terramate-action@v1 | |
| - name: Install asdf | |
| uses: asdf-vm/actions/setup@v3 | |
| - name: Install Terraform and Terragrunt with asdf | |
| run: | | |
| asdf plugin add terraform | |
| asdf plugin add terragrunt | |
| asdf install terraform | |
| asdf install terragrunt | |
| ### Check for changed stacks | |
| - name: List changed stacks | |
| id: list | |
| run: terramate list -C prod --changed | |
| ### Configure cloud credentials | |
| - name: Configure AWS credentials | |
| if: steps.list.outputs.stdout | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github | |
| env: | |
| AWS_REGION: us-east-1 | |
| AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }} | |
| - name: Verify AWS credentials | |
| if: steps.list.outputs.stdout | |
| run: aws sts get-caller-identity | |
| ### Run the Terragrunt deployment via Terramate in each changed stack | |
| - name: Run Terragrunt init on changed stacks | |
| if: steps.list.outputs.stdout | |
| id: init | |
| run: | | |
| terramate run -C prod --changed -- terragrunt init | |
| - name: Create Terragrunt plan on changed stacks | |
| if: steps.list.outputs.stdout | |
| id: plan | |
| run: terramate run -C prod --changed -- terragrunt plan -lock-timeout=5m -out out.tfplan | |
| env: | |
| TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }} | |
| - name: Apply planned changes on changed stacks | |
| id: apply | |
| if: steps.list.outputs.stdout | |
| run: terramate run -C prod \ | |
| --changed \ | |
| --cloud-sync-deployment \ | |
| --cloud-sync-terraform-plan-file=out.tfplan \ | |
| --terragrunt \ | |
| -- terragrunt apply -input=false -auto-approve -lock-timeout=5m out.tfplan | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }} | |
| - name: Run drift detection | |
| if: steps.list.outputs.stdout && ! cancelled() && steps.apply.outcome != 'skipped' | |
| run: terramate run -C prod \ | |
| --changed \ | |
| --cloud-sync-drift-status \ | |
| --cloud-sync-terraform-plan-file=drift.tfplan \ | |
| --terragrunt \ | |
| -- terragrunt plan -out drift.tfplan -detailed-exitcode | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }} | |