upgrading Terramate to v0.9.0 #58
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terragrunt Preview | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| preview: | |
| name: Plan Terragrunt changes in changed Terramate stacks | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| checks: read | |
| steps: | |
| ### Create Pull Request comment | |
| - name: Prepare pull request preview comment | |
| if: github.event.pull_request | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| header: preview | |
| message: | | |
| ## Preview of Terragrunt changes in ${{ github.event.pull_request.head.sha }} | |
| :warning: preview is being created... please stand by! | |
| ### Check out the code | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.head_ref }} | |
| fetch-depth: 0 | |
| ### Install tooling | |
| - name: Install Terramate | |
| uses: terramate-io/terramate-action@v2 | |
| - name: Install asdf | |
| uses: asdf-vm/actions/setup@v3 | |
| - name: Install Terraform and Terragrunt with asdf | |
| run: | | |
| asdf plugin add terraform | |
| asdf plugin add terragrunt | |
| asdf install terraform | |
| asdf install terragrunt | |
| ### Linting | |
| - name: Check Terramate formatting | |
| run: terramate fmt --check | |
| ### Check for changed stacks | |
| - name: List changed stacks | |
| id: list | |
| run: terramate list --changed | |
| ### Configure cloud credentials | |
| - name: Configure AWS credentials | |
| if: steps.list.outputs.stdout | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github | |
| env: | |
| AWS_REGION: us-east-1 | |
| AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }} | |
| - name: Verify AWS credentials | |
| if: steps.list.outputs.stdout | |
| run: aws sts get-caller-identity | |
| ### Run the Terragrunt preview via Terramate in each changed stack | |
| - name: Initialize Terragrunt in changed stacks | |
| if: steps.list.outputs.stdout | |
| run: terramate run --parallel 1 --changed -- terragrunt init -lock-timeout=5m | |
| - name: Plan Terragrunt changes in changed stacks | |
| if: steps.list.outputs.stdout | |
| run: | | |
| terramate run \ | |
| --parallel 5 \ | |
| --changed \ | |
| --sync-preview \ | |
| --terraform-plan-file=out.tfplan \ | |
| --debug-preview-url preview_url.txt \ | |
| --continue-on-error \ | |
| --terragrunt \ | |
| -- \ | |
| terragrunt plan -out out.tfplan \ | |
| -detailed-exitcode \ | |
| -lock=false | |
| env: | |
| TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }} | |
| ### Update Pull Request comment | |
| - name: Generate preview details | |
| if: steps.list.outputs.stdout | |
| id: comment | |
| run: | | |
| echo >>pr-comment.txt "## Preview of Terragrunt changes in ${{ github.event.pull_request.head.sha }}" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt "[:mag: View Details on Terramate Cloud]($(cat prod/preview_url.txt))" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt "### Changed Stacks" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt '```bash' | |
| echo >>pr-comment.txt "${{ steps.list.outputs.stdout }}" | |
| echo >>pr-comment.txt '```' | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt "#### Terragrunt Plan" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt '```terraform' | |
| terramate run \ | |
| --changed \ | |
| --terragrunt \ | |
| -- \ | |
| terragrunt show -no-color out.tfplan \ | |
| |& dd bs=1024 count=248 >>pr-comment.txt | |
| [ "${PIPESTATUS[0]}" == "141" ] && sed -i 's/#### Terragrunt Plan/#### :warning: Terragrunt Plan truncated: please check console output :warning:/' pr-comment.txt | |
| echo >>pr-comment.txt '```' | |
| cat pr-comment.txt >>$GITHUB_STEP_SUMMARY | |
| env: | |
| TF_VAR_master_password: ${{ secrets.MYSQL_PROD_MASTER_PASSWORD }} | |
| - name: Generate preview when no stacks changed | |
| if: success() && !steps.list.outputs.stdout | |
| run: | | |
| echo >>pr-comment.txt "## Preview of Terragrunt changes in ${{ github.event.pull_request.head.sha }}" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt "### Changed Stacks" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt 'No changed stacks, no detailed preview will be generated.' | |
| cat pr-comment.txt >>$GITHUB_STEP_SUMMARY | |
| - name: Generate preview when things failed | |
| if: failure() | |
| run: | | |
| echo >>pr-comment.txt "## Preview of Terragrunt changes in ${{ github.event.pull_request.head.sha }}" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt "[:mag: View Details on Terramate Cloud]($(cat prod/preview_url.txt))" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt "### Changed Stacks" | |
| echo >>pr-comment.txt | |
| echo >>pr-comment.txt '```bash' | |
| echo >>pr-comment.txt "${{ steps.list.outputs.stdout }}" | |
| echo >>pr-comment.txt '```' | |
| echo >>pr-comment.txt ':boom: Generating preview failed. Please see details in Actions output.' | |
| cat pr-comment.txt >>$GITHUB_STEP_SUMMARY | |
| - name: Publish generated preview as GitHub commnent | |
| uses: marocchino/sticky-pull-request-comment@v2 | |
| with: | |
| header: preview | |
| path: pr-comment.txt |