-
Notifications
You must be signed in to change notification settings - Fork 1
61 lines (54 loc) · 2.42 KB
/
tf-plan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: "Terraform Plan"
# Trigger when a pull request is received
on:
pull_request:
jobs:
terraform-plan:
name: "Terraform Plan"
runs-on: ubuntu-latest
steps:
# Checkout the code
# Marketplace: https://github.com/marketplace/actions/checkout
- name: "Setup - Checkout"
uses: actions/[email protected]
# Static analysis of Terraform templates to spot potential security issues
# Marketplace: https://github.com/marketplace/actions/terraform-security-scan
- name: "Setup - Security Scan"
uses: triat/terraform-security-scan@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Provides AWS credentials to Terraform
# By default, Terraform checks the home directory for a .aws folder with a credential file
# Documentation: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/create-shared-credentials-file.html
- name: "Setup - Build AWS Credentials"
run: |
mkdir -p ~/.aws
echo "[default]" > ~/.aws/credentials
echo "aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }}" >> ~/.aws/credentials
echo "aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ~/.aws/credentials
# Downloads a specific version of Terraform CLI and adds it to PATH
# Marketplace: https://github.com/marketplace/actions/hashicorp-setup-terraform
- name: "Setup - Terraform CLI"
uses: hashicorp/[email protected]
# Init pulls credentials from the .aws/credentials file by default
- name: "Run - Terraform Init"
run: terraform init -input=false
# The id value is used for reference in the comment step via "steps.plan.outputs.stdout"
# Note: Color is disabled to prevent messy characters from appearing in the pull request comment
- name: "Run - Terraform Plan"
id: plan
run: terraform plan -input=false -no-color
# Submit a comment with the plan output to the pull request
- name: "Run - Terraform Comment"
uses: actions/[email protected]
env:
STDOUT: "```${{ steps.plan.outputs.stdout }}```"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: process.env.STDOUT
})