From 1a65bd74a7b1e754d24dfd059b6646590a44a56d Mon Sep 17 00:00:00 2001 From: Sean Fern Date: Wed, 1 Nov 2023 14:29:06 -0400 Subject: [PATCH] PLT-193 Workflow for github-actions calling reusable workflow (#16) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## đŸŽĢ Ticket https://jira.cms.gov/browse/PLT-193 ## 🛠 Changes Added a workflow for github-actions terraform that calls the reusable terraform-fmt workflow. ## ℹī¸ Context for reviewers This is a minimal proof for testing out reusable workflows, and allows for exploring some ideas to expand in #13. ## ✅ Acceptance Validation Testing workflows before the PR is merged is tricky. We'll likely need to test after merge, then create a follow-up PR if there are issues. ## 🔒 Security Implications - [ ] This PR adds a new software dependency or dependencies. - [ ] This PR modifies or invalidates one or more of our security controls. - [ ] This PR stores or transmits data that was not stored or transmitted before. - [ ] This PR requires additional review of its security implications for other reasons. If any security implications apply, add Jason Ashbaugh (GitHub username: StewGoin) as a reviewer and do not merge this PR without his approval. --- .../github-actions-terraform-plan.yml | 21 +++++++++++++++ .github/workflows/terraform-fmt.yml | 27 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 .github/workflows/github-actions-terraform-plan.yml create mode 100644 .github/workflows/terraform-fmt.yml diff --git a/.github/workflows/github-actions-terraform-plan.yml b/.github/workflows/github-actions-terraform-plan.yml new file mode 100644 index 00000000..e61be80e --- /dev/null +++ b/.github/workflows/github-actions-terraform-plan.yml @@ -0,0 +1,21 @@ +name: Terraform plan for github-actions terraform + +on: + pull_request: + paths: + - 'terraform/services/github-actions/**' # Specify the path to trigger the workflow + workflow_dispatch: # Allow manual trigger + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + check-terraform-fmt: + uses: ./.github/workflows/terraform-fmt.yml + with: + working-directory: ./terraform/services/github-actions + + terraform-plan: + steps: + - run: echo "TODO Create a reusable terraform-plan workflow to call' diff --git a/.github/workflows/terraform-fmt.yml b/.github/workflows/terraform-fmt.yml new file mode 100644 index 00000000..9221b650 --- /dev/null +++ b/.github/workflows/terraform-fmt.yml @@ -0,0 +1,27 @@ +name: Check terraform formatting + +on: + workflow_call: + inputs: + working-directory: + required: true + type: string + +defaults: + run: + working-directory: ${{ inputs.working-directory }} + +jobs: + terraform-fmt: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install tfenv + run: | + git clone https://github.com/tfutils/tfenv.git ~/.tfenv + echo "PATH=$HOME/.tfenv/bin:$PATH" >> "$GITHUB_ENV" + + - name: Check terraform format + run: terraform fmt -check -diff -recursive .