-
Notifications
You must be signed in to change notification settings - Fork 1
145 lines (121 loc) · 5.12 KB
/
terraform-plan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Terraform Plan and Cost Estimation
# run-name: ${{ github.actor }} triggered the pipeline
on:
workflow_dispatch:
pull_request:
types: [opened, synchronize, reopened]
branches:
- 'infra_main'
# paths:
# - './terraform/**'
permissions:
pull-requests: write
env:
AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TF_VAR_aws_region: ${{ vars.TF_AWS_REGION }}
TF_VAR_ami_id: ${{ vars.TF_AMI_ID }}
TF_VAR_instance_type: ${{ vars.TF_INSTANCE_TYPE }}
TF_VAR_volume_size: ${{ vars.TF_VOLUME_SIZE }}
TF_VAR_key_pair_name: ${{ vars.TF_KEY_PAIR_NAME }}
TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }}
TF_VAR_domain_name: ${{ vars.TF_DOMAIN_NAME }}
TF_VAR_frontend_domain: ${{ vars.TF_FRONTEND_DOMAIN }}
TF_VAR_db_domain: ${{ vars.TF_DB_DOMAIN }}
TF_VAR_traefik_domain: ${{ vars.TF_TRAEFIK_DOMAIN }}
TF_VAR_cert_email: ${{ secrets.TF_CERT_EMAIL }}
TF_VAR_private_key_path: ./${{ vars.TF_KEY_PAIR_NAME }}.pem
jobs:
terraform-plan:
name: Terraform Plan
runs-on: ubuntu-latest
steps:
- name: Checkout PR Branch
uses: actions/checkout@v2
- name: Write Private Key to File
run: |
echo "${{ secrets.PRIVATE_KEY }}" > ${{ vars.TF_KEY_PAIR_NAME }}.pem
chmod 600 ${{ vars.TF_KEY_PAIR_NAME }}.pem
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Terraform Init
id: init
run: terraform init
working-directory: ./terraform
- name: Terraform Plan
id: plan
run: |
terraform plan -out=tfplan.out \
-var="ami_id=ami-005fc0f236362e99f" \
-var="instance_type=t2.large" \
-var="volume_size=20"
working-directory: ./terraform
- name: Save Plan JSON
id: save-plan
run: terraform show -no-color tfplan.out > /tmp/tfplan.txt
working-directory: ./terraform
- name: Setup Infracost
uses: infracost/actions/setup@v3
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
# Checkout the branch you want Infracost to compare costs against, most commonly the target branch.
- name: Checkout base branch
uses: actions/checkout@v4
with:
ref: '${{ github.event.pull_request.base.ref }}'
- name: Run Infracost
run: |
infracost breakdown --path=./terraform --format=json --out-file=/tmp/infracost-base.json
# Checkout the current PR branch so we can create a diff.
- name: Checkout PR branch
uses: actions/checkout@v4
- name: Generate Infracost diff
run: |
infracost breakdown --path=./terraform --format=table --out-file=/tmp/infracost-new.txt \
--terraform-var "ami_id=ami-005fc0f236362e99f" \
--terraform-var "instance_type=t2.large" \
--terraform-var "volume_size=20"
infracost diff --path=./terraform \
--format=json \
--compare-to=/tmp/infracost-base.json \
--out-file=/tmp/infracost.json \
--terraform-var "ami_id=ami-005fc0f236362e99f" \
--terraform-var "instance_type=t2.large" \
--terraform-var "volume_size=20"
- name: Post Infracost Comment
run: |
infracost comment github --path=/tmp/infracost.json \
--repo=$GITHUB_REPOSITORY \
--github-token=${{ github.token }} \
--pull-request=${{ github.event.pull_request.number }} \
--behavior=update
- name: Update PR Comment
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: ${{ steps.plan.outcome }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const fs = require('fs');
const plan = fs.readFileSync('/tmp/tfplan.txt', 'utf8');
const infracost = fs.readFileSync('/tmp/infracost-new.txt', 'utf8');
const output = `#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`hcl
${plan}
\`\`\`
</details>
#### New Infracost Breakdown 💰
<details><summary>Show Breakdown</summary>
\`\`\`sh
${infracost}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})