Skip to content

CDKTF CICD

CDKTF CICD #35

Workflow file for this run

---
name: CDKTF CICD
on:
workflow_dispatch:
inputs:
action:
description: "Action to perform"
required: true
type: choice
options:
- "deploy"
- "diff"
- "destroy"
default: "deploy"
workflow_call:
inputs:
action:
description: "Action to perform"
required: true
type: string
permissions:
contents: read
pull-requests: write
issues: read
env:
CDKTF_VERSION: 0.20.8
TERRAFORM_VERSION: 1.9.5
jobs:
terraform:
name: "Terraform CDK CICD"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
persist-credentials: false
# Configure 1Password Service Account
- name: Configure 1Password Service Account
uses: 1Password/load-secrets-action/configure@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
# Fetch TERRAFORM_CLOUD_TOKEN from 1Password using load-secrets-action
- name: Fetch TERRAFORM_CLOUD_TOKEN from 1Password
uses: 1Password/load-secrets-action@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
id: fetch-terraform-cloud-token
with:
export-env: false
env:
TERRAFORM_CLOUD_TOKEN: op://Infrastructure/terraform/cloud/token
- name: Install Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
cli_config_credentials_token: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
# Fetch the node version from the .nvmrc file
# Strip the leading "v" from the version number
- name: Fetch node version
id: fetch-node-version
run: |
echo "NODE_VERSION=$(cat .nvmrc | sed 's/[^0-9.]*//g')" >> $GITHUB_ENV
- name: Setup yarn
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4
with:
node-version: ${{ steps.fetch-node-version.outputs.NODE_VERSION }}
- name: Install corepack
run: |
corepack enable
- name: Install dependencies
working-directory: ./cdktf
run: |
# Install node-gyp globally first
npm install -g node-gyp
yarn install
- name: Generate module and provider bindings
working-directory: ./cdktf
env:
TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
run: yarn get
- name: Determine mode
id: determine-mode
run: |
if [ "${{ inputs.action }}" == "deploy" ]; then
echo "mode=auto-approve-apply" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "synth" ]; then
echo "mode=synth-only" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "diff" ]; then
echo "mode=plan-only" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "destroy" ]; then
echo "mode=auto-approve-destroy" >> $GITHUB_OUTPUT
else
echo "Unknown action: ${{ inputs.action }}"
exit 1
fi
- name: Run Terraform CDK
uses: hashicorp/terraform-cdk-action@eb48a3e90758fdbde4b9bfca880c294636a1f1c8 # v5.0.14
id: terraform-cdk
with:
terraformVersion: ${{ env.TERRAFORM_VERSION }}
cdktfVersion: ${{ env.CDKTF_VERSION }}
workingDirectory: ./cdktf
stackName: cdktf
mode: ${{ steps.determine-mode.outputs.mode }}
terraformCloudToken: ${{ env.TERRAFORM_CLOUD_TOKEN }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
env:
TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
- name: Store generated CDKTF
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4
# Only store the CDKTF output if the Terraform CDK step ran
if: steps.terraform-cdk.outcome != 'skipped' && steps.terraform-cdk.outcome != 'cancelled'
with:
name: cdktf
path: cdktf/cdktf.out/
retention-days: 5