-
Notifications
You must be signed in to change notification settings - Fork 0
114 lines (102 loc) · 4.54 KB
/
pipelines-delegated.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Pipelines Execute
run-name: Run Gruntwork Pipelines
on:
workflow_call:
secrets:
PIPELINES_READ_TOKEN:
required: true
env:
PIPELINES_CLI_VERSION: v0.9.10
PIPELINES_ACTIONS_VERSION: v1.1.3
jobs:
detect_changes:
name: Detect Infrastructure Changes
runs-on: ubuntu-latest
steps:
- name: Checkout Pipelines Actions
uses: actions/checkout@v4
with:
path: pipelines-actions
repository: gruntwork-io/pipelines-actions
ref: ${{ env.PIPELINES_ACTIONS_VERSION }}
token: ${{ secrets.PIPELINES_READ_TOKEN }}
- name: Check out repo code
uses: actions/checkout@v4
with:
path: infra-live-repo
fetch-depth: 0
- name: Preflight Checks
uses: ./pipelines-actions/.github/actions/pipelines-preflight-action
with:
PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
- name: Pipelines Orchestrate
id: orchestrate
uses: ./pipelines-actions/.github/actions/pipelines-orchestrate
with:
token: ${{ secrets.PIPELINES_READ_TOKEN || secrets.GITHUB_TOKEN }}
outputs:
pipelines_jobs: ${{ steps.orchestrate.outputs.jobs }}
pipelines_determine:
name: ${{ contains(matrix.jobs.Action.Command, 'plan') && 'Plan' || 'Apply' }} - ${{ matrix.jobs.ChangeType }} - ${{ matrix.jobs.WorkingDirectory }}
needs: [detect_changes]
runs-on: ubuntu-latest
# GHA can't check for length, so we just check if there is an item in the 0 index
if: fromJson(needs.detect_changes.outputs.pipelines_jobs)[0] != null
strategy:
fail-fast: false
matrix:
jobs: ${{ fromJson(needs.detect_changes.outputs.pipelines_jobs) }}
steps:
- name: Checkout Pipelines Actions
uses: actions/checkout@v4
with:
path: pipelines-actions
repository: gruntwork-io/pipelines-actions
ref: ${{ env.PIPELINES_ACTIONS_VERSION }}
token: ${{ secrets.PIPELINES_READ_TOKEN }}
- name: Check out repo code
uses: actions/checkout@v4
with:
path: infra-live-repo
fetch-depth: 0
- name: Bootstrap Workflow
id: bootstrap
uses: ./pipelines-actions/.github/actions/pipelines-bootstrap
with:
token: ${{ secrets.PIPELINES_READ_TOKEN }}
change_type: ${{ matrix.jobs.ChangeType }}
branch: ${{ matrix.jobs.Ref }}
working_directory: ${{ matrix.jobs.WorkingDirectory }}
account_id: ${{ matrix.jobs.AccountId }}
terragrunt_command: ${{ matrix.jobs.Action.Command }} ${{ matrix.jobs.Action.Args }}
additional_data: ${{ toJson(matrix.jobs.AdditionalData) }}
child_account_id: ${{ matrix.jobs.AdditionalData.ChildAccountId }}
account_names: ${{ matrix.jobs.AdditionalData.AccountNames }}
- name: "Run terragrunt ${{ steps.bootstrap.outputs.terragrunt_command }} in ${{ steps.bootstrap.outputs.working_directory }}"
id: terragrunt
uses: ./pipelines-actions/.github/actions/pipelines-aws-execute
with:
PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}
account_id: ${{ steps.bootstrap.outputs.account_id }}
account_role_name: ${{ steps.bootstrap.outputs.role_name }}
role_session_name: ${{ steps.bootstrap.outputs.role_session_name }}
working_directory: ${{ steps.bootstrap.outputs.working_directory }}
gruntwork_context: ${{ toJson(steps.bootstrap.outputs) }}
- name: Update comment
if: always()
uses: ./pipelines-actions/.github/actions/pipelines-status-update
with:
step_name: ${{ matrix.jobs.ChangeType }}
step_working_directory: ${{ matrix.jobs.WorkingDirectory }}
step_status: ${{ steps.terragrunt.conclusion == 'success' && 'success' || 'failed' }}
step_details: ${{ steps.terragrunt.outputs.formatted_plan_output || 'Check the logs for more details.' }}
step_details_extended_log: ${{ steps.terragrunt.outputs.execute_stdout_log }}
pull_request_number: ${{ steps.bootstrap.outputs.pr_number }}
outputs:
account_id: ${{ matrix.jobs.AccountId }}
branch: ${{ steps.bootstrap.outputs.branch }}
action: ${{ steps.bootstrap.outputs.action }}
working_directory: ${{ steps.bootstrap.outputs.working_directory }}
terragrunt_command: ${{ steps.bootstrap.outputs.terragrunt_command }}
additional_data: ${{ steps.bootstrap.outputs.additional_data }}
child_account_id: ${{ steps.bootstrap.outputs.child_account_id }}