This repository has been archived by the owner on Sep 23, 2024. It is now read-only.
Merge pull request #323 from FIRST-Tech-Challenge/2024.05.07-flask-oidc #378
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Terraform Development' | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
jobs: | |
terraform: | |
name: 'Terraform' | |
runs-on: ubuntu-latest | |
environment: development | |
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest | |
defaults: | |
run: | |
shell: bash | |
steps: | |
# Checkout the repository to the GitHub Actions runner | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Install Key | |
run: | | |
echo "${{secrets.SERVICE_KEY}}" | base64 --decode > key.json | |
echo "${{secrets.OIDC_SECRETS}}" | base64 --decode > client_secrets.json | |
- name: Write Properties | |
run: | | |
echo "{ \"version\" : \"$(git rev-parse --short $GITHUB_SHA) \" }" > server/app_engine/app.properties | |
- name: Closure Build | |
run: ./gradlew compileJavascript | |
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 0.14.4 | |
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. | |
- name: Terraform Init | |
working-directory: terraform/dev | |
run: terraform init -var project_id=${{secrets.PROJECT_ID}} -var project_url="${{secrets.PROJECT_URL}}" -var environment="development" | |
env: | |
GOOGLE_APPLICATION_CREDENTIALS: "../../key.json" | |
# Generates an execution plan for Terraform | |
- name: Terraform Plan | |
id: plan | |
working-directory: terraform/dev | |
run: terraform plan -var project_id=${{secrets.PROJECT_ID}} -var project_url=${{secrets.PROJECT_URL}} -var environment="development" | |
env: | |
GOOGLE_APPLICATION_CREDENTIALS: "../../key.json" | |
# Attach the plan to the GitHub PR. | |
- name: Post Plan | |
if: always() && github.ref != 'refs/heads/main' && (steps.plan.outcome == 'success' || steps.plan.outcome == 'failure') | |
uses: cmacfarl/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
EXPAND_SUMMARY_DETAILS: 'true' # Override global environment variable; expand details just for this step | |
with: | |
commenter_type: plan | |
commenter_input: ${{ format('{0}{1}', steps.plan.outputs.stdout, steps.plan.outputs.stderr) }} | |
commenter_exitcode: ${{ steps.plan.outputs.exitcode }} | |
# On push to main, build or change infrastructure according to Terraform configuration files | |
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks | |
- name: Terraform Apply | |
working-directory: terraform/dev | |
if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
run: terraform apply -var project_id=${{secrets.PROJECT_ID}} -var project_url=${{secrets.PROJECT_URL}} -var environment="development" -auto-approve | |
env: | |
GOOGLE_APPLICATION_CREDENTIALS: "../../key.json" |