feat: Add enabled workload_identity๐ฎ๐น + apply payopt prod + apply mโฆ
#9475
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Analysis | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| static_analysis: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: โก Checkout code | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: ๐ Read current terraform version | |
| run: | | |
| VER=$(cat .terraform-version) | |
| echo "TERRAFORM_VERSION=$VER" >> $GITHUB_ENV | |
| - name: ๐จ Setup Terraform | |
| # from https://github.com/hashicorp/setup-terraform/commits/main | |
| uses: hashicorp/setup-terraform@97f030cf6dc0b4f5e0da352c7bca9cca34579800 #v3.1.0 | |
| with: | |
| terraform_version: "${{ env.TERRAFORM_VERSION }}" | |
| - name: ๐ Init terraform folders | |
| id: init_terraform_folders | |
| shell: bash | |
| run: | | |
| echo -e "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" | |
| echo "+ ๐จ CREATE CACHE FOLDER +" | |
| echo -e "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-\n" | |
| export TF_PLUGIN_CACHE_DIR="/tmp/.terraform.d/plugin-cache" | |
| mkdir -p ${TF_PLUGIN_CACHE_DIR} | |
| ls -la ${TF_PLUGIN_CACHE_DIR} | |
| echo "๐ข Show space" | |
| df -h | |
| du -h ${TF_PLUGIN_CACHE_DIR} | |
| echo -e "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-" | |
| echo "+ ๐ INIT TERRAFORM FOLDERS ๐ +" | |
| echo -e "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-\n" | |
| FOLDERS=$(grep -rl --include='*.tf' --exclude-dir='.terraform' '^' . | xargs -I{} dirname {} | sort -u) | |
| echo "FOLDERS=${FOLDERS}" | |
| pids=() | |
| # TAG=$(cat .terraform-version) | |
| # docker pull hashicorp/terraform:$TAG | |
| for f in $FOLDERS; do | |
| pushd "$(pwd)/${f}" | |
| sed -i -e 's/ backend "azurerm" {}//g' 99_main.tf # use local backend | |
| terraform init -upgrade & | |
| pids+=($!) | |
| popd | |
| done | |
| # Wait for each specific process to terminate. | |
| # Instead of this loop, a single call to 'wait' would wait for all the jobs | |
| # to terminate, but it would not give us their exit status. | |
| # | |
| for pid in "${pids[@]}"; do | |
| # | |
| # Waiting on a specific PID makes the wait command return with the exit | |
| # status of that process. Because of the 'set -e' setting, any exit status | |
| # other than zero causes the current shell to terminate with that exit | |
| # status as well. | |
| # | |
| wait "$pid" | |
| done | |
| echo "๐ข Show space 3" | |
| df -h | |
| ls -la /tmp/.terraform.d/plugin-cache | |
| du -h -d 5 ${TF_PLUGIN_CACHE_DIR} | |
| - name: Show precommit version | |
| shell: bash | |
| run: | | |
| echo -e "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+" | |
| echo "+ 1๏ธโฃ SHOW PRECOMMIT VERSION 1๏ธโฃ +" | |
| echo -e "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n" | |
| TAG=v1.96.2@sha256:01f870b7689b5a09c1a370914fcddcac42c4b6478c9d369e1d2590dd0a66ffd0 | |
| docker run --rm --entrypoint cat ghcr.io/antonbabenko/pre-commit-terraform:$TAG /usr/bin/tools_versions_info | |
| - name: ๐จ Run precommit | |
| id: run_precommit | |
| shell: bash | |
| run: | | |
| echo -e "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+" | |
| echo "+- ๐จ PRECOMMIT TERRAFORM ๐จ -+" | |
| echo -e "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n" | |
| export TF_PLUGIN_CACHE_DIR="/tmp/.terraform.d/plugin-cache" | |
| TAG=v1.96.2@sha256:01f870b7689b5a09c1a370914fcddcac42c4b6478c9d369e1d2590dd0a66ffd0 | |
| docker run \ | |
| -v $(pwd):/lint \ | |
| -v /tmp/.terraform.d/plugin-cache:/tmp/.terraform.d/plugin-cache \ | |
| -w /lint \ | |
| ghcr.io/antonbabenko/pre-commit-terraform:$TAG \ | |
| run -a |