Bumping version #375
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tfvalidate | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - '**.tf' | |
| pull_request: | |
| paths: | |
| - '**.tf' | |
| workflow_dispatch: # Manual dispatch | |
| # This allows a subsequently queued workflow run to interrupt previous runs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| listaddons: | |
| name: list terraform addon directories | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.value }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Clone repo | |
| uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | |
| with: | |
| fetch-depth: 0 | |
| - id: matrix | |
| run: | | |
| case "${{ github.event_name }}" in | |
| pull_request) | |
| echo "value=$(git diff --name-status origin/${{ github.base_ref }} | awk -v gitfilestatus="D" -F$'\t' '$1 != gitfilestatus { print $2 }' | awk -F/ 'BEGIN { OFS="/" }; { if ( $NF ~ "\.tf$") { $NF=""; print "./" $0 } }' | sort -u | jq -c -s -R 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT} | |
| ;; | |
| push) | |
| echo "value=$(git diff --name-status ${{ github.ref }}~1 | awk -v gitfilestatus="D" -F$'\t' '$1 != gitfilestatus { print $2 }' | awk -F/ 'BEGIN { OFS="/" }; { if ( $NF ~ "\.tf$") { $NF=""; print "./" $0 } }' | sort -u | jq -c -s -R 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT} | |
| ;; | |
| *) | |
| echo "value=$(find ./ -type f -name '*.tf' | awk -F/ 'BEGIN { OFS="/" } ; {$NF=""; print }' | sort -u | jq -c -s -R 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT} | |
| ;; | |
| esac | |
| tfvalidate: | |
| name: terraform validate | |
| runs-on: ubuntu-latest | |
| needs: listaddons | |
| strategy: | |
| matrix: | |
| terraform_dir: ${{ fromJson(needs.listaddons.outputs.matrix) }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Clone repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 | |
| with: | |
| terraform_version: 1.11.2 | |
| # If we want to test more of these, consider using a matrix. With a matrix of directories, all terraform modules could be fully tested and potentially in parallel. | |
| - name: Validate ${{ matrix.terraform_dir }} module (covers all submodules) | |
| working-directory: ${{ matrix.terraform_dir }} | |
| run: | | |
| terraform init -backend=false | |
| terraform validate |