Bump Fleet to v4.81.0 #384
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tfvalidate | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - '**.tf' | |
| pull_request: | |
| paths: | |
| - '**.tf' | |
| workflow_dispatch: # Manual dispatch | |
| # This allows a subsequently queued workflow run to interrupt previous runs | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id}} | |
| cancel-in-progress: true | |
| defaults: | |
| run: | |
| # fail-fast using bash -eo pipefail. See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference | |
| shell: bash | |
| permissions: | |
| contents: read | |
| jobs: | |
| listaddons: | |
| name: list terraform addon directories | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.matrix.outputs.value }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Clone repo | |
| uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b | |
| with: | |
| fetch-depth: 0 | |
| - id: matrix | |
| run: | | |
| case "${{ github.event_name }}" in | |
| pull_request) | |
| echo "value=$(git diff --name-status origin/${{ github.base_ref }} | awk -v gitfilestatus="D" -F$'\t' '$1 != gitfilestatus { print $2 }' | awk -F/ 'BEGIN { OFS="/" }; { if ( $NF ~ "\.tf$") { $NF=""; print "./" $0 } }' | sort -u | jq -c -s -R 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT} | |
| ;; | |
| push) | |
| echo "value=$(git diff --name-status ${{ github.ref }}~1 | awk -v gitfilestatus="D" -F$'\t' '$1 != gitfilestatus { print $2 }' | awk -F/ 'BEGIN { OFS="/" }; { if ( $NF ~ "\.tf$") { $NF=""; print "./" $0 } }' | sort -u | jq -c -s -R 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT} | |
| ;; | |
| *) | |
| echo "value=$(find ./ -type f -name '*.tf' | awk -F/ 'BEGIN { OFS="/" } ; {$NF=""; print }' | sort -u | jq -c -s -R 'split("\n")[:-1]')" >> ${GITHUB_OUTPUT} | |
| ;; | |
| esac | |
| tfvalidate: | |
| name: terraform validate | |
| runs-on: ubuntu-latest | |
| needs: listaddons | |
| strategy: | |
| matrix: | |
| terraform_dir: ${{ fromJson(needs.listaddons.outputs.matrix) }} | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 | |
| with: | |
| egress-policy: audit | |
| - name: Clone repo | |
| uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 | |
| with: | |
| terraform_version: 1.11.2 | |
| # If we want to test more of these, consider using a matrix. With a matrix of directories, all terraform modules could be fully tested and potentially in parallel. | |
| - name: Validate ${{ matrix.terraform_dir }} module (covers all submodules) | |
| working-directory: ${{ matrix.terraform_dir }} | |
| run: | | |
| # Some modules use aliased AWS providers (for example aws.destination/aws.target) | |
| # and fail direct `terraform validate` unless alias configs are present. | |
| # Generate a temporary provider file for any discovered aws.<alias> references. | |
| AWS_ALIASES="$(grep -RhoE 'provider[[:space:]]*=[[:space:]]*aws\.[A-Za-z0-9_]+' -- *.tf 2>/dev/null | sed -E 's/.*aws\.([A-Za-z0-9_]+)/\1/' | sort -u || true)" | |
| if [[ -n "${AWS_ALIASES}" ]]; then | |
| # Terraform ignores dot-prefixed files, so this must not start with "." | |
| AUTO_PROVIDER_FILE="tfvalidate.providers.auto.tf" | |
| { | |
| echo "// Generated by CI for terraform validate." | |
| echo "// Do not commit." | |
| echo | |
| } > "${AUTO_PROVIDER_FILE}" | |
| for alias in ${AWS_ALIASES}; do | |
| { | |
| echo 'provider "aws" {' | |
| echo " alias = \"${alias}\"" | |
| echo ' region = "us-east-2"' | |
| echo '}' | |
| echo | |
| } >> "${AUTO_PROVIDER_FILE}" | |
| done | |
| echo "Generated ${AUTO_PROVIDER_FILE} for aliases: ${AWS_ALIASES}" | |
| fi | |
| terraform init -backend=false | |
| terraform validate |