Merge branch 'sandbox' into feat-gitignore #145
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ref: https://sentenz.github.io/convention/convention/conventional-commits/ | |
| name: "01 - terraform speculative plan: sandbox" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'feat-*' | |
| - 'fix-*' | |
| - 'docs-*' | |
| - 'style-*' | |
| - 'refactor-*' | |
| - 'test-*' | |
| - 'chore-*' | |
| - 'build-*' | |
| - 'ci-*' | |
| - 'perf-*' | |
| paths: | |
| - '**/*.tf' | |
| env: | |
| TF_CLOUD_ORGANIZATION: "deploymenttheory" | |
| TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | |
| TF_WORKSPACE: "terraform-jamfpro-sandbox" | |
| CONFIG_DIRECTORY: "workload/terraform/jamfpro" | |
| permissions: | |
| contents: write | |
| id-token: write | |
| pull-requests: write | |
| jobs: | |
| branch-check: | |
| if: github.event_name == 'workflow_dispatch' # only need to check branch for manual triggers | |
| name: "branch check" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4.1.7 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Extract branch name | |
| id: extract_branch | |
| run: echo "branch=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
| - name: Validate Branch Name | |
| run: | | |
| branch="${{ steps.extract_branch.outputs.branch }}" | |
| if [[ "$branch" =~ ^(feat|fix|docs|style|refactor|test|chore|build|ci|perf)- ]]; then | |
| echo "Success: Branch name '$branch' is valid." | |
| exit 0 | |
| else | |
| echo "Error: Branch name must start with 'feat-', 'fix-', 'docs-', 'style-', 'refactor-', 'test-', 'chore-', 'build-', 'ci-', or 'perf-'" | |
| exit 1 | |
| fi | |
| terraform-plan: | |
| uses: ./.github/workflows/terraform-plan.yml | |
| with: | |
| tf_cloud_organization: "deploymenttheory" | |
| tf_workspace: "terraform-jamfpro-sandbox" | |
| target_environment: "sandbox" | |
| debug: true | |
| config_directory: "workload/terraform/jamfpro" | |
| release_version: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref || github.ref_name }} | |
| secrets: | |
| TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }} | |
| update-pr: | |
| needs: terraform-plan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Create or Update PR | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const getHeadBranch = () => { | |
| if (context.eventName === 'pull_request') { | |
| return context.payload.pull_request.head.ref; | |
| } else if (context.eventName === 'push') { | |
| return context.ref.replace('refs/heads/', ''); | |
| } else { | |
| return context.ref.replace('refs/heads/', ''); | |
| } | |
| }; | |
| const headBranch = getHeadBranch(); | |
| const baseBranch = 'sandbox'; | |
| console.log(`Head branch: ${headBranch}`); | |
| console.log(`Base branch: ${baseBranch}`); | |
| // Check if PR already exists | |
| const { data: prs } = await github.rest.pulls.list({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| head: `${context.repo.owner}:${headBranch}`, | |
| base: baseBranch, | |
| state: 'open' | |
| }); | |
| let pr; | |
| if (prs.length === 0) { | |
| // Create new PR | |
| try { | |
| const { data: newPr } = await github.rest.pulls.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title: `🔄 Terraform changes from ${headBranch}`, | |
| head: headBranch, | |
| base: baseBranch, | |
| body: '🚀 This PR contains Terraform changes.' | |
| }); | |
| pr = newPr; | |
| } catch (error) { | |
| console.error('Error creating PR:', error.message); | |
| return; | |
| } | |
| } else { | |
| pr = prs[0]; | |
| } | |
| function getStatusSummary(status, planStatus, add, change, destroy) { | |
| if (status !== 'Success') return `❌ Plan ${status}`; | |
| switch (planStatus) { | |
| case 'planned': | |
| if (destroy > 0) return '🚨 Destructive changes detected'; | |
| if (change > 0) return '⚠️ Resource modifications planned'; | |
| if (add > 0) return '✨ New resources to be added'; | |
| return '✅ No changes required'; | |
| case 'pending': | |
| return '⏳ Plan pending'; | |
| case 'running': | |
| return '🔄 Plan in progress'; | |
| case 'errored': | |
| return '🚫 Plan encountered an error'; | |
| case 'canceled': | |
| return '🛑 Plan was canceled'; | |
| case 'cost_estimated': | |
| return '💰 Cost estimation completed'; | |
| case 'policy_checked': | |
| return '📋 Policy check completed'; | |
| case 'planned_and_finished': | |
| return '🏁 Plan completed and finished'; | |
| default: | |
| return `ℹ️ Plan status: ${planStatus}`; | |
| } | |
| } | |
| const statusSummary = getStatusSummary( | |
| '${{ needs.terraform-plan.outputs.status }}', | |
| '${{ needs.terraform-plan.outputs.plan_status }}', | |
| ${{ needs.terraform-plan.outputs.add }}, | |
| ${{ needs.terraform-plan.outputs.change }}, | |
| ${{ needs.terraform-plan.outputs.destroy }} | |
| ); | |
| // Add Terraform plan results to PR | |
| const planOutput = `### 🔍 Terraform Plan Results | |
| ${statusSummary} | |
| \`\`\`diff | |
| + Plan: ${{ needs.terraform-plan.outputs.add }} to add | |
| ~ ${{ needs.terraform-plan.outputs.change }} to change | |
| - ${{ needs.terraform-plan.outputs.destroy }} to destroy | |
| \`\`\` | |
| 📊 [View full plan details](${{ needs.terraform-plan.outputs.run_link }}) | |
| Additional Information: | |
| - Operation Result: ${{ needs.terraform-plan.outputs.status }} | |
| - Plan ID: ${{ needs.terraform-plan.outputs.plan_id }} | |
| --- | |
| ⚠️ Please review these changes carefully before merging. | |
| `; | |
| await github.rest.issues.createComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: pr.number, | |
| body: planOutput | |
| }); |