Trez/tar-valon-terraform
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Activity

Changing comment action.

Browse Source
This commit is contained in:
Trez.One
2025-11-03 09:13:43 -05:00
parent be228f9be4
commit 4afa5a252d
1 changed files with 48 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/auto-pr-tofu-plan.yml
+48 -61
View File
@@ -7,7 +7,8 @@ on:
- "main"
- "renovate/**"
paths:
- "cloudflare/**"
- "cloudflare/**"
env:
OPENTOFU_VERSION: "1.10.6"
HC_VAULT_VERSION: "1.20.4"
@@ -21,7 +22,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
uses: actions/checkout@v4
with:
fetch-depth: 1
@@ -29,11 +30,11 @@ jobs:
run: |
echo "VAULT_TOKEN=${{ secrets.VAULT_GITEA_TOKEN }}" >> $GITHUB_ENV
- name: Gotify Notification
- name: Gotify Notification - Start
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
notification_title: "GITEA: PR Check @ Rinoa"
notification_message: "Checking for existing PR... 🔍"
@@ -43,14 +44,14 @@ jobs:
with:
url: ${{ secrets.TREZ_GITEA_URL }}
token: ${{ secrets.BOT_GITEA_TOKEN }}
pr-label: docker-compose,manual
pr-label: "docker-compose,manual"
assignee: ${{ github.actor }}
- name: Gotify Notification
- name: Gotify Notification - Done
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
gotify_api_base: ${{ secrets.RUNNER_GOTIFY_URL }}
gotify_app_token: ${{ secrets.RUNNER_GOTIFY_TOKEN }}
notification_title: "GITEA: PR Check @ Rinoa"
notification_message: "PR Check done 🎟️"
@@ -62,6 +63,7 @@ jobs:
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
outputs:
tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
steps:
- name: Checkout
uses: actions/checkout@v4
@@ -86,16 +88,12 @@ jobs:
id: env-vault-vars
run: |
echo "🧩 Cleaning and loading cloudflare/.env into GitHub Actions environment..."
# 1️⃣ Strip any single or double quotes from the file to avoid invalid URIs or extra quoting
sed -i 's/[\"'\'']//g' cloudflare/.env
# 2️⃣ Load all vars into current shell
set -a
source cloudflare/.env
set +a
# 3️⃣ Export to GitHub Actions environment
while IFS='=' read -r key value; do
if [[ -n "$key" ]]; then
echo "$key=$value" >> $GITHUB_ENV
@@ -103,7 +101,6 @@ jobs:
done < cloudflare/.env
repo_name=$(echo "${{ github.repository }}" | awk -F"/" '{print $2}')
echo "repo_name=$repo_name" >> "$GITHUB_OUTPUT"
- name: Run tofu init
@@ -121,26 +118,37 @@ jobs:
chdir: cloudflare
out: cloudflare.tfplan
- name: Comment Tofu Plan on PR
uses: marocchino/sticky-pull-request-comment@v2
- name: Save plan output to file (with collapsible Markdown)
run: |
mkdir -p tmp
{
echo "## 🧩 OpenTofu Plan — Cloudflare"
echo "**Branch:** \`${{ github.ref_name }}\`"
echo "**Exit Code:** \`${{ steps.tofu_plan.outputs.exitcode }}\`"
echo "**Working Directory:** \`cloudflare\`"
echo ""
echo "<details><summary>🪶 Click to expand full plan output</summary>"
echo ""
echo '```hcl'
cat <<< "${{ steps.tofu_plan.outputs.plan-output }}"
echo '```'
echo ""
echo "</details>"
echo ""
echo "*(This plan was automatically generated by the workflow.)*"
} > tmp/tofu-plan.md
echo "Plan file saved: tmp/tofu-plan.md ($(wc -c < tmp/tofu-plan.md) bytes)"
- name: Comment full Tofu Plan on PR (safe)
uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
with:
GITHUB_TOKEN: ${{ secrets.BOT_GITEA_TOKEN }}
header: "🧩 OpenTofu Plan — Cloudflare"
message: |
## 🧩 OpenTofu Plan Result
**Branch:** `${{ github.ref_name }}`
**Exit Code:** `${{ steps.tofu_plan.outputs.exitcode }}`
**Working Directory:** `cloudflare`
<details><summary>🪶 Click to expand full plan output</summary>
```
${{ steps.tofu_plan.outputs.plan-output }}
```
</details>
*(This plan was automatically generated by the workflow.)*
platform: gitea
api_url: https://git.trez.wtf/api/v1
token: ${{ secrets.BOT_GITEA_TOKEN }}
pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
repo_owner: ${{ github.repository_owner }}
repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
comment_template_path: tmp/tofu-plan.md
- name: Wait for manual approval
uses: trstringer/manual-approval@v1
@@ -148,59 +156,38 @@ jobs:
secret: ${{ secrets.BOT_GITEA_TOKEN }}
approvers: WTF
minimum-approvals: 1
issue-title: "Tofu Plan for ${{ env.PR_NUMBER }}"
issue-title: "Tofu Plan for ${{ needs.check-and-create-pr.outputs.pr_number }}"
issue-body: "Please approve or deny the deployment of the below Tofu plan"
issue-body-file-path: cloudflare.tfplan
exclude-workflow-initiator-as-approver: false
fail-on-denial: true
additional-approved-words: ''
additional-denied-words: ''
# - name: PR Comment
# uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
# env:
# DEBUG: true
# with:
# debug: true
# platform: gitea
# api_url: https://git.trez.wtf/api/v1
# token: ${{ secrets.BOT_GITEA_TOKEN }}
# pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
# repo_owner: ${{ github.repository_owner }}
# repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
# plan_file: cloudflare/cloudflare.tfplan
# comment_template: |
# 🚀 **Tofu Plan Output**
# ---
# ${{ steps.tofu_plan.outputs.plan-output }}
# Exit Code: ${{ steps.tofu_plan.outputs.exitcode }}
# apply:
# name: Apply Tofu Plan
# needs: approval
# needs: plan-approval
# runs-on: ubuntu-latest
# if: ${{ needs.approval.result == 'success' }}
# if: ${{ needs.plan-approval.result == 'success' }}
# env:
# VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
# steps:
# - name: Checkout
# uses: actions/checkout@v4
#
# - name: Setup OpenTofu
# uses: opentofu/setup-opentofu@v1.0.6
# with:
# version: ${{ env.OPENTOFU_VERSION }}
# tofu_wrapper: true
#
# - name: Export env from Vault
# run: |
# set -a
# source cloudflare/.env
# set +a
#
# - name: Run Tofu Apply
# uses: dnogu/tofu-apply@v1
# with:
# working-directory: .
# chdir: cloudflare
# plan: cloudflare.tfplan
# plan: cloudflare.tfplan