Plan PR comment and approval steps.

2025-11-02 16:58:27 -05:00
parent 3a885a934d
commit f215efeb24
1 changed files with 36 additions and 32 deletions
@@ -60,6 +60,8 @@ jobs:
    runs-on: ubuntu-latest
    env:
      VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
+    outputs:
+      tofu-cloudflare-plan: ${{ steps.tofu_plan.outputs.plan-output }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
@@ -142,43 +144,45 @@ jobs:
          # show-sensitive:
          # display-plan:

-      - name: PR Comment
-        uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
-        env:
-          DEBUG: true
+      - name: Post PR comment
+        uses: borchero/terraform-plan-comment@v2.4.1
        with:
-          debug: true
-          platform: gitea
-          api_url: https://git.trez.wtf/api/v1
          token: ${{ secrets.BOT_GITEA_TOKEN }}
-          pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
-          repo_owner: ${{ github.repository_owner }}
-          repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
-          plan_file: cloudflare/cloudflare.tfplan
-          comment_template: |
-            🚀 **Tofu Plan Output**
-            ---
-            {lines}
-            Exit Code: ${{ steps.tofu_plan.outputs.exitcode }}
+          planfile: cloudflare.tfplan
+          terraform-cmd: tofu

-      # - name: Tofu Plan Comment
-      #   id: tofu_plan
-      #   uses: alexnorell/tofu-pr-commenter@v2.0.0
-      #   with:
-      #     commenter_type: plan
-      #     commenter_input: ${{ steps.tofu_plan.outputs.plan-output }}
-      #     commenter_exitcode: ${{ steps.tofu_plan.outputs.exitcode }}
-
-  approval:
-    name: Manual Approval
-    needs: [check-and-create-pr, plan]
-    runs-on: ubuntu-latest
-    steps:
      - name: Wait for manual approval
-        uses: hmarr/auto-approve-action@v2
+        uses: trstringer/manual-approval@v1
        with:
-          pull-request-number: ${{ needs.check-and-create-pr.outputs.pr_number }}
-          review-message: "Awaiting manual approval to apply Tofu plan"
+          secret: ${{ secrets.BOT_GITEA_TOKEN }}
+          approvers: WTF
+          minimum-approvals: 1
+          issue-title: "Tofu Plan for ${{ env.PR_NUMBER }}"
+          issue-body: "Please approve or deny the deployment of the below Tofu plan"
+          issue-body-file-path: relative/file_path/wrt/repo/root
+          exclude-workflow-initiator-as-approver: false
+          fail-on-denial: true
+          additional-approved-words: ''
+          additional-denied-words: ''
+
+      # - name: PR Comment
+      #   uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
+      #   env:
+      #     DEBUG: true
+      #   with:
+      #     debug: true
+      #     platform: gitea
+      #     api_url: https://git.trez.wtf/api/v1
+      #     token: ${{ secrets.BOT_GITEA_TOKEN }}
+      #     pr_index: ${{ needs.check-and-create-pr.outputs.pr_number }}
+      #     repo_owner: ${{ github.repository_owner }}
+      #     repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
+      #     plan_file: cloudflare/cloudflare.tfplan
+      #     comment_template: |
+      #       🚀 **Tofu Plan Output**
+      #       ---
+      #       ${{ steps.tofu_plan.outputs.plan-output }}
+      #       Exit Code: ${{ steps.tofu_plan.outputs.exitcode }}

  apply:
    name: Apply Tofu Plan