diff --git a/.gitea/workflows/cloudflare-auto-pr-tofu-pipeline.yml b/.gitea/workflows/cloudflare-auto-pr-tofu-pipeline.yml index 4fa1b2f..e3ecf79 100644 --- a/.gitea/workflows/cloudflare-auto-pr-tofu-pipeline.yml +++ b/.gitea/workflows/cloudflare-auto-pr-tofu-pipeline.yml @@ -47,7 +47,7 @@ jobs: with: url: ${{ secrets.TREZ_GITEA_URL }} token: ${{ secrets.BOT_GITEA_TOKEN }} - pr-label: "docker-compose,manual" + pr-label: "opentofu,manual" assignee: ${{ github.actor }} - name: Gotify Notification - Done @@ -76,6 +76,14 @@ jobs: - name: Checkout uses: actions/checkout@v4 + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Terraform/OpenTofu" + notification_message: "Starting plan..." + - name: Setup OpenTofu uses: opentofu/setup-opentofu@v1.0.6 with: @@ -144,13 +152,11 @@ jobs: chdir: cloudflare out: cloudflare.tfplan - - run: pwd - - name: Upload Tofu Plan as artifact - uses: actions/upload-artifact@v4 + uses: https://github.com/christopherHX/gitea-upload-artifact@v4 with: name: cloudflare-tfplan - path: cloudflare.tfplan + path: cloudflare/cloudflare.tfplan - name: Strip ANSI codes id: plain-tofu-plan @@ -179,6 +185,14 @@ jobs: pr_comments_url: ${{ env.PR_COMMENTS_URL }} working_directory: cloudflare + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Terraform/OpenTofu" + notification_message: "Plan completed, awaiting approval..." + - name: Wait for manual approval id: tf-plan-approval uses: https://git.trez.wtf/Trez/gitea-manual-approval@main @@ -198,6 +212,14 @@ jobs: ``` + - name: Gotify Notification + uses: eikendev/gotify-action@ca0339b85ee8db9fda9c0718aaa7f95e17b3c617 # 0.0.4 + with: + gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}" + gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}" + notification_title: "GITEA: Terraform/OpenTofu" + notification_message: "Plan approved 👍🏽" + pr-merge: name: PR Merge needs: [check-and-create-pr, plan-approval] @@ -257,9 +279,10 @@ jobs: uses: actions/checkout@v4 - name: Download Tofu Plan - uses: actions/download-artifact@v3 + uses: https://github.com/ChristopherHX/gitea-download-artifact@v4 with: name: cloudflare-tfplan + path: cloudflare/cloudflare.tfplan - name: Setup OpenTofu uses: opentofu/setup-opentofu@v1.0.6 @@ -267,6 +290,16 @@ jobs: version: ${{ env.OPENTOFU_VERSION }} tofu_wrapper: true + - name: Generate .env from Hashicorp Vault + uses: https://git.trez.wtf/Trez/hc-vault-env@main + with: + HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }} + HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }} + HC_VAULT_AUTH: token + HC_VAULT_TOKEN: ${{ env.VAULT_TOKEN }} + HC_VAULT_SECRETS_PATH: tar-valon-terraform/env + ENV_FILE_NAME: cloudflare/.env + - name: Export env vars from Vault .env id: env-vault-vars run: | @@ -280,9 +313,9 @@ jobs: fi done < cloudflare/.env - # - name: Run Tofu Apply - # uses: dnogu/tofu-apply@v1 - # with: - # working-directory: . - # chdir: cloudflare - # plan: cloudflare.tfplan + - name: Run Tofu Apply + uses: dnogu/tofu-apply@v1 + with: + working-directory: . + chdir: cloudflare + plan: cloudflare.tfplan