Trez/tar-valon-terraform
4
0
Fork 0
Code Issues Pull Requests Actions Packages Activity

Initial version of Auto PR Tofu Plan. #6

Merged
Trez.One merged 56 commits from initial-workflows_2025-10-17T20-10-31 into main 2025-10-24 10:28:56 -04:00
Conversation 2 Commits 56 Files Changed 4
+344 -1255
4 changed files with 344 additions and 1255 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/auto-pr-tofu-plan.yml
+193
View File
@@ -0,0 +1,193 @@
name: Auto-PR Check/Creation and TF/OpenTofu Plan
on:
workflow_dispatch:
push:
branches-ignore:
- "main"
- "renovate/**"
env:
OPENTOFU_VERSION: "1.10.6"
HC_VAULT_VERSION: "1.20.4"
TEA_VERSION: "0.10.1"
jobs:
check-and-create-pr:
name: Check and Create PR
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 1
- name: Setting Vault Token
run: |
echo "VAULT_TOKEN=${{ secrets.VAULT_GITEA_TOKEN }}" >> $GITHUB_ENV
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: PR Check @ Rinoa"
notification_message: "Checking for existing PR... 🔍"
- name: PR Check/Creation
uses: https://git.trez.wtf/Trez/gitea-auto-pr@main
with:
url: ${{ secrets.TREZ_GITEA_URL }}
token: ${{ secrets.BOT_GITEA_TOKEN }}
pr-label: docker-compose,manual
assignee: ${{ github.actor }}
- name: Gotify Notification
uses: eikendev/gotify-action@master
with:
gotify_api_base: "${{ secrets.RUNNER_GOTIFY_URL }}"
gotify_app_token: "${{ secrets.RUNNER_GOTIFY_TOKEN }}"
notification_title: "GITEA: PR Check @ Rinoa"
notification_message: "PR Check done 🎟️"
plan:
name: OpenTofu Plan
needs: check-and-create-pr
runs-on: ubuntu-latest
env:
VAULT_TOKEN: ${{ secrets.VAULT_GITEA_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1.0.6
with:
version: ${{ env.OPENTOFU_VERSION }}
tofu_wrapper: true
- name: Install tea
uses: supplypike/setup-bin@8e3f88b4f143d9b5c3497f0fc12d45c83c123787 # v4.0.1
with:
uri: https://gitea.com/gitea/tea/releases/download/v${{ env.TEA_VERSION }}/tea-${{ env.TEA_VERSION }}-linux-amd64
name: tea
version: ${{ env.TEA_VERSION }}
- name: Extract PR Index
id: tea-pr-index
run: |
tea login add \
--name gitea-rinoa \
--url "${{ secrets.TREZ_GITEA_URL }}" \
--user gitea-sonarqube-bot \
--password "${{ secrets.BOT_GITEA_PASSWORD }}" \
--token ${{ secrets.BOT_GITEA_TOKEN }}
tea login default gitea-rinoa
pr_number=$(tea pr list \
--repo ${{ github.repository }} \
--state open \
--fields index,head \
--output simple \
| awk '{print $1}')
echo "pr_number=$pr_number" >> "$GITHUB_OUTPUT"
- name: Generate .env from Hashicorp Vault
uses: https://git.trez.wtf/Trez/hc-vault-env@main
with:
HC_VAULT_VERSION: ${{ env.HC_VAULT_VERSION }}
HC_VAULT_ADDR: ${{ secrets.TREZ_VAULT_ADDR }}
HC_VAULT_AUTH: token
HC_VAULT_TOKEN: ${{ env.VAULT_TOKEN }}
HC_VAULT_SECRETS_PATH: tar-valon-terraform/env
ENV_FILE_NAME: cloudflare/.env
- name: Export env vars from Vault .env
id: env-vault-vars
run: |
echo "🧩 Cleaning and loading cloudflare/.env into GitHub Actions environment..."
# 1️⃣ Strip any single or double quotes from the file to avoid invalid URIs or extra quoting
sed -i 's/[\"'\'']//g' cloudflare/.env
# 2️⃣ Load all vars into current shell
set -a
source cloudflare/.env
set +a
# 3️⃣ Export to GitHub Actions environment
while IFS='=' read -r key value; do
if [[ -n "$key" ]]; then
echo "$key=$value" >> $GITHUB_ENV
fi
done < cloudflare/.env
repo_name=$(echo "${{ github.repository }}" | awk -F"/" '{print $2}')
echo "repo_name=$repo_name" >> "$GITHUB_OUTPUT"
- name: Run tofu init
uses: dnogu/tofu-init@v1
with:
working-directory: .
chdir: cloudflare
- name: Tofu Plan
id: tofu_plan
continue-on-error: true
uses: dnogu/tofu-plan@v1
with:
working-directory: .
chdir: cloudflare
# destroy:
# refresh-only:
# refresh:
# replace:
# target:
# target-file:
# exclude:
# exclude-file:
# var:
# var-file:
out: cloudflare.tfplan
# compact-warnings:
# detailed-exitcode:
# generate-config-out: .
# input: true
# json:
# lock:
# lock-timeout:
# no-color:
# concise:
# parallelism:
# state:
# show-sensitive:
# display-plan:
- name: PR Comment
uses: https://git.trez.wtf/Trez.One/git-auto-comment@main
env:
DEBUG: true
with:
debug: true
platform: gitea
api_url: https://git.trez.wtf/api/v1
token: ${{ secrets.BOT_GITEA_TOKEN }}
pr_index: ${{ steps.tea-pr-index.outputs.pr_number }}
repo_owner: ${{ github.repository_owner }}
repo_name: ${{ steps.env-vault-vars.outputs.repo_name }}
plan_file: cloudflare/cloudflare.tfplan
comment_template: |
🚀 **Tofu Plan Output**
---
{lines}
Exit Code: ${{ steps.tofu_plan.outputs.exitcode }}
# - name: Tofu Plan Comment
# id: tofu_plan
# uses: alexnorell/tofu-pr-commenter@v2.0.0
# with:
# commenter_type: plan
# commenter_input: ${{ steps.tofu_plan.outputs.plan-output }}
# commenter_exitcode: ${{ steps.tofu_plan.outputs.exitcode }}
.gitignore
+3 -1
View File
@@ -40,4 +40,6 @@ terraform.rc
# End of https://www.toptal.com/api/terraform
# Envs
*.env*
*.env*
**/*.txt
cloudflare/cloudflare_dns_record.tf
+148 -135
View File
File diff suppressed because it is too large Load Diff
cloudflare/imports.tf
-1119
View File
File diff suppressed because it is too large Load Diff