tfaction
Framework for Monorepo to build high level Terraform Workflows by GitHub Actions
MIT License
Bot releases are hidden (Show)
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.9...v0.4.10-0 | Base revision
Feature
#171 Update tflint action to notify with github-comment
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.8...v0.4.9 | Base revision
Feature
#151 #153 terraform-plan, terraform-apply: Support skipping terraform plan and terraform apply in case of pull request by Renovate
#158 terraform-plan, tfmigrate-plan, setup: Set pull request label ${TFACTION_TARGET} in setup action
Support skipping terraform plan and terraform apply in case of pull request by Renovate
#151 #153
The default behavior isn't changed.
To enable this feature, set skip_terraform_by_renovate in tfaction-root.yaml.
skip_terraform_by_renovate: true
Then terraform plan and terraform apply are skipped in pull requests by Renovate.
This is useful to update dependencies which are unrelated to the result of terraform plan and terraform apply.
But you should run terraform plan and terraform apply when Terraform or Terraform Providers are updated by Renovate.
So please set renovate_terraform_labels in tfaction-root.yaml and addLabels in renovate.json.
e.g.
renovate_terraform_labels:
- terraform
{
"packageRules": [
{
"matchManagers": ["terraform", "terraform-version"],
"addLabels": ["terraform"]
},
{
"matchPackageNames": ["hashicorp/terraform"],
"addLabels": ["terraform"]
}
]
}
The second rule is required if you manage Terraform with aqua.
If any one of labels in renovate_terraform_labels is set to the pull request, tfaction would run terraform plan and terraform apply.
Bug Fixes
#164 list-taregts: Add input github_token
Published by suzuki-shunsuke over 2 years ago
Bug Fixes
#164 list-taregts: Add input github_token
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.8...v0.4.9 | Base revision
Feature
#151 #153 terraform-plan, terraform-apply: Support skipping terraform plan and terraform apply in case of pull request by Renovate
#158 terraform-plan, tfmigrate-plan, setup: Set pull request label ${TFACTION_TARGET} in setup action
Support skipping terraform plan and terraform apply in case of pull request by Renovate
#151 #153
The default behavior isn't changed.
To enable this feature, set skip_terraform_by_renovate in tfaction-root.yaml.
skip_terraform_by_renovate: true
Then terraform plan and terraform apply are skipped in pull requests by Renovate.
This is useful to update dependencies which are unrelated to the result of terraform plan and terraform apply.
But you should run terraform plan and terraform apply when Terraform or Terraform Providers are updated by Renovate.
So please set renovate_terraform_labels in tfaction-root.yaml and addLabels in renovate.json.
e.g.
renovate_terraform_labels:
- terraform
{
"packageRules": [
{
"matchManagers": ["terraform", "terraform-version"],
"addLabels": ["terraform"]
},
{
"matchPackageNames": ["hashicorp/terraform"],
"addLabels": ["terraform"]
}
]
}
The second rule is required if you manage Terraform with aqua.
If any one of labels in renovate_terraform_labels is set to the pull request, tfaction would run terraform plan and terraform apply.
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.7...v0.4.8 | Base revision
Bug Fixes
#149 terraform apply isn't run even if follow up pull request is merged
This bug is due to #119
Affected version is v0.4.0 ~ v0.4.7 .
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.7...v0.4.8-0 | Base revision
Bug Fixes
#149 terraform apply isn't run even if follow up pull request is merged
This bug is due to #119
Affected version is v0.4.0 ~ v0.4.7 .
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.6...v0.4.7 | Base revision
Bug Fixes
#143 #144 #145 #146 scaffold-working-dir doesn't work
#147 Skip Conftest if the policy isn't found
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.5...v0.4.6 | Base revision
Bug Fixes
#142 Fix an error if no working directory is found
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.5...v0.4.6-0 | Base revision
Bug Fixes
#140 terraform-plan, tfmigrate-plan, terraform-apply: Specify AWS_DEFAULT_REGION
It failed to run aws s3 cp because the region isn't specified.
<botocore.awsrequest.AWSRequest object at 0x7f1eae1d0f00>
https://github.com/aws/aws-cli/issues/5262#issuecomment-705832151
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.4...v0.4.5 | Base revision
Bug Fixes
#131 Remove some fields from Job Configuration
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.3...v0.4.4 | Base revision
Feature
#58 #128 get-target-config): Support reading configuration from tfaction.yaml
You can configure the following fields in not only tfaction-root.yaml but also tfaction.yaml.
aws_region:
s3_bucket_name_plan_file:
s3_bucket_name_tfmigrate_history:
template_dir:
gcs_bucket_name_plan_file:
aws_assume_role_arn:
gcp_service_account:
gcp_workload_identity_provider:
secrets:
terraform_plan_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_terraform_plan
tfmigrate_plan_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_tfmigrate_plan
terraform_apply_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_terraform_apply
tfmigrate_apply_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_tfmigrate_apply
⚠️ Note that target isn't supported.
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.2...v0.4.3 | Base revision
Bug Fixes
#126 tfmigrate-plan, terraform-plan: Stop checking plan file existence before removing plan file
#127 tfmigrate-plan: fix the template file path of tfmigrate.hcl
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.1...v0.4.2 | Base revision
Bug Fixes
#122 create-scaffold-pr: set TFACTION_JOB_TYPE
Fix the error.
Run suzuki-shunsuke/tfaction/[email protected]
Error: "environment variable TFACTION_JOB_TYPE is required"
Published by suzuki-shunsuke over 2 years ago
Bug Fixes
#122 create-scaffold-pr: set TFACTION_JOB_TYPE
Fix the error.
Run suzuki-shunsuke/tfaction/[email protected]
Error: "environment variable TFACTION_JOB_TYPE is required"
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.4.0...v0.4.1 | Base revision
Fix
#121 scaffold-working-dir: set TFACTION_JOB_TYPE
Fix the error.
Run suzuki-shunsuke/tfaction/[email protected]
env:
GITHUB_TOKEN: ***
TFACTION_TARGET: gcp/suzuki-shunsuke-test-1
Error: "environment variable TFACTION_JOB_TYPE is required"
Published by suzuki-shunsuke over 2 years ago
Bug Fixes
#121 scaffold-working-dir: set TFACTION_JOB_TYPE
Fix the error.
Run suzuki-shunsuke/tfaction/[email protected]
env:
GITHUB_TOKEN: ***
TFACTION_TARGET: gcp/suzuki-shunsuke-test-1
Error: "environment variable TFACTION_JOB_TYPE is required"
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.3.0...v0.4.0 | Base revision
⚠️ Breaking Changes
#111 Rename targets to target_groups in tfaction-root.yaml
#115 export-secrets: Change the structure of secrets in tfaction-root.yaml
AS IS
secrets:
<environment variable name>: <secret name>
TO BE
secrets:
- env_name: <environment variable name>
secret_name: <secret name>
New Action
#107 #112 export-aws-secrets-manager
Feature
#107 #112 #114 Support getting secrets from AWS Secrets Manager
#116 Update github-action-tflint and github-action-tfsec: Change Reviewdog format from checkstyle to Reviewdog Diagnostic Format
Fix
#118 Fix invalid command: aws s3 delete
#117 #119 Fix create-follow-up-pr
Published by suzuki-shunsuke over 2 years ago
Bug Fixes
#118 Fix invalid command: aws s3 delete
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.3.0...v0.4.0-0 | Base revision
⚠️ Breaking Changes
#111 Rename targets to target_groups in tfaction-root.yaml
#115 export-secrets: Change the structure of secrets in tfaction-root.yaml
AS IS
secrets:
<environment variable name>: <secret name>
TO BE
secrets:
- env_name: <environment variable name>
secret_name: <secret name>
New Action
#107 #112 export-aws-secrets-manager
Feature
#107 #112 #114 Support getting secrets from AWS Secrets Manager
#116 Update github-action-tflint and github-action-tfsec: Change Reviewdog format from checkstyle to Reviewdog Diagnostic Format
Published by suzuki-shunsuke over 2 years ago
Issues | Pull Requests | https://github.com/suzuki-shunsuke/tfaction/compare/v0.2.1...v0.3.0 | Base revision
⚠️ Breaking Changes
#92 The output format of list-targets has been changed from string to object
#101 Configuration structure was changed
The environment variable TFACTION_JOB_TYPE is required
The output format of list-targets has been changed from string to object
e.g.
AS IS: github/foo
TO BE: {target: 'github/foo', runs_on: 'ubuntu-latest'}
tfmigrate:
name: "tfmigrate (${{matrix.target.target}})" # CHANGED
runs-on: ${{matrix.target.runs_on}} # CHANGED
needs: setup
if: "join(fromJSON(needs.setup.outputs.tfmigrate_targets), '') != ''"
strategy:
fail-fast: false
matrix:
target: ${{fromJSON(needs.setup.outputs.tfmigrate_targets)}}
env:
TFACTION_TARGET: ${{matrix.target.target}} # CHANGED
terraform:
name: "terraform (${{matrix.target.target}})" # CHANGED
runs-on: ${{matrix.target.runs_on}} # CHANGED
needs: setup
if: "join(fromJSON(needs.setup.outputs.terraform_targets), '') != ''"
strategy:
fail-fast: false
matrix:
target: ${{fromJSON(needs.setup.outputs.terraform_targets)}}
env:
TFACTION_TARGET: ${{matrix.target.target}} # CHANGED
Configuration structure was changed
terraform_plan_config:
# aws_assume_role_arn
# gcp_service_account
# gcp_workload_identity_provider
# environment
# secrets
# runs_on
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_terraform_plan
tfmigrate_plan_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_tfmigrate_plan
terraform_apply_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_terraform_apply
tfmigrate_apply_config:
aws_assume_role_arn: arn:aws:iam::000000000000:role/GitHubActions_Terraform_AWS_tfmigrate_apply
The environment variable TFACTION_JOB_TYPE is required
The value is either terraform or tfmigrate.
e.g. GitHub Actions Workflow
tfmigrate-plan:
env:
TFACTION_TARGET: ${{matrix.target.target}}
TFACTION_JOB_TYPE: tfmigrate
Feature
Support configuring GitHub Actions job's runs-on and environment per target group and job
Add export-secrets action
Support configuring GitHub Actions job's runs-on and environment per target group and job
e.g.
targets:
- target: atlas/
# ...
runs_on: ubuntu-18.04
terraform_plan_config:
runs_on: ubuntu-latest
environment: pull_request
# ...
Add export-secrets action
This is useful to change secrets per target and job
- uses: suzuki-shunsuke/tfaction/[email protected]
with:
secrets: ${{ toJSON(secrets) }}
- uses: suzuki-shunsuke/tfaction/setup@main
id: setup
with:
github_app_token: ${{ steps.generate_token.outputs.token }}
tfaction-root.yaml
targets:
- target: atlas/
# ...
runs_on: ubuntu-18.04
terraform_plan_config:
# ...
secrets:
# <environment variable name>: <secret name>
ATLAS_API_KEY: ATLAS_API_KEY_READ_ONLY # Use read only API Key for pull request
terraform_apply_config:
# ...
secrets:
ATLAS_API_KEY: ATLAS_API_KEY
# ...