fix module-repo-setup #209

Summary
Jobs
- Plan
- Apply
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/module-repo-setup.yml at 95ed1f4

	---
	name: module-repo-setup
	on:
	workflow_dispatch:
	inputs:
	force-apply:
	description: "If true, force apply the terraform plan."
	required: false
	type: boolean
	default: false
	unlock-lock-id:
	description: "If non-empty, forcefully unlock terraform state by ID."
	required: false
	type: string
	default: ""
	create_repo: # Define create_repo as an input
	description: "(optional) Enter Terraform Module Repository Name to create."
	required: false
	type: string
	default: ""
	pull_request:
	types: [opened, synchronize, reopened, ready_for_review]
	paths:
	- .github/workflows/module-repo-setup.yml
	- terraform/**

	env:
	ARM_TENANT_ID: ${{ secrets.ORGA_CDT_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }}
	ARM_CLIENT_ID: ${{ vars.TERRAFORM_OSS_AZURE_CLIENT_ID }}
	ARM_USE_OIDC: "true"
	ARM_USE_CLI: "false"
	TF_IN_AUTOMATION: true
	TF_INPUT: false
	# renovate: github=opentofu/opentofu
	TF_VERSION: v1.8.4
	# https://developer.hashicorp.com/terraform/cli/commands#upgrade-and-security-bulletin-checks
	CHECKPOINT_DISABLE: true
	GITHUB_TOKEN: ${{ secrets.MANAGE_REPOS_GITHUB_TOKEN }}
	TF_VAR_create_repo: ${{ inputs.create_repo }}
	# secret MANAGE_REPOS_GITHUB_TOKEN == Keeper/GitHub cloudeteerbot/terraform-governance-managed-repos (https://keepersecurity.eu/vault/#detail/4y33tgsK_Yuv8mJUXDUPrQ)

	concurrency:
	group: terraform

	permissions:
	contents: read
	id-token: write

	jobs:
	plan:
	name: Plan
	environment: "Terraform (Plan)"
	runs-on: ubuntu-latest
	outputs:
	exit-code: ${{ steps.plan.outputs.exit-code }}
	steps:
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
	with:
	tofu_version: ${{ env.TF_VERSION }}
	tofu_wrapper: false
	- run: tofu init
	working-directory: terraform/
	- name: tofu force-unlock
	if: ${{ inputs.unlock-lock-id }}
	run: tofu force-unlock "${{ inputs.unlock-lock-id }}" -force
	- name: tofu plan
	env:
	TF_VAR_ARM_CLIENT_ID: ${{ secrets.TERRAFORM_MODULE_TESTS_ARM_CLIENT_ID }}
	TF_VAR_ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAFORM_MODULE_TESTS_ARM_SUBSCRIPTION_ID }}
	TF_VAR_ARM_TENANT_ID: ${{ secrets.TERRAFORM_MODULE_TESTS_ARM_TENANT_ID }}
	#language=bash
	run: \|- # shell
	set +e
	tofu plan -out terraform.tfplan -detailed-exitcode

	EXIT_CODE=$?
	if [ $EXIT_CODE -ne 2 ] && [ $EXIT_CODE -ne 0 ]; then
	exit $EXIT_CODE
	fi

	echo "exit-code=$EXIT_CODE" >> $GITHUB_OUTPUT
	id: plan
	working-directory: terraform/
	- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
	with:
	name: terraform.tfplan
	path: terraform/terraform.tfplan
	apply:
	if: ${{ !cancelled() && !failure() && (inputs.force-apply \|\| github.event.pull_request.draft == false && needs.plan.outputs.exit-code == 2) }}
	name: Apply
	environment: Terraform
	runs-on: ubuntu-latest
	needs: [plan]
	steps:
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
	with:
	tofu_version: ${{ env.TF_VERSION }}
	tofu_wrapper: false
	- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
	with:
	name: terraform.tfplan
	path: terraform
	- run: tofu init
	working-directory: terraform/
	- name: tofu apply
	run: tofu apply terraform.tfplan
	working-directory: terraform/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix module-repo-setup #209

Workflow file

fix module-repo-setup #209

Jobs

Run details

Workflow file for this run