-
Notifications
You must be signed in to change notification settings - Fork 21
104 lines (100 loc) · 5.43 KB
/
upgrade-terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# ~~ Generated by projen. To modify, edit .projenrc.ts and run "npx projen".
name: upgrade-terraform
on:
schedule:
- cron: 39 23 * * 0
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
upgrade:
name: Upgrade Terraform
runs-on: ubuntu-latest
permissions:
contents: read
env:
CI: "true"
CHECKPOINT_DISABLE: "1"
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b
with:
node-version: 20.9.0
- name: Install
run: yarn install
- name: Get current Terraform version
id: current_version
run: |-
OLD_VERSION=$(sed -nE 's/default: "(1..*)",/\1/p' .projenrc.ts | xargs)
OLD_VERSION_MINOR=$(cut -d "." -f 2 <<< "$OLD_VERSION")
echo "value=$OLD_VERSION" >> $GITHUB_OUTPUT
echo "minor=$OLD_VERSION_MINOR" >> $GITHUB_OUTPUT
- name: Get latest Terraform version
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea
with:
script: |-
const script = require('./scripts/check-terraform-version.js')
await script({github, context, core})
- name: Parse latest Terraform version into variables
id: latest_version
run: |-
TERRAFORM_VERSION_MINOR=$(cut -d "." -f 2 <<< "$NEW_TERRAFORM_VERSION")
echo "value=$NEW_TERRAFORM_VERSION" >> $GITHUB_OUTPUT
echo "minor=$TERRAFORM_VERSION_MINOR" >> $GITHUB_OUTPUT
- name: Run upgrade script
if: steps.current_version.outputs.value != steps.latest_version.outputs.value
run: scripts/update-terraform.sh ${{ steps.latest_version.outputs.value }}
- name: Get the latest version of this GitHub Action from git
id: github_action
if: steps.current_version.outputs.minor != steps.latest_version.outputs.minor
run: echo "version=$(git describe --tags | cut -d "-" -f 1)" >> $GITHUB_OUTPUT
- name: Update the README for a breaking change
if: steps.current_version.outputs.minor != steps.latest_version.outputs.minor
env:
GHA_VERSION: ${{ steps.github_action.outputs.version }}
run: |-
GHA_VERSION_MAJOR=$(cut -d "." -f 1 <<< "$GHA_VERSION" | cut -c2-)
NEW_GHA_VERSION=$((GHA_VERSION_MAJOR + 1))
sed -i 's/terraform-cdk-action@v.*/terraform-cdk-action@v'"$NEW_GHA_VERSION"'/' "./README.md"
- name: Create pull request for a breaking change
if: steps.current_version.outputs.minor != steps.latest_version.outputs.minor
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
with:
branch: auto/upgrade-terraform-1-${{ steps.latest_version.outputs.minor }}
base: main
labels: automerge,dependencies
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
author: team-tf-cdk <github-team-tf-cdk@hashicorp.com>
committer: team-tf-cdk <github-team-tf-cdk@hashicorp.com>
signoff: true
delete-branch: true
commit-message: "chore!: change default Terraform version to ${{ steps.latest_version.outputs.value }}"
title: "chore!: change default Terraform version to ${{ steps.latest_version.outputs.value }}"
body: |-
This PR increases the default version of Terraform used from `${{ steps.current_version.outputs.value }}` to version `${{ steps.latest_version.outputs.value }}`.
This is considered a breaking change because anyone who does not manually specify a `terraformVersion` in their action configuration will automatically start using the new version.
Unfortunately, not everything can be automated, and the following steps need to be completed manually:
- [ ] Update the _Terraform Version_ to `${{ steps.latest_version.outputs.value }}` in the TFC web UI for the [cdk-action-testing](https://app.terraform.io/app/cdktf/workspaces/cdk-action-testing/settings/general) workspace
Please complete the above steps and then mark this PR as ready for review to rerun the checks. Thanks!
draft: true
- name: Create pull request for a non-breaking change
if: steps.current_version.outputs.minor == steps.latest_version.outputs.minor
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
with:
branch: auto/upgrade-terraform-1-${{ steps.latest_version.outputs.minor }}
base: main
labels: automerge,dependencies
token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
author: team-tf-cdk <github-team-tf-cdk@hashicorp.com>
committer: team-tf-cdk <github-team-tf-cdk@hashicorp.com>
signoff: true
delete-branch: true
commit-message: "fix: change default Terraform version to ${{ steps.latest_version.outputs.value }}"
title: "fix: change default Terraform version to ${{ steps.latest_version.outputs.value }}"
body: |-
This PR increases the default version of Terraform used from `${{ steps.current_version.outputs.value }}` to version `${{ steps.latest_version.outputs.value }}`.
This is not considered a breaking change because it's just a patch release that shouldn't have any backwards incompatibilities.