Skip to content
apply

chore(deps): update dependency aquaproj/aqua-registry to v4.224.0 (aw… #1008

Sign in to view logs

chore(deps): update dependency aquaproj/aqua-registry to v4.224.0 (aw…

chore(deps): update dependency aquaproj/aqua-registry to v4.224.0 (aw… #1008

Workflow file for this run

.github/workflows/apply.yaml at b9a23dd
---
name: apply
on:
push:
branches: [main]
env:
TFACTION_IS_APPLY: 'true'
jobs:
setup:
timeout-minutes: 30
runs-on: ubuntu-latest
permissions:
contents: read # For checkout a private repository
pull-requests: write # For ci-info and github-comment
outputs:
targets: ${{ steps.list-targets.outputs.targets }}
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.34.0
- uses: suzuki-shunsuke/tfaction/list-targets@01829b75913b9424932c982b2d9e05ee908b647f # v1.5.2
id: list-targets
apply:
timeout-minutes: 30
name: "apply (${{matrix.target.target}})"
runs-on: ${{matrix.target.runs_on}}
needs: setup
# if services is empty, the build job is skipped
if: "join(fromJSON(needs.setup.outputs.targets), '') != ''"
strategy:
fail-fast: false
matrix:
target: ${{fromJSON(needs.setup.outputs.targets)}}
env:
TFACTION_TARGET: ${{matrix.target.target}}
TFACTION_JOB_TYPE: ${{matrix.target.job_type}}
permissions:
id-token: write # For OIDC
contents: read # To checkout a private repository
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Generate token for aqua-installer
id: aqua_installer_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# If you use private registries, contents:read is required
permissions: >-
{}
# If you use private registries, please add private repositories
repositories: >-
[]
- uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1
with:
aqua_version: v2.34.0
env:
AQUA_GITHUB_TOKEN: ${{ steps.aqua_installer_token.outputs.token }}
- uses: suzuki-shunsuke/tfaction/export-secrets@01829b75913b9424932c982b2d9e05ee908b647f # v1.5.2
with:
# If this action doesn't export secrets as you expect, please check if secrets are passed to this action properly.
# If you use reusable workflows, maybe secrets aren't passed to the reusable workflow.
# If so, please pass secrets properly.
#
# - https://docs.github.com/en/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow
# - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idsecrets
secrets: ${{ toJSON(secrets) }}
- name: Generate token to download private Terraform Modules
id: gh_setup_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# If you use private registries, contents:read is required
permissions: >-
{
"contents": "read"
}
# private repositories hosting private modules
repositories: >-
[]
# This is required to download private modules in `terraform init`
- run: gh auth setup-git
env:
GITHUB_TOKEN: ${{ steps.gh_setup_token.outputs.token }}
- name: Generate token to update drift issues
id: drift_issue_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# issues:write - Create and update drift issues
permissions: >-
{
"issues": "write"
}
# GitHub Repository where Drift Detection issues are hosted
# https://suzuki-shunsuke.github.io/tfaction/docs/feature/drift-detection
repositories: >-
[
"test-tfaction-drift-issues"
]
- run: tfaction get-or-create-drift-issue
shell: bash
env:
GITHUB_TOKEN: ${{ steps.drift_issue_token.outputs.token }}
- name: Generate token for setup
id: setup_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# pull_requests:write - Post comments
# issues:write - Update drift issues
permissions: >-
{
"pull_requests": "write",
"issues": "write"
}
repositories: >-
[
"${{github.event.repository.name}}",
"test-tfaction-drift-issues"
]
- uses: suzuki-shunsuke/tfaction/setup@01829b75913b9424932c982b2d9e05ee908b647f # v1.5.2
with:
github_token: ${{ steps.setup_token.outputs.token }}
ssh_key: ${{ secrets.TERRAFORM_PRIVATE_MODULE_SSH_KEY }} # This isn't needed if you don't use SSH key to checkout private Terraform Modules
- name: Generate token for apply
id: apply_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# pull_requests:write - Post comments
# actions:read - Download plan files
# issues:write - Update drift issues
# contents:write - Update related pull requests
permissions: >-
{
"pull_requests": "write",
"actions": "read",
"contents": "write",
"issues": "write"
}
repositories: >-
[
"${{github.event.repository.name}}",
"test-tfaction-drift-issues"
]
- uses: suzuki-shunsuke/tfaction/apply@01829b75913b9424932c982b2d9e05ee908b647f # v1.5.2
with:
github_token: ${{ steps.apply_token.outputs.token }}
- name: Generate token for creating follow up pr
id: follow_up_pr_token
if: failure()
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
# contents:write - Push commits
# pull_requests:write - Create a pull request
permissions: >-
{
"contents": "write",
"pull_requests": "write"
}
repositories: >-
[
"${{github.event.repository.name}}"
]
- uses: suzuki-shunsuke/tfaction/create-follow-up-pr@01829b75913b9424932c982b2d9e05ee908b647f # v1.5.2
if: failure()
with:
github_token: ${{steps.follow_up_pr_token.outputs.token}}
- uses: suzuki-shunsuke/tfaction/update-drift-issue@01829b75913b9424932c982b2d9e05ee908b647f # v1.5.2
if: always()
with:
status: ${{job.status}}
github_token: ${{steps.drift_issue_token.outputs.token}}