generated from cloudposse-github-actions/composite-template
-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
action.yml
213 lines (194 loc) · 8.04 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
name: "Atmos Affected Stacks"
description: "A GitHub Action to determine the affected stacks between two git refs"
author: [email protected]
branding:
icon: "file"
color: "white"
inputs:
head-ref:
description: The head ref to checkout. If not provided, the head default branch is used.
required: false
default: ${{ github.sha }}
default-branch:
description: The default branch to use for the base ref.
required: false
default: ${{ github.event.repository.default_branch }}
base-ref:
description: The base ref to checkout. If not provided, the head default branch is used.
required: false
install-atmos:
description: Whether to install atmos
required: false
default: "true"
atmos-version:
description: The version of atmos to install
required: false
default: ">= 1.96.0"
atmos-config-path:
description: The path to the atmos.yaml file
required: true
atmos-pro-upload:
description: Whether to upload affected stacks directly to Atmos Pro
required: false
default: "false"
atmos-pro-base-url:
description: The base URL of Atmos Pro
required: false
default: "https://app.cloudposse.com"
atmos-pro-token:
description: The API token to allow Atmos Pro to upload affected stacks
required: false
default: ""
atmos-include-spacelift-admin-stacks:
description: Whether to include the Spacelift admin stacks of affected stacks in the output
required: false
default: "false"
atmos-include-dependents:
description: Whether to include dependents of affected stacks in the output
required: false
default: "false"
atmos-include-settings:
description: Include the `settings` section for each affected component
required: false
default: "false"
atmos-stack:
description: The stack to operate on
required: false
default: ""
install-jq:
description: Whether to install jq
required: false
default: "false"
jq-version:
description: The version of jq to install if install-jq is true
required: false
default: "1.7"
jq-force:
description: Whether to force the installation of jq
required: false
default: "true"
nested-matrices-count:
required: false
description: "Number of nested matrices that should be returned as the output (from 1 to 3)"
default: "2"
outputs:
affected:
description: The affected stacks
value: ${{ steps.affected.outputs.affected }}
has-affected-stacks:
description: Whether there are affected stacks
value: ${{ steps.affected.outputs.affected != '[]' }}
matrix:
description: The affected stacks as matrix structure suitable for extending matrix size workaround (see README)
value: ${{ steps.matrix.outputs.matrix }}
runs:
using: "composite"
steps:
- name: Install Node
uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/checkout@v4
with:
ref: ${{ inputs.head-ref }}
- uses: cloudposse-github-actions/install-gh-releases@v1
if: ${{ inputs.install-jq == 'true' }}
with:
cache: true
config: |-
jqlang/jq: jq-${{ inputs.jq-version }}
- if: ${{ inputs.install-atmos == 'true' }}
uses: cloudposse/github-action-setup-atmos@v2
with:
atmos-version: ${{ inputs.atmos-version }}
install-wrapper: false
- name: Set vars
shell: bash
run: |-
echo "ATMOS_CLI_CONFIG_PATH=$(realpath ${{ inputs.atmos-config-path }})" >> $GITHUB_ENV
- name: config
shell: bash
id: config
run: |-
echo "opentofu-version=$(atmos describe config -f json | jq -r '.integrations.github.gitops["opentofu-version"]')" >> $GITHUB_OUTPUT
echo "terraform-version=$(atmos describe config -f json | jq -r '.integrations.github.gitops["terraform-version"]')" >> $GITHUB_OUTPUT
echo "group-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["group-by"]')" >> $GITHUB_OUTPUT
echo "sort-by=$(atmos describe config -f json | jq -r '.integrations.github.gitops.matrix["sort-by"]')" >> $GITHUB_OUTPUT
echo "aws-region=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].region')" >> $GITHUB_OUTPUT
echo "terraform-plan-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops.role.plan')" >> $GITHUB_OUTPUT
- name: Install Terraform
if: ${{ steps.config.outputs.terraform-version != '' && steps.config.outputs.terraform-version != 'null' }}
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ steps.config.outputs.terraform-version }}
terraform_wrapper: false
- name: Install OpenTofu
uses: cloudposse-github-actions/install-gh-releases@v1
if: ${{ steps.config.outputs.opentofu-version != '' && steps.config.outputs.opentofu-version != 'null' }}
with:
cache: true
config: |-
opentofu/opentofu: ${{ startsWith(steps.config.outputs.opentofu-version, 'v') && steps.config.outputs.opentofu-version || format('v{0}', steps.config.outputs.opentofu-version) }}
# atmos describe affected requires the main branch of the git repo to be present on disk so it can compare the
# current branch to it to determine the affected stacks. This is different from a file-based git diff in that we
# look at the contents of the stack files to determine if any have changed.
- uses: actions/checkout@v4
with:
ref: ${{ inputs.default-branch }}
path: base-ref
fetch-depth: 0
- name: checkout base ref
id: base-ref
shell: bash
run: git checkout ${{ inputs.base-ref }}
working-directory: base-ref
- name: Configure Plan AWS Credentials
if: ${{ steps.config.outputs.aws-region != '' &&
steps.config.outputs.aws-region != 'null' &&
steps.config.outputs.terraform-plan-role != '' &&
steps.config.outputs.terraform-plan-role != 'null' }}
uses: aws-actions/[email protected]
with:
aws-region: ${{ steps.config.outputs.aws-region }}
role-to-assume: ${{ steps.config.outputs.terraform-plan-role }}
role-session-name: "atmos-terraform-plan-gitops"
mask-aws-account-id: "no"
- name: atmos affected stacks for atmos pro
id: affected-pro
if: ${{ inputs.atmos-pro-upload == 'true' }}
env:
ATMOS_PRO_BASE_URL: ${{ inputs.atmos-pro-base-url }}
ATMOS_PRO_TOKEN: ${{ inputs.atmos-pro-token }}
shell: bash
run: |
atmos describe affected --upload --verbose=true --repo-path "$GITHUB_WORKSPACE/base-ref"
- name: atmos affected stacks
id: affected
if: ${{ inputs.atmos-pro-upload == 'false' }}
shell: bash
run: |
base_cmd="atmos describe affected --include-settings=${{ inputs.atmos-include-settings }} --file affected-stacks.json --verbose=true --repo-path \"$GITHUB_WORKSPACE/base-ref\""
if [[ "${{ inputs.atmos-include-spacelift-admin-stacks }}" == "true" ]]; then
base_cmd+=" --include-spacelift-admin-stacks=true"
elif [[ "${{ inputs.atmos-include-dependents }}" == "true" ]]; then
base_cmd+=" --include-dependents=true"
fi
if [[ -n "${{ inputs.atmos-stack }}" ]]; then
base_cmd+=" --stack=${{ inputs.atmos-stack }}"
fi
eval "$base_cmd"
affected=$(jq -c '.' affected-stacks.json)
printf "%s" "affected=$affected" >> $GITHUB_OUTPUT
- name: No changes summary
if: ${{ inputs.atmos-pro-upload == 'false' && steps.affected.outputs.affected == '[]' }}
shell: bash
run: |-
cat "${GITHUB_ACTION_PATH}/assets/summary.md" >> $GITHUB_STEP_SUMMARY
- uses: cloudposse/github-action-matrix-extended@v0
id: matrix
if: ${{ inputs.atmos-pro-upload == 'false' }}
with:
matrix: affected-stacks.json
sort-by: ${{ steps.config.outputs.sort-by }}
group-by: ${{ steps.config.outputs.group-by }}
nested-matrices-count: ${{ inputs.nested-matrices-count }}