Skip to content

Commit

Permalink
feat: major version update (#327)
Browse files Browse the repository at this point in the history
* update workflow examples

Signed-off-by: Rishav Dhar <[email protected]>

* test md

Signed-off-by: Rishav Dhar <[email protected]>

* tidy

Signed-off-by: Rishav Dhar <[email protected]>

* line breaks

Signed-off-by: Rishav Dhar <[email protected]>

* more line breaks

Signed-off-by: Rishav Dhar <[email protected]>

* another one

Signed-off-by: Rishav Dhar <[email protected]>

* weird

Signed-off-by: Rishav Dhar <[email protected]>

* more

Signed-off-by: Rishav Dhar <[email protected]>

* consolidate action.yaml

Signed-off-by: Rishav Dhar <[email protected]>

* relocate docs

Signed-off-by: Rishav Dhar <[email protected]>

* fix relative links

Signed-off-by: Rishav Dhar <[email protected]>

* caching example

Signed-off-by: Rishav Dhar <[email protected]>

---------

Signed-off-by: Rishav Dhar <[email protected]>
  • Loading branch information
rdhar authored Oct 21, 2024
1 parent 8cf25fe commit 01cbb55
Show file tree
Hide file tree
Showing 8 changed files with 611 additions and 1,007 deletions.
File renamed without changes
File renamed without changes
13 changes: 12 additions & 1 deletion .github/examples/pr_push_auth.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
name: Trigger on pull_request (plan) and push (apply) events with Terraform and AWS authentication.
name: Trigger on pull_request (plan) and push (apply) events with Terraform, AWS authentication and caching.

on:
pull_request:
Expand Down Expand Up @@ -27,6 +27,17 @@ jobs:
aws-region: us-east-1
role-to-assume: ${{ secrets.AWS_ROLE }}

- name: Create cache
run: |
mkdir --parents $HOME/.terraform.d/plugin-cache
echo "TF_PLUGIN_CACHE_DIR=$HOME/.terraform.d/plugin-cache" >> $GITHUB_ENV
- name: Cache TF
uses: actions/cache@v4
with:
path: ~/.terraform.d/plugin-cache
key: cache-tf-${{ runner.os }}-${{ hashFiles('path/to/directory/.terraform.lock.hcl') }}

- name: Setup TF
uses: hashicorp/setup-terraform@v3

Expand Down
43 changes: 34 additions & 9 deletions docs/README.md → README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[![Terraform Compatible](https://img.shields.io/badge/Terraform-Compatible-844FBA?logo=terraform&logoColor=white)](https://github.com/hashicorp/setup-terraform "Terraform Compatible.")
[![OpenTofu Compatible](https://img.shields.io/badge/OpenTofu-Compatible-FFDA18?logo=opentofu&logoColor=white)](https://github.com/opentofu/setup-opentofu "OpenTofu Compatible.")
*
[![GitHub license](https://img.shields.io/github/license/devsectop/tf-via-pr?logo=apache&label=License)](../LICENSE.txt "Apache License 2.0.")
[![GitHub license](https://img.shields.io/github/license/devsectop/tf-via-pr?logo=apache&label=License)](LICENSE.txt "Apache License 2.0.")
[![GitHub release tag](https://img.shields.io/github/v/release/devsectop/tf-via-pr?logo=semanticrelease&label=Release)](https://github.com/devsectop/tf-via-pr/releases "View all releases.")
*
[![GitHub repository stargazers](https://img.shields.io/github/stars/devsectop/tf-via-pr)](https://github.com/devsectop/tf-via-pr "Become a stargazer.")
Expand All @@ -10,7 +10,7 @@

<details open><summary><h3>Overview: <a href="#usage">Usage Examples</a> · <a href="#parameters">In/Output Parameters</a> · <a href="#security">Security</a> · <a href="#changelog">Changelog</a> · <a href="#license">License</a></h3></summary></br>

[![PR comment of plan output with "Diff of changes" section expanded.](assets/comment.png)](https://github.com/devsectop/tf-via-pr/blob/main/docs/comment.png?raw=true "View full-size image.")
[![PR comment of plan output with "Diff of changes" section expanded.](/.github/assets/comment.png)](https://github.com/devsectop/tf-via-pr/blob/main/.github/assets/comment.png?raw=true "View full-size image.")
</details>

<table>
Expand All @@ -37,6 +37,7 @@
</td>
</tr>
</table>
</br>

## Usage

Expand Down Expand Up @@ -76,15 +77,31 @@ jobs:
>
> - Pin your workflow version to a specific release tag or SHA to harden your CI/CD pipeline [security](#security) against supply chain attacks.
> - Environment variables can be passed in for cloud platform authentication (e.g., [configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials "Configuring AWS credentials for use in GitHub Actions.") for short-lived credentials).
</br>
### Where to find more examples?
The functional workflow examples below showcase common use cases, while a comprehensive list of inputs is also [documented](#parameters).
The following workflows showcase common use cases, while a comprehensive list of inputs is [documented](#parameters) below.
- [Trigger](/.github/examples/pr_push_auth.yaml) on `pull_request` (plan) and `push` (apply) events with Terraform and AWS **authentication**.
- [Trigger](/.github/examples/pr_merge_matrix.yaml) on `pull_request` (plan) and `merge_group` (apply) events with OpenTofu in **matrix** strategy.
- [Trigger](/.github/examples/pr_self_hosted.yaml) on `pull_request` (plan or apply) event event with Terraform and OpenTofu on **self-hosted** runner.
- [Trigger](/.github/examples/schedule_refresh.yaml) on `schedule` (cron) event with "fmt" and "validate" checks to identify **configuration drift**.
<table>
<tr>
<td>
<a href="/.github/examples/pr_push_auth.yaml">Run on</a> <code>pull_request</code> (plan) and <code>push</code> (apply) events with Terraform, AWS <strong>authentication</strong> and <strong>caching</strong>.
</td>
<td>
<a href="/.github/examples/pr_merge_matrix.yaml">Run on</a> <code>pull_request</code> (plan) and <code>merge_group</code> (apply) events with OpenTofu in <strong>matrix</strong> strategy.
</td>
</tr>
<tr>
<td>
<a href="/.github/examples/pr_self_hosted.yaml">Run on</a> <code>pull_request</code> (plan or apply) event with Terraform and OpenTofu on <strong>self-hosted</strong> runner.
</td>
<td>
<a href="/.github/examples/schedule_refresh.yaml">Run on</a> <code>schedule</code> (cron) event with "fmt" and "validate" checks to identify <strong>configuration drift</strong>.
</td>
</tr>
</table>
</br>
### How does encryption work?
Expand All @@ -97,6 +114,7 @@ unzip <tf.plan>
openssl enc -aes-256-ctr -pbkdf2 -salt -in <tf.plan> -out tf.plan.decrypted -pass pass:"<passphrase>" -d
<tf.tool> show tf.plan.decrypted
```
</br>

## Parameters

Expand All @@ -115,11 +133,13 @@ unzip <tf.plan>
| UI | `comment-pr` | PR comment by: `update` existing comment, `recreate` and delete previous one, or `none`.</br>Default: `update` |
| UI | `label-pr` | Add a PR label with the command input.</br>Default: `true` |
| UI | `hide-args` | Hide comma-separated arguments from the command input.</br>Default: `detailed-exitcode,lock,out,var` |
</br>

<details open><summary>The default behavior of <code>comment-pr</code> is to update the existing PR comment with the latest plan output, making it easy to track changes over time through the comment's revision history.</summary></br>

[![PR comment revision history comparing plan and apply outputs.](assets/revisions.png)](https://github.com/devsectop/tf-via-pr/blob/main/docs/revisions.png?raw=true "View full-size image.")
[![PR comment revision history comparing plan and apply outputs.](/.github/assets/revisions.png)](https://github.com/devsectop/tf-via-pr/blob/main/.github/assets/revisions.png?raw=true "View full-size image.")
</details>
</br>

### Inputs - Arguments

Expand Down Expand Up @@ -171,6 +191,7 @@ unzip <tf.plan>
| `arg-workspace` | `-workspace` |
| `arg-write` | `-write` |
</details>
</br>

### Outputs

Expand All @@ -180,11 +201,14 @@ unzip <tf.plan>
| `comment-id` | ID of the PR comment. |
| `exitcode` | Exit code of the last TF command. |
| `identifier` | Unique name of the workflow run and artifact. |
</br>

## Security

View [security policy and reporting instructions](SECURITY.md).

</br>

## Changelog

View [all notable changes](https://github.com/devsectop/tf-via-pr/releases "Releases.") to this project in [Keep a Changelog](https://keepachangelog.com "Keep a Changelog.") format, which adheres to [Semantic Versioning](https://semver.org "Semantic Versioning.").
Expand All @@ -197,9 +221,10 @@ View [all notable changes](https://github.com/devsectop/tf-via-pr/releases "Rele
> - [Raise an issue](https://github.com/devsectop/tf-via-pr/issues "Raise an issue.") to propose changes or report unexpected behavior.
> - [Open a discussion](https://github.com/devsectop/tf-via-pr/discussions "Open a discussion.") to discuss broader topics or questions.
> - [Become a stargazer](https://github.com/devsectop/tf-via-pr/stargazers "Become a stargazer.") if you find this project useful.
</br>

## License

- This project is licensed under the permissive [Apache License 2.0](../LICENSE.txt "Apache License 2.0.").
- This project is licensed under the permissive [Apache License 2.0](LICENSE.txt "Apache License 2.0.").
- All works herein are my own, shared of my own volition, and [contributors](https://github.com/devsectop/tf-via-pr/graphs/contributors "Contributors.").
- Copyright 2022-2024 [Rishav Dhar](https://github.com/rdhar "Rishav Dhar's GitHub profile.") — All wrongs reserved.
File renamed without changes.
Loading

0 comments on commit 01cbb55

Please sign in to comment.