--- name: Continuous Integration on: workflow_call: inputs: root_module_folder_relative_path: description: 'Root Module Folder Relative Path' default: '.' type: string terraform_cli_version: description: 'Terraform CLI Version' default: 'latest' type: string jobs: validate: name: Validate Terraform runs-on: ${runner_name} environment: ${environment_name_plan} steps: - name: Checkout Code uses: actions/checkout@v4 - name: Install Terraform uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false terraform_version: $${{ inputs.terraform_cli_versions }} - name: Terraform Format Check run: | terraform \ -chdir="$${{inputs.root_module_folder_relative_path}}" \ fmt \ -check - name: Terraform Init run: | terraform \ -chdir="$${{inputs.root_module_folder_relative_path}}" \ init \ -backend=false - name: Terraform Validate run: | terraform \ -chdir="$${{inputs.root_module_folder_relative_path}}" \ validate plan: name: Validate Terraform Plan needs: validate runs-on: ${runner_name} concurrency: ${backend_azure_storage_account_container_name} environment: ${environment_name_plan} permissions: # NOTE: When modifying the token subject claims and adding `environment`. # If the `id-token` permission is granted at the workflow level # and the workflow has at least one job that does not specify an environment # then the action will fail with an internal error. id-token: write contents: read pull-requests: write env: ARM_CLIENT_ID: "$${{ vars.AZURE_CLIENT_ID }}" ARM_SUBSCRIPTION_ID: "$${{ vars.AZURE_SUBSCRIPTION_ID }}" ARM_TENANT_ID: "$${{ vars.AZURE_TENANT_ID }}" ARM_USE_AZUREAD: true ARM_USE_OIDC: true steps: - name: Checkout Code uses: actions/checkout@v4 - name: Install Terraform uses: hashicorp/setup-terraform@v3 with: terraform_wrapper: false terraform_version: $${{ inputs.terraform_cli_versions }} - name: Terraform Init run: | terraform \ -chdir="$${{inputs.root_module_folder_relative_path}}" \ init \ -backend-config="resource_group_name=$${{vars.BACKEND_AZURE_RESOURCE_GROUP_NAME}}" \ -backend-config="storage_account_name=$${{vars.BACKEND_AZURE_STORAGE_ACCOUNT_NAME}}" \ -backend-config="container_name=$${{vars.BACKEND_AZURE_STORAGE_ACCOUNT_CONTAINER_NAME}}" \ -backend-config="key=terraform.tfstate" - name: Terraform Plan id: plan run: | terraform \ -chdir="$${{inputs.root_module_folder_relative_path}}" \ plan \ -input=false - name: Update Pull Request if: (success() || failure()) && github.event_name == 'pull_request' uses: actions/github-script@v6 with: github-token: $${{ secrets.GITHUB_TOKEN }} script: | const output = `#### Terraform Plan 📖\`$${{ steps.plan.outcome }}\` <details><summary>Run details</summary> The plan was a $${{ steps.plan.outcome }} see the action for more details. </details> *Pushed by: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: output })