Bump the github-actions group with 4 updates #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: branch-deploy | |
| on: | |
| issue_comment: | |
| types: [created] | |
| # Permissions needed for reacting and adding comments for IssueOps commands | |
| permissions: | |
| pull-requests: write | |
| deployments: write | |
| contents: write | |
| checks: read | |
| jobs: | |
| deploy: | |
| environment: production-secrets | |
| if: ${{ github.event.issue.pull_request }} # only run on pull request comments | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: github/[email protected] | |
| id: branch-deploy | |
| with: | |
| admins: the-hideout/core-contributors | |
| admins_pat: ${{ secrets.BRANCH_DEPLOY_ADMINS_PAT }} | |
| environment_targets: production | |
| environment_urls: production|https://status.tarkov.dev | |
| sticky_locks: "true" | |
| - name: checkout | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ steps.branch-deploy.outputs.ref }} | |
| - uses: azure/login@de95379fe4dadc2defb305917eaa7e5dde727294 # pin@v1 | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' }} | |
| with: | |
| creds: ${{ secrets.AZURE_CREDENTIALS }} | |
| - uses: hashicorp/setup-terraform@ed3a0531877aca392eb870f440d9ae7aba83a6bd # pin@v1 | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' }} | |
| with: | |
| terraform_version: 1.1.7 | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| - name: Terraform init | |
| id: init | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' }} | |
| working-directory: terraform/ | |
| run: terraform init | |
| ### NOOP DEPLOY ### | |
| - name: Terraform fmt | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }} | |
| working-directory: terraform/ | |
| id: fmt | |
| run: terraform fmt -check | |
| continue-on-error: true | |
| - name: Terraform validate | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }} | |
| working-directory: terraform/ | |
| id: validate | |
| run: terraform validate -no-color | |
| - name: Terraform plan | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }} | |
| working-directory: terraform/ | |
| id: plan | |
| env: | |
| TF_VAR_CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| TF_VAR_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| TF_VAR_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }} | |
| TF_VAR_TENANT_ID: ${{ secrets.TENANT_ID }} | |
| run: terraform plan -no-color | |
| continue-on-error: true | |
| # Post comment on PR with development plan info | |
| - uses: actions/github-script@5d03ada4b0a753e9460b312e61cc4f8fdeacf163 # [email protected] | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }} | |
| env: | |
| PLAN: "terraform ${{ steps.plan.outputs.stdout }}" | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `### Terraform Plan - Production (noop) 🪐 | |
| - Terraform Format and Style 🖌: \`${{ steps.fmt.outcome }}\` | |
| - Terraform Initialization ⚙️: \`${{ steps.init.outcome }}\` | |
| - Terraform Validation 🤖: \`${{ steps.validate.outcome }}\` | |
| - Terraform Plan 📖: \`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\`${process.env.PLAN}\`\`\` | |
| </details> | |
| In addition to the plan, the branch: \`${{ steps.branch-deploy.outputs.ref }}\` would have been deployed | |
| > Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/\`, Workflow: \`${{ github.workflow }}\``; | |
| github.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| ##################### | |
| ### BRANCH DEPLOY ### | |
| - name: Terraform apply | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }} | |
| working-directory: terraform/ | |
| env: | |
| # Creds | |
| TF_VAR_CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
| TF_VAR_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }} | |
| TF_VAR_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }} | |
| TF_VAR_TENANT_ID: ${{ secrets.TENANT_ID }} | |
| run: terraform apply -auto-approve | |
| - name: SSH Remote Deploy | |
| if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }} | |
| uses: appleboy/ssh-action@2451745138b602d3e100a6def50c8e4e39591d4c # [email protected] | |
| with: | |
| host: ${{ secrets.SSH_HOST }} | |
| username: ${{ secrets.SSH_USERNAME }} | |
| key: ${{ secrets.SSH_KEY }} | |
| port: ${{ secrets.SSH_PORT }} | |
| script_stop: true | |
| script: ~/status/script/deploy -r="${{ steps.branch-deploy.outputs.ref }}" -f="${{ steps.branch-deploy.outputs.fork_checkout }}" -d="status" -n="${{ steps.branch-deploy.outputs.fork_full_name }}" |