Skip to content

Archive audit logs #1153

Archive audit logs

Archive audit logs #1153

name: "Terraform version check"
on:
workflow_dispatch:
pull_request:
paths:
- "aws/**"
- "env/**"
- ".github/workflows/terraform-version-check.yml"
env:
ENV: staging
jobs:
terraform-version-check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Get latest versions
id: latest
run: |
TERRAFORM_LATEST="$(curl https://api.github.com/repos/hashicorp/terraform/releases/latest | jq --raw-output '.tag_name' | cut -c 2-)"
TERRAGRUNT_LATEST="$(curl https://api.github.com/repos/gruntwork-io/terragrunt/releases/latest | jq --raw-output '.tag_name' | cut -c 2-)"
echo "terraform=${TERRAFORM_LATEST}" >> $GITHUB_OUTPUT
echo "terragrunt=${TERRAGRUNT_LATEST}" >> $GITHUB_OUTPUT
- name: Get used versions
id: used
run: |
pip install yq
TERRAFORM_USED="$(yq -r .env.TERRAFORM_VERSION .github/workflows/terragrunt-apply-${{ env.ENV }}.yml)"
TERRAGRUNT_USED="$(yq -r .env.TERRAGRUNT_VERSION .github/workflows/terragrunt-apply-${{ env.ENV }}.yml)"
echo "terraform=${TERRAFORM_USED}" >> $GITHUB_OUTPUT
echo "terragrunt=${TERRAGRUNT_USED}" >> $GITHUB_OUTPUT
- name: Delete previous comments
uses: actions/github-script@10b53a9ec6c222bb4ce97aa6bd2b5f739696b536 # v4.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const { data: comments } = await github.issues.listComments({...context.repo, issue_number: context.issue.number});
const comment = comments.find(comment => comment.user.type === "Bot" && comment.body.indexOf("Terrform update available") > -1);
if (comment) {
await github.issues.deleteComment({...context.repo, comment_id: comment.id});
}
- name: Add version comment
if: steps.latest.outputs.terraform != steps.used.outputs.terraform || steps.latest.outputs.terragrunt != steps.used.outputs.terragrunt
uses: actions/github-script@10b53a9ec6c222bb4ce97aa6bd2b5f739696b536 # v4.2.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const tf = { used: "${{ steps.used.outputs.terraform }}", latest: "${{ steps.latest.outputs.terraform }}" };
const tg = { used: "${{ steps.used.outputs.terragrunt }}", latest: "${{ steps.latest.outputs.terragrunt }}" };
const terraform = tf.used !== tf.latest ? `\nTerraform: ${tf.latest} (using ${tf.used})` : "";
const terragrunt = tg.used !== tg.latest ? `\nTerragrunt: ${tg.latest} (using ${tg.used})` : "";
github.issues.createComment({
...context.repo,
issue_number: context.issue.number,
body: `## ⚠ Terrform update available\n\`\`\`yaml${terraform}${terragrunt}\n\`\`\``
})