Add Terragrunt composite actions (feat)

fcgroup · Jan 2, 2023 · 7bc903c · 7bc903c
1 parent 2331a18
commit 7bc903c
Show file tree

Hide file tree

Showing 6 changed files with 192 additions and 0 deletions.
diff --git a/.github/composites/setup-github-auth.yaml b/.github/composites/setup-github-auth.yaml
@@ -0,0 +1,12 @@
+name: Setup GitHub Authentication
+secrets:
+  GIT_TOKEN_BASIC:
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: Setup Environment Variable
+      run: export GITHUB_TOKEN="$GIT_TOKEN_BASIC"
+      shell: bash
+      env:
+        GIT_TOKEN_BASIC: ${{ secrets.GIT_TOKEN_BASIC }}
diff --git a/.github/composites/terragrunt-apply.yaml b/.github/composites/terragrunt-apply.yaml
@@ -0,0 +1,54 @@
+name: Terragrunt Apply
+inputs:
+  baseDirectory:
+    description: The base directory of the stack being deployed.
+    required: false
+    type: string
+    default: ''
+  changeDetectionExpression:
+    description: The regular expression pattern (passed to `grep -E`) that is used to match applicable files in a changeset.
+    required: false
+    type: string
+    default: .*\.(hcl|json|yaml)$
+secrets:
+  GIT_TOKEN_BASIC:
+    required: true
+  TFC_ACCESS_TOKEN:
+    required: true
+runs:
+  using: composite
+  steps:
+    - uses: actions/checkout@v3
+      with:
+        repository: cncsc/actions
+        path: ./.actions/
+
+    - id: verify_files_changed
+      name: Verify Files Changed
+      run: |
+        ./.actions/scripts/utilities/verify-files-changed.sh \
+        '${{ inputs.baseDirectory }}' \
+        '${{ inputs.changeDetectionExpression }}'
+      shell: bash
+
+    - uses: Homebrew/actions/setup-homebrew@master
+      if: steps.verify_files_changed.outputs.files_changed == 'true'
+
+    - name: Install Homebrew packages
+      if: steps.verify_files_changed.outputs.files_changed == 'true'
+      run: brew install terragrunt
+      shell: bash
+
+    - name: Set Terraform Cloud Credentials
+      if: steps.verify_files_changed.outputs.files_changed == 'true'
+      run: ./.actions/scripts/terraform/set-tfc-credentials.sh
+      shell: bash
+      env:
+        TFC_ACCESS_TOKEN: ${{ secrets.TFC_ACCESS_TOKEN }}
+
+    - name: Terragrunt Apply
+      if: steps.verify_files_changed.outputs.files_changed == 'true'
+      run: ./.actions/scripts/terraform/run-terragrunt-apply.sh '${{ inputs.baseDirectory }}'
+      shell: bash
+      env:
+        GITHUB_TOKEN: ${{ secrets.GIT_TOKEN_BASIC }}
diff --git a/scripts/terraform/run-terragrunt-apply.sh b/scripts/terraform/run-terragrunt-apply.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+function main() {
+  local -r base_directory="$1"
+
+  pushd "$base_directory" || exit 1
+
+    # Initialize Terraform and upgrade provider/module references
+    terragrunt run-all init -upgrade \
+      --terragrunt-non-interactive \
+      --terragrunt-source-update \
+      --terragrunt-include-external-dependencies \
+      --terragrunt-working-dir "$base_directory"
+
+    # Apply all
+    terragrunt run-all apply \
+      --terragrunt-non-interactive \
+      --terragrunt-source-update \
+      --terragrunt-include-external-dependencies \
+      --terragrunt-working-dir "$base_directory"
+
+  popd || exit 1
+}
+
+main "$@"
diff --git a/scripts/terraform/set-tfc-credentials.sh b/scripts/terraform/set-tfc-credentials.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+function main() {
+  local -r tfrc_path="$HOME/.terraform.d"
+
+  # Create the containing directory tree
+  mkdir -p "$tfrc_path"
+
+  # Save access token to credentials file
+  echo '{}' | jq ".credentials[\"app.terraform.io\"].token |= \"$TFC_ACCESS_TOKEN\"" > "$tfrc_path/credentials.tfrc.json"
+}
+
+main "$@"
diff --git a/scripts/utilities/get-semver-change-type.sh b/scripts/utilities/get-semver-change-type.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+function main() {
+  local -r latest_version="$(git describe --tags --abbrev=0)"
+  echo "Latest tag version: $latest_version"
+
+  local -r previous_hash="$(git rev-list --tags --skip=1 --max-count=1)"
+  local -r previous_version="$(git describe --abbrev=0 --tags "$previous_hash")"
+
+  echo "Previous tag version was: $previous_version"
+
+  # Replace the dot with blank space for the version
+  local -r current=${latest_version//./ }
+  local -r previous=${previous_version//./ }
+
+  # Extract major, minor and patch from current version
+  local -r current_patch=$(echo "$current" | awk '{print $3}')
+  local -r current_minor=$(echo "$current" | awk '{print $2}')
+  local -r current_major=$(echo "$current" | awk '{print $1}')
+
+  # Extract major, minor and patch from previous version
+  local -r previous_patch=$(echo "$previous" | awk '{print $3}')
+  local -r previous_minor=$(echo "$previous" | awk '{print $2}')
+  local -r previous_major=$(echo "$previous" | awk '{print $1}')
+
+  # Compare the version
+  if [ "$current_major" -gt "$previous_major" ]; then
+    echo "Major version was updated"
+    echo "semver_diff=major"
+  elif [ "$current_minor" -gt "$previous_minor" ]; then
+    echo "Minor version was updated"
+    echo "semver_diff=minor"
+  elif [ "$current_patch" -gt "$previous_patch" ]; then
+    echo "Patch version was updated"
+    echo "semver_diff=patch"
+  else
+    echo "No change in version"
+    echo "semver_diff=none"
+  fi
+}
+
+main "$@"
diff --git a/scripts/utilities/verify-files-changed.sh b/scripts/utilities/verify-files-changed.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+function main() {
+  local changeset
+  local -r base_directory="$1"
+  local -r grep_pattern="$2"
+  local -r current_hash="$(git rev-parse HEAD)"
+  local -r previous_hash="$(git rev-list --tags --skip=1 --max-count=1)"
+  local -r previous_version="$(git describe --abbrev=0 --tags "$previous_hash")"
+
+  echo "Most recent tag was $previous_version at commit $previous_hash"
+  echo "Complete changeset:"
+
+  git --no-pager diff --name-only "$previous_hash..$current_hash"
+
+  echo ""
+  echo "Looking for files in ./${base_directory}/ matching '${grep_pattern}'"
+  changeset="$(git --no-pager diff --name-only "$previous_hash..$current_hash")"
+  changeset="$(echo "$changeset" | grep -E "^$base_directory/.*")"
+  changeset="$(echo "$changeset" | grep -E "$grep_pattern" || true)"
+
+  if [ -z "$changeset" ]; then
+    echo "Changeset did not contain any matching files."
+    echo ""
+    echo "files_changed=false"
+  else
+    echo "Changeset contained the following matching files:"
+    echo "$changeset"
+    echo ""
+
+    local json_changeset
+    json_changeset='[]'
+
+    while read -r line
+    do
+      json_changeset="$(echo "$json_changeset" | jq ".[. | length] = \"$line\"")"
+    done < <(echo "$changeset")
+
+    json_changeset="$(echo "$json_changeset" | jq -r tostring)"
+
+    echo "files_changed=true"
+    echo "changeset='$json_changeset'"
+  fi
+}
+
+main "$@"