From a6a55a9224b5e43df949688e7cf178ec6f2c16b2 Mon Sep 17 00:00:00 2001 From: Lewis Christie Date: Fri, 4 Jul 2025 11:53:07 -0600 Subject: [PATCH 1/8] Remove redundant checkout --- .github/workflows/pipelines-root.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 794d324..4692328 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -729,14 +729,6 @@ jobs: FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} api_base_url: ${{ inputs.api_base_url }} - - name: Fetch Org Read Token - id: pipelines-customer-org-read-token - uses: gruntwork-io/pipelines-credentials@v1 - with: - PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} - FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} - api_base_url: ${{ inputs.api_base_url }} - - name: Fetch Create PR Token id: pipelines-propose-infra-change-token uses: gruntwork-io/pipelines-credentials@v1 @@ -753,13 +745,6 @@ jobs: ref: ${{ env.PIPELINES_ACTIONS_REF }} token: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} - - name: Check out repo code - uses: actions/checkout@v4 - with: - path: infra-live-repo - fetch-depth: 0 - token: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} - - name: Install Pipelines CLI uses: ./pipelines-actions/.github/actions/pipelines-install with: From f6921824c82d045dd7349d8815cb6ac6214b5c1e Mon Sep 17 00:00:00 2001 From: Lewis Christie Date: Fri, 4 Jul 2025 12:42:49 -0600 Subject: [PATCH 2/8] Remove working dir --- .github/workflows/pipelines-root.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 4692328..47989ac 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -753,7 +753,6 @@ jobs: - name: Check Status shell: bash - working-directory: ./infra-live-repo env: PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-propose-infra-change-token.outputs.PIPELINES_TOKEN }} run: | From 28d9466ddaab6c52cecccb716af50e25d8e3e517 Mon Sep 17 00:00:00 2001 From: Lewis Christie Date: Fri, 4 Jul 2025 12:49:27 -0600 Subject: [PATCH 3/8] Revert - finalize needs to determine repo remote url --- .github/workflows/pipelines-root.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 47989ac..794d324 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -729,6 +729,14 @@ jobs: FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} api_base_url: ${{ inputs.api_base_url }} + - name: Fetch Org Read Token + id: pipelines-customer-org-read-token + uses: gruntwork-io/pipelines-credentials@v1 + with: + PIPELINES_TOKEN_PATH: pipelines-read/${{ github.repository_owner }} + FALLBACK_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} + api_base_url: ${{ inputs.api_base_url }} + - name: Fetch Create PR Token id: pipelines-propose-infra-change-token uses: gruntwork-io/pipelines-credentials@v1 @@ -745,6 +753,13 @@ jobs: ref: ${{ env.PIPELINES_ACTIONS_REF }} token: ${{ steps.pipelines-gruntwork-read-token.outputs.PIPELINES_TOKEN }} + - name: Check out repo code + uses: actions/checkout@v4 + with: + path: infra-live-repo + fetch-depth: 0 + token: ${{ steps.pipelines-customer-org-read-token.outputs.PIPELINES_TOKEN }} + - name: Install Pipelines CLI uses: ./pipelines-actions/.github/actions/pipelines-install with: @@ -753,6 +768,7 @@ jobs: - name: Check Status shell: bash + working-directory: ./infra-live-repo env: PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-propose-infra-change-token.outputs.PIPELINES_TOKEN }} run: | From f4f88e6436e63ef8bf9f24caa3448e64ffc52630 Mon Sep 17 00:00:00 2001 From: Lewis Christie Date: Fri, 4 Jul 2025 13:35:40 -0600 Subject: [PATCH 4/8] Remove status-update from baseline --- .github/workflows/pipelines-root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 794d324..f06eaed 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -395,7 +395,7 @@ jobs: stack_paths: ${{ toJson(matrix.jobs.StackPaths) }} - name: Update comment - if: always() && (steps.gruntwork_context.outputs.action == 'TERRAGRUNT_EXECUTE' || steps.gruntwork_context.outputs.action == 'BASELINE_ACCOUNT') + if: always() && steps.gruntwork_context.outputs.action == 'TERRAGRUNT_EXECUTE' uses: ./pipelines-actions/.github/actions/pipelines-comment-job-update with: PR_COMMENT_WRITE_TOKEN: ${{ steps.pipelines-propose-infra-change-token.outputs.PIPELINES_TOKEN }} From fc4ecf0487e43e6128c634ef240fd374b1f2f67c Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Mon, 7 Jul 2025 12:30:33 -0600 Subject: [PATCH 5/8] Run finalize job for only terragrunt execute actions --- .github/workflows/pipelines-root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index f06eaed..c4f4fa2 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -711,7 +711,7 @@ jobs: pipelines_apply_baselines, pipelines_setup_delegated_repo, ] - if: always() && fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0] != null + if: always() && fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0] != null && fromJson(needs.pipelines_execute.outputs.action) == 'TERRAGRUNT_EXECUTE' steps: - name: Record workflow env vars env: From b3137844ae54f92c4042bbce7305bc8414d3b7fe Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Mon, 7 Jul 2025 13:10:03 -0600 Subject: [PATCH 6/8] Set debug log level on preflight command --- .github/workflows/pipelines-root.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index c4f4fa2..f773951 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -167,6 +167,8 @@ jobs: - name: Preflight Checks uses: ./pipelines-actions/.github/actions/pipelines-preflight-action + env: + PIPELINES_LOG_LEVEL: debug with: IS_ROOT: "true" PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} From fab8a06ecbe5f4a6751ad7c3d50b872bbe455534 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Mon, 7 Jul 2025 16:39:22 -0600 Subject: [PATCH 7/8] Set version of mise to be installed --- .github/workflows/pipelines-root.yml | 2 ++ .github/workflows/pipelines-unlock.yml | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index f773951..c6625e6 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -292,6 +292,7 @@ jobs: with: install: true cache: true + version: 2024.10.8 working_directory: "./infra-live-repo" - name: Configure code auth @@ -499,6 +500,7 @@ jobs: with: install: true cache: true + version: 2024.10.8 working_directory: "./infra-live-repo" - name: Configure code auth diff --git a/.github/workflows/pipelines-unlock.yml b/.github/workflows/pipelines-unlock.yml index 5d152b1..43a0746 100644 --- a/.github/workflows/pipelines-unlock.yml +++ b/.github/workflows/pipelines-unlock.yml @@ -280,6 +280,7 @@ jobs: with: install: true cache: true + version: 2024.10.8 mise_toml: "${{ steps.mise-toml.outputs.TOML }}" - name: Test Terraform, OpenTofu and Terragrunt From 72b89289d2544cefcc1dcc064dbd6cdaa474aab3 Mon Sep 17 00:00:00 2001 From: Oreoluwa Agunbiade Date: Mon, 7 Jul 2025 18:26:19 -0600 Subject: [PATCH 8/8] Remove debug logging --- .github/workflows/pipelines-root.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index c6625e6..7610810 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -167,8 +167,6 @@ jobs: - name: Preflight Checks uses: ./pipelines-actions/.github/actions/pipelines-preflight-action - env: - PIPELINES_LOG_LEVEL: debug with: IS_ROOT: "true" PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }}