Skip to content
CDKTF CICD

CDKTF CICD #1

Sign in to view logs

CDKTF CICD

CDKTF CICD #1

Workflow file for this run

.github/workflows/cdktf-cicd.yml at 5d3de0d
---
name: CDKTF CICD
on:
workflow_dispatch:
inputs:
action:
description: "Action to perform"
required: true
type: choice
options:
- "deploy"
- "diff"
- "destroy"
default: "deploy"
workflow_call:
inputs:
action:
description: "Action to perform"
required: true
type: string
permissions:
contents: read
pull-requests: write
issues: read
env:
CDKTF_VERSION: 0.14.3
TERRAFORM_VERSION: 1.3.5
jobs:
terraform:
name: "Terraform CDK CICD"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
persist-credentials: false
# Configure 1Password Service Account
- name: Configure 1Password Service Account
uses: 1Password/load-secrets-action/configure@d1a4e73495bde3551cf63f6c048588b8f734e21d # v1
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
# Fetch TERRAFORM_CLOUD_TOKEN from 1Password using load-secrets-action
- name: Fetch TERRAFORM_CLOUD_TOKEN from 1Password
uses: 1Password/load-secrets-action@d1a4e73495bde3551cf63f6c048588b8f734e21d # v1
id: fetch-terraform-cloud-token
with:
export-env: false
env:
TERRAFORM_CLOUD_TOKEN: op://Infrastructure/terraform/cloud/token
- name: Install Terraform
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
cli_config_credentials_token: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
# Fetch the node version from the .nvmrc file
# Strip the leading "v" from the version number
- name: Fetch node version
id: fetch-node-version
run: |
echo "NODE_VERSION=$(cat .nvmrc | sed 's/[^0-9.]*//g')" >> $GITHUB_ENV
- name: Setup yarn
uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4
with:
node-version: ${{ steps.fetch-node-version.outputs.NODE_VERSION }}
- name: Install corepack
run: |
corepack enable
- name: Install dependencies
working-directory: ./cdktf
run: |
# Install node-gyp globally first
npm install -g node-gyp
yarn install --frozen-lockfile --immutable
- name: Generate module and provider bindings
working-directory: ./cdktf
env:
TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
run: yarn get
- name: Determine mode
id: determine-mode
run: |
if [ "${{ inputs.action }}" == "deploy" ]; then
echo "mode=auto-approve-apply" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "synth" ]; then
echo "mode=synth-only" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "diff" ]; then
echo "mode=plan-only" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "destroy" ]; then
echo "mode=auto-approve-destroy" >> $GITHUB_OUTPUT
else
echo "Unknown action: ${{ inputs.action }}"
exit 1
fi
- name: Run Terraform CDK
uses: hashicorp/terraform-cdk-action@7a6efa0bdbd9e966036d1bf84385042d3a8fc272 # v1.0.2
id: terraform-cdk
with:
terraformVersion: ${{ env.TERRAFORM_VERSION }}
cdktfVersion: ${{ env.CDKTF_VERSION }}
workingDirectory: ./cdktf
stackName: cdktf
mode: ${{ steps.determine-mode.outputs.mode }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
env:
TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
- name: Store generated CDKTF
uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4
# Only store the CDKTF output if the Terraform CDK step ran
if: steps.terraform-cdk.outcome != 'skipped' && steps.terraform-cdk.outcome != 'cancelled'
with:
name: cdktf
path: cdktf/cdktf.out/
retention-days: 5