chore(deps): update node.js to v20.16.0 (#358) #970
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: terraform | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| permissions: | |
| pull-requests: write | |
| jobs: | |
| check-diff: | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| target: ${{ steps.changes.outputs.target == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: changes | |
| with: | |
| filters: | | |
| target: | |
| - 'terraform/**/*' | |
| - '.github/workflows/terraform.yml' | |
| - 'aqua.yaml' | |
| terraform-fmt: | |
| runs-on: ubuntu-22.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup aqua | |
| uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
| with: | |
| aqua_version: v2.30.0 | |
| - name: Run terraform fmt | |
| working-directory: "./terraform" | |
| run: terraform fmt -check -recursive | |
| terraform-validate: | |
| name: terraform-validate (${{ matrix.dir }}) | |
| runs-on: ubuntu-22.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - { dir: koyashi.ro, prefix: KOYASHI_RO } | |
| - { dir: koyashiro.com, prefix: KOYASHIRO_COM } | |
| - { dir: koyashiro.dev, prefix: KOYASHIRO_DEV } | |
| - { dir: koyashiro.jp, prefix: KOYASHIRO_JP } | |
| - { dir: koyashiro.live, prefix: KOYASHIRO_LIVE } | |
| - { dir: koyashiro.me, prefix: KOYASHIRO_ME } | |
| - { dir: koyashiro.net, prefix: KOYASHIRO_NET } | |
| - { dir: koyashiro.sh, prefix: KOYASHIRO_SH } | |
| env: | |
| TF_WORKSPACE: ${{ secrets[format('TF_WORKSPACE_{0}', matrix.prefix)] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup aqua | |
| uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
| with: | |
| aqua_version: v2.30.0 | |
| - name: Export secrets | |
| uses: koyashiro/export-secrets@0e3cbdb91bd369c3b3a4ebf68b5975662801f6a8 # v0.5.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| downcase-tf-var: true | |
| downcase-tf-token: true | |
| - name: Run terraform init | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform init | |
| - name: Run terraform validate | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform validate | |
| tflint: | |
| runs-on: ubuntu-22.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup aqua | |
| uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
| with: | |
| aqua_version: v2.30.0 | |
| - name: Cache tflint plugin dir | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 | |
| with: | |
| path: ~/.tflint.d/plugins | |
| key: tflint-${{ hashFiles('terraform/.tflint.hcl') }} | |
| - name: Init TFLint | |
| working-directory: "./terraform" | |
| run: tflint --init | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run TFLint | |
| working-directory: "./terraform" | |
| run: tflint --recursive | |
| trivy: | |
| runs-on: ubuntu-22.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup aqua | |
| uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
| with: | |
| aqua_version: v2.30.0 | |
| - name: Run Trivy | |
| run: trivy config . | |
| terraform-plan: | |
| name: terraform-plan (${{ matrix.dir }}) | |
| runs-on: ubuntu-22.04 | |
| needs: [check-diff] | |
| if: needs.check-diff.outputs.target == 'true' | |
| strategy: | |
| matrix: | |
| include: | |
| - { dir: koyashi.ro, prefix: KOYASHI_RO } | |
| - { dir: koyashiro.com, prefix: KOYASHIRO_COM } | |
| - { dir: koyashiro.dev, prefix: KOYASHIRO_DEV } | |
| - { dir: koyashiro.jp, prefix: KOYASHIRO_JP } | |
| - { dir: koyashiro.live, prefix: KOYASHIRO_LIVE } | |
| - { dir: koyashiro.me, prefix: KOYASHIRO_ME } | |
| - { dir: koyashiro.net, prefix: KOYASHIRO_NET } | |
| - { dir: koyashiro.sh, prefix: KOYASHIRO_SH } | |
| env: | |
| TF_WORKSPACE: ${{ secrets[format('TF_WORKSPACE_{0}', matrix.prefix)] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup aqua | |
| uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
| with: | |
| aqua_version: v2.30.0 | |
| - name: Export secrets | |
| uses: koyashiro/export-secrets@0e3cbdb91bd369c3b3a4ebf68b5975662801f6a8 # v0.5.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| downcase-tf-var: true | |
| downcase-tf-token: true | |
| - name: Run terraform init | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform init | |
| - name: Run terraform plan | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: tfcmt -var target:${{ matrix.dir }} plan -patch -- terraform plan -no-color | |
| terraform-apply: | |
| name: terraform-apply (${{ matrix.dir }}) | |
| runs-on: ubuntu-22.04 | |
| needs: [check-diff, terraform-plan] | |
| if: needs.check-diff.outputs.target == 'true' && github.ref == 'refs/heads/main' | |
| strategy: | |
| matrix: | |
| include: | |
| - { dir: koyashi.ro, prefix: KOYASHI_RO } | |
| - { dir: koyashiro.com, prefix: KOYASHIRO_COM } | |
| - { dir: koyashiro.dev, prefix: KOYASHIRO_DEV } | |
| - { dir: koyashiro.jp, prefix: KOYASHIRO_JP } | |
| - { dir: koyashiro.live, prefix: KOYASHIRO_LIVE } | |
| - { dir: koyashiro.me, prefix: KOYASHIRO_ME } | |
| - { dir: koyashiro.net, prefix: KOYASHIRO_NET } | |
| - { dir: koyashiro.sh, prefix: KOYASHIRO_SH } | |
| env: | |
| TF_WORKSPACE: ${{ secrets[format('TF_WORKSPACE_{0}', matrix.prefix)] }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Setup aqua | |
| uses: aquaproj/aqua-installer@6ce1f8848ec8e61f14d57bd5d7597057a6dd187c # v3.0.1 | |
| with: | |
| aqua_version: v2.30.0 | |
| - name: Export secrets | |
| uses: koyashiro/export-secrets@0e3cbdb91bd369c3b3a4ebf68b5975662801f6a8 # v0.5.0 | |
| with: | |
| secrets: ${{ toJSON(secrets) }} | |
| downcase-tf-var: true | |
| downcase-tf-token: true | |
| - name: Run terraform init | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| run: terraform init | |
| - name: Run terraform apply | |
| working-directory: "./terraform/${{ matrix.dir }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: tfcmt -var target:${{ matrix.dir }} apply -- terraform apply -auto-approve -no-color |