Skip to content

feat: updated terraform version to be picked up dynamically from .terraform-version or required-version #98

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SamW94 merged 21 commits into from
Jan 7, 2026
Merged

feat: updated terraform version to be picked up dynamically from .terraform-version or required-version #98

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
5e2e962
updated terraform version to be picked up dynamically from .terraform…
ajuddin Dec 5, 2025
078e7cb
updated logic in retriving TF version
ajuddin Dec 5, 2025
09766ad
updated cache stage to removePer-directory providers folder
ajuddin Dec 5, 2025
db24625
updated cache stage to removePer-directory providers folder
ajuddin Dec 5, 2025
2f7a8ba
feat: initialise with --upgrade flag
SamW94 Dec 5, 2025
10ebb3d
feat: initialise with --upgrade flag
SamW94 Dec 5, 2025
b4d249f
feat: initialise with --lockfile=update
SamW94 Dec 5, 2025
03f98d4
feat: allow access to github app for reading module repos
SamW94 Dec 5, 2025
b956f93
feat: allow access to github app for reading module repos
SamW94 Dec 5, 2025
8c317a1
feat: allow access to github app for reading module repos
SamW94 Dec 5, 2025
15f145b
fix: yaml formatting
SamW94 Dec 5, 2025
3646946
feat: allow access to github app for reading module repos
SamW94 Dec 5, 2025
235c34c
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
c91a214
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
4b239b2
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
2474c74
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
45c19fe
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
36c930a
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
6dafb1f
feat: allow access to github app for reading module repos
SamW94 Dec 8, 2025
80964b2
Merge branch 'main' into update-terraform-ci-tf-version
SamW94 Jan 7, 2026
4a26f7d
fix: false positive in presidio
SamW94 Jan 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
64 changes: 62 additions & 2 deletions .github/workflows/org.terraform-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,18 +33,75 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
- name: Determine Terraform Version
id: tf-version
shell: bash
run: |
set -euo pipefail

VERSION=""

# Check for .terraform-version file
if [[ -f ".terraform-version" ]]; then
VERSION=$(sed -E 's/#.*//; s/[[:space:]]+//g' .terraform-version)
if [[ -n "$VERSION" ]]; then
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Terraform version resolved from .terraform-version: $VERSION"
exit 0
fi
fi
RV=$(grep -Rho 'required_version *= *"= *[0-9]+\.[0-9]+\.[0-9]+"' . || true)
if [[ -n "$RV" ]]; then
VERSION=$(echo "$RV" | sed -E 's/.*"= *([0-9]+\.[0-9]+\.[0-9]+)".*/\1/' | head -n1)
if [[ -n "$VERSION" ]]; then
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "Terraform version resolved from required_version: $VERSION"
exit 0
fi
fi
VERSION="latest"
echo "version=latest" >> "$GITHUB_OUTPUT"
echo "Terraform version resolved to fallback: $VERSION"

- name: Setup Terraform
id: setup-tf
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: ${{ steps.tf-version.outputs.version }}
terraform_wrapper: false

# fmt is local-only
- name: FMT (repo-wide)
env:
TF_PLUGIN_CACHE_DIR: ""
run: terraform fmt -recursive -check

# GitHub App token for cloning private module repos
- name: Verify GitHub App secrets present
env:
APP_ID: ${{ secrets.TERRAFORM_MODULE_ACCESS_APP_ID }}
APP_PRIVATE_KEY: ${{ secrets.TERRAFORM_MODULE_ACCESS_PRIVATE_KEY }}
run: |
set -euo pipefail
[ -n "${APP_ID:-}" ] || { echo "Missing secret APP_ID"; exit 1; }
[ -n "${APP_PRIVATE_KEY:-}" ] || { echo "Missing secret APP_PRIVATE_KEY"; exit 1; }

- name: Get GitHub App token for modules
id: app-token
uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94
with:
owner: uktrade
app-id: ${{ secrets.TERRAFORM_MODULE_ACCESS_APP_ID }}
private-key: ${{ secrets.TERRAFORM_MODULE_ACCESS_PRIVATE_KEY }}

- name: Configure git auth for private module clones
env:
TOKEN: ${{ steps.app-token.outputs.token }}
run: |
git config --global url."https://x-access-token:${TOKEN}@github.com/".insteadOf "https://github.com/"
git config --global --get-regexp '^url\..*\.insteadOf$' || true

# ---- Provider cache (used by init/validate) ----
- name: Prepare Terraform provider cache dir
shell: bash
Expand All @@ -61,6 +118,9 @@ jobs:
restore-keys: |
tf-plugins-${{ runner.os }}-tf${{ steps.setup-tf.outputs.terraform_version }}-
tf-plugins-${{ runner.os }}-
- name: Clear per-directory .terraform providers
run: |
find . -type d -name ".terraform" -exec rm -rf {} +

# ---- Discover roots (skip examples entirely)
- name: Discover Terraform dirs (skip examples)
Expand Down Expand Up @@ -126,7 +186,7 @@ jobs:
echo "==> terraform init: $d"
echo "=============================="
lockflag=()
[[ -f "$d/.terraform.lock.hcl" ]] && lockflag=(-lockfile=readonly)
[[ -f "$d/.terraform.lock.hcl" ]] && lockflag=(-lockfile=update)

# INIT — SOFT-SKIP on auth/path/download issues
log="$(mktemp)"
Expand Down
3 changes: 2 additions & 1 deletion personal-data-exclusions.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
tests/test_data/*
.github/workflows/test.yml
.github/workflows/org.common-ci.yml
.github/workflows/org.common-ci.yml
.github/workflows/org.terraform-ci.yml
Loading