gh-actions
gh-actions copied to clipboard
terraform-docs
Allow fail-on-diff regardless of git-push
What problem are you facing?
I am currently using terraform-docs within a larger workflow on pull requests. Because I am using the git-push feature, I would like to have terraform-docs be the first job executed, and only execute subsequent jobs if there is NO push from the terraform-docs job. In order to do this, I need to use both the git-push and fail-on-diff options.
.github/workflows/pull_request.yml
---
name: Pull Request
on:
pull_request:
branches:
- main
jobs:
terraform-docs:
uses: ./.github/workflows/terraform-docs.yml
secrets:
terraformdocs: ${{ secrets.terraformdocs }}
linter:
uses: ./.github/workflows/linter.yml
needs:
- terraform-docs
terratest:
uses: ./.github/workflows/terratest.yml
needs:
- terraform-docs
.github/workflows/terraform-docs.yml
---
name: Terraform Docs
on:
workflow_call:
secrets:
terraformdocs:
description: 'A token passed from the caller workflow'
required: true
jobs:
docs:
name: Terraform Docs
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
# This PAT is required so the resulting docs push will trigger an additional workflow run.
token: ${{ secrets.terraformdocs }}
- name: Terraform Docs
uses: terraform-docs/[email protected]
with:
git-push-user-email: "[email protected]"
git-push-user-name: "terraform-docs-bot-${{ env.GITHUB_ACTOR }}"
git-push: "true"
fail-on-diff: "true"
How could terraform-docs help solve your problem?
I am more than happy to PR if there is appetite from the community for the change. It seems the current logic is:
if [ "${INPUT_GIT_PUSH}" = "true" ]; then
git_commit
git push
else
if [ "${INPUT_FAIL_ON_DIFF}" = "true" ] && [ "${num_changed}" -ne 0 ]; then
echo "::error ::Uncommitted change(s) has been found!"
exit 1
fi
fi
and the desired logic would be something like:
if [ "${INPUT_GIT_PUSH}" = "true" ]; then
git_commit
git push
fi
if [ "${INPUT_FAIL_ON_DIFF}" = "true" ] && [ "${num_changed}" -ne 0 ]; then
echo "::error ::Terraform documentation change(s) has/have been found!"
exit 1
fi
Thanks for your time.
In the meantime, I've worked around the issue with the following configuration:
name: Terraform Docs
on:
workflow_call:
secrets:
terraformdocs:
description: 'A token passed from the caller workflow'
required: true
jobs:
docs:
name: Terraform Docs
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.ref }}
# This PAT is required so the resulting docs push will trigger an additional workflow run.
token: ${{ secrets.terraformdocs }}
- name: Record latest author
run: |
echo "ORIGINAL_COMMIT_AUTHOR=$(git log -1 --pretty=format:'%ae')" >> "$GITHUB_ENV"
- name: Terraform Docs
uses: terraform-docs/[email protected]
with:
git-push: "true"
git-commit-message: "Terraform Docs Automated Update"
git-push-user-email: "[email protected]"
git-push-user-name: "terraform-docs-bot-${{ env.GITHUB_ACTOR }}"
- name: Check for changes
run: |
if [[ "$(git log -1 --pretty=format:'%ae')" != "${ORIGINAL_COMMIT_AUTHOR}" ]]
then
echo "Changes detected. Failing workflow now to prevent duplicate subsequent steps."
exit 1
fi