ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/.gitea/workflows/terraform-plan.yml

148 lines
5.0 KiB
YAML
Raw Blame History

name: OpenTofu Plan
on:
pull_request:
branches: [main, develop]
paths:
- 'infrastructure/**'
- '.gitea/workflows/terraform-plan.yml'
env:
TOFU_VERSION: "1.10.6"
jobs:
plan:
runs-on: ubuntu-latest
strategy:
matrix:
environment: [dev, staging, production]
provider: [oracle-cloud, huawei-cloud, google-cloud, digitalocean, aws]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: ${{ env.TOFU_VERSION }}
- name: Configure credentials
run: |
# 设置各云服务商的认证信息
echo "Setting up credentials for ${{ matrix.provider }}"
case "${{ matrix.provider }}" in
"oracle-cloud")
mkdir -p ~/.oci
echo "${{ secrets.OCI_PRIVATE_KEY }}" > ~/.oci/oci_api_key.pem
chmod 600 ~/.oci/oci_api_key.pem
;;
"huawei-cloud")
export HW_ACCESS_KEY="${{ secrets.HW_ACCESS_KEY }}"
export HW_SECRET_KEY="${{ secrets.HW_SECRET_KEY }}"
;;
"google-cloud")
echo "${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}" > /tmp/gcp-key.json
export GOOGLE_APPLICATION_CREDENTIALS="/tmp/gcp-key.json"
;;
"digitalocean")
export DIGITALOCEAN_TOKEN="${{ secrets.DO_TOKEN }}"
;;
"aws")
export AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}"
export AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}"
;;
esac
- name: Create terraform.tfvars
run: |
cd infrastructure/environments/${{ matrix.environment }}
cat > terraform.tfvars << EOF
environment = "${{ matrix.environment }}"
project_name = "mgmt"
owner = "ben"
# Oracle Cloud 配置
oci_config = {
tenancy_ocid = "${{ secrets.OCI_TENANCY_OCID }}"
user_ocid = "${{ secrets.OCI_USER_OCID }}"
fingerprint = "${{ secrets.OCI_FINGERPRINT }}"
private_key_path = "~/.oci/oci_api_key.pem"
region = "ap-seoul-1"
}
# 华为云配置
huawei_config = {
access_key = "${{ secrets.HW_ACCESS_KEY }}"
secret_key = "${{ secrets.HW_SECRET_KEY }}"
region = "cn-north-4"
}
# Google Cloud 配置
gcp_config = {
project_id = "${{ secrets.GCP_PROJECT_ID }}"
region = "asia-northeast3"
zone = "asia-northeast3-a"
credentials = "/tmp/gcp-key.json"
}
# DigitalOcean 配置
do_config = {
token = "${{ secrets.DO_TOKEN }}"
region = "sgp1"
}
# AWS 配置
aws_config = {
access_key = "${{ secrets.AWS_ACCESS_KEY_ID }}"
secret_key = "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
region = "ap-northeast-1"
}
EOF
- name: OpenTofu Init
run: |
cd infrastructure/providers/${{ matrix.provider }}
tofu init
- name: OpenTofu Validate
run: |
cd infrastructure/providers/${{ matrix.provider }}
tofu validate
- name: OpenTofu Plan
run: |
cd infrastructure/providers/${{ matrix.provider }}
tofu plan \
-var-file="../../../environments/${{ matrix.environment }}/terraform.tfvars" \
-out=tfplan-${{ matrix.environment }}-${{ matrix.provider }}
- name: Upload Plan
uses: actions/upload-artifact@v4
with:
name: tfplan-${{ matrix.environment }}-${{ matrix.provider }}
path: infrastructure/providers/${{ matrix.provider }}/tfplan-${{ matrix.environment }}-${{ matrix.provider }}
retention-days: 30
- name: Comment PR
uses: actions/github-script@v7
if: github.event_name == 'pull_request'
with:
script: |
const fs = require('fs');
const path = 'infrastructure/providers/${{ matrix.provider }}/tfplan-${{ matrix.environment }}-${{ matrix.provider }}';
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## OpenTofu Plan Results
**Environment:** ${{ matrix.environment }}
**Provider:** ${{ matrix.provider }}
**Status:** ✅ Plan generated successfully
Plan artifact uploaded: \`tfplan-${{ matrix.environment }}-${{ matrix.provider }}\`
Please review the plan before merging.`
});
Reference in New Issue View Git Blame Copy Permalink