PROD Deployment - Configuration 1 #28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform CI/CD Pipeline | |
| on: | |
| push: | |
| branches: ["dev", "staging", "prod"] | |
| pull_request: | |
| branches: ["dev", "staging", "prod"] | |
| jobs: | |
| terraform: | |
| name: "Terraform CI/CD - ${{ github.ref_name }}" | |
| runs-on: ubuntu-latest | |
| env: | |
| TF_VAR_project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| TF_VAR_region: ${{ secrets.GCP_REGION }} | |
| GOOGLE_CLOUD_PROJECT: ${{ secrets.GCP_PROJECT_ID }} | |
| defaults: | |
| run: | |
| working-directory: . | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.8.0 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | |
| - name: Terraform Init (GCS Backend) | |
| run: terraform init -backend-config="envs/${{ github.ref_name }}/backend.config" -reconfigure | |
| - name: Terraform Validate | |
| run: terraform validate | |
| - name: Auto-format & Commit | |
| if: github.event_name == 'push' | |
| run: | | |
| terraform fmt -recursive | |
| git config user.name "github-actions" | |
| git config user.email "actions@github.com" | |
| git add . | |
| git diff --cached --quiet || git commit -m "ci: auto-format Terraform files" | |
| git push || echo "No changes to push" | |
| - name: Terraform Format Check | |
| run: terraform fmt -check -recursive | |
| - name: Select or Create Workspace | |
| run: terraform workspace select ${{ github.ref_name }} || terraform workspace new ${{ github.ref_name }} | |
| - name: Terraform Plan | |
| run: terraform plan -lock-timeout=60s -var-file="envs/${{ github.ref_name }}/terraform.tfvars" -out=tfplan.binary | |
| - name: Show Terraform Plan | |
| run: terraform show -no-color tfplan.binary | |
| - name: Terraform Apply (only on push) | |
| if: github.event_name == 'push' | |
| run: terraform apply -lock-timeout=60s -auto-approve tfplan.binary | |
| - name: Upload Terraform Plan | |
| if: github.event_name == 'pull_request' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: terraform-plan | |
| path: tfplan.binary |