diff --git a/.github/workflows/ses-juntekim.yml b/.github/workflows/ses-juntekim.yml index 6f1be30..5318295 100644 --- a/.github/workflows/ses-juntekim.yml +++ b/.github/workflows/ses-juntekim.yml @@ -2,22 +2,16 @@ name: SES - juntekim.com [Simple Email Service] on: pull_request: - - push: - branches: - - main paths: - "aws_environment/ses-juntekim/**" - workflow_dispatch: - env: TF_VERSION: "1.6.6" WORKING_DIR: "aws_environment/ses-juntekim" jobs: - terraform: - name: Terraform SES + terraform-plan: + name: Terraform Plan - SES runs-on: mealcraft-runners permissions: @@ -28,12 +22,6 @@ jobs: - name: Checkout repo uses: actions/checkout@v4 - - name: Install modern Node.js - run: | - curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - - sudo apt-get install -y nodejs - node --version - - name: Setup Terraform uses: hashicorp/setup-terraform@v3 with: @@ -43,14 +31,13 @@ jobs: run: | sudo apt-get update sudo apt-get install -y unzip curl - + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install - + aws --version - # Optional but recommended once - name: Verify AWS identity run: aws sts get-caller-identity @@ -62,72 +49,23 @@ jobs: working-directory: ${{ env.WORKING_DIR }} run: terraform validate - - name: Force unlock stale terraform state - working-directory: ${{ env.WORKING_DIR }} - run: | - # Try to force unlock any stale locks for this specific state file - # The lock ID is found in the error message, so we attempt unlock with common patterns - echo "Attempting to clear stale locks..." - - # Get all items from the locks table - ITEMS=$(aws dynamodb scan \ - --table-name "terraform-locks" \ - --region eu-west-2 \ - --output json) - - # Extract lock IDs where the Path matches our state file - LOCK_IDS=$(echo "$ITEMS" | jq -r '.Items[] | select(.Path.S == "juntekim-terraform-state/ses/terraform.tfstate") | .ID.S' 2>/dev/null || echo "") - - if [ ! -z "$LOCK_IDS" ]; then - while IFS= read -r LOCK_ID; do - if [ ! -z "$LOCK_ID" ]; then - echo "Removing lock: $LOCK_ID" - terraform force-unlock -force "$LOCK_ID" 2>&1 || true - fi - done <<< "$LOCK_IDS" - else - echo "No locks found for ses state file, proceeding..." - fi - continue-on-error: true - - name: Terraform Plan - if: github.event_name == 'pull_request' id: plan working-directory: ${{ env.WORKING_DIR }} - run: terraform plan -input=false + run: terraform plan -input=false -out=tfplan - - name: Wait for terraform-plan workflow - if: github.event_name == 'push' && github.ref == 'refs/heads/main' + - name: Comment Plan on PR uses: actions/github-script@v6 with: + github-token: ${{ secrets.GITHUB_TOKEN }} script: | - const maxAttempts = 120; // 10 minutes with 5 second intervals - let attempt = 0; - while (attempt < maxAttempts) { - const runs = await github.rest.actions.listWorkflowRuns({ - owner: context.repo.owner, - repo: context.repo.repo, - workflow_id: 'terraform-plan.yml', - }); + const fs = require('fs'); + const planOutput = `${{ steps.plan.outputs.stdout }}`; - const latestPlan = runs.data.workflow_runs[0]; - if (latestPlan && (latestPlan.status === 'completed')) { - if (latestPlan.conclusion === 'success') { - console.log('✅ terraform-plan workflow completed successfully'); - return; - } else { - throw new Error(`terraform-plan workflow failed with conclusion: ${latestPlan.conclusion}`); - } - } - attempt++; - if (attempt % 12 === 0) { - console.log(`Waiting for terraform-plan... (attempt ${attempt}/${maxAttempts})`); - } - await new Promise(resolve => setTimeout(resolve, 5000)); - } - throw new Error('Timeout waiting for terraform-plan workflow'); - - - name: Terraform Apply - if: github.ref == 'refs/heads/main' - working-directory: ${{ env.WORKING_DIR }} - run: terraform apply -auto-approve -input=false + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `## Terraform Plan - SES\n\n\`\`\`\n${planOutput}\n\`\`\`` + }); + continue-on-error: true diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml index 29aabac..2907b89 100644 --- a/.github/workflows/terraform-apply.yml +++ b/.github/workflows/terraform-apply.yml @@ -56,3 +56,51 @@ jobs: - name: Print TF_VAR_public_ip run: 'echo "📡 Public IP used by Terraform: $TF_VAR_public_ip"' + + terraform-ses: + if: github.repository != 'hashicorp-education/learn-terraform-github-actions' + name: "Terraform Apply - SES" + runs-on: mealcraft-runners + needs: terraform + permissions: + contents: read + + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.6.6" + + - name: Install AWS CLI v2 + run: | + sudo apt-get update + sudo apt-get install -y unzip curl + + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + sudo ./aws/install + + aws --version + + - name: Verify AWS identity + run: aws sts get-caller-identity + + - name: Terraform Init + working-directory: aws_environment/ses-juntekim + run: terraform init + + - name: Terraform Validate + working-directory: aws_environment/ses-juntekim + run: terraform validate + + - name: Terraform Plan + id: plan + working-directory: aws_environment/ses-juntekim + run: terraform plan -input=false + + - name: Terraform Apply + working-directory: aws_environment/ses-juntekim + run: terraform apply -auto-approve -input=false