Skip to content

upgrade@25637679823 #139

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
galargh merged 1 commit into from
May 10, 2026
Merged

upgrade@25637679823 #139

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/git-config-user/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ runs:
steps:
- if: github.event_name == 'workflow_dispatch'
run: |
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com>"
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git config --global user.name "${GITHUB_ACTOR}"
shell: bash
- if: github.event_name != 'workflow_dispatch'
Expand Down
32 changes: 21 additions & 11 deletions .github/workflows/apply.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ jobs:
pull-requests: read
name: Prepare
runs-on: ubuntu-latest
environment: read
outputs:
workspaces: ${{ steps.workspaces.outputs.this }}
sha: ${{ steps.sha.outputs.result }}
Expand All @@ -23,16 +24,16 @@ jobs:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Discover workspaces
id: workspaces
run: echo "this=$(ls github | jq --raw-input '[.[0:-4]]' | jq -sc add)" >> $GITHUB_OUTPUT
- name: Install pnpm
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6.0.6
with:
version: 10
- name: Use Node.js lts/*
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: lts/*
cache: ''
Expand All @@ -41,9 +42,9 @@ jobs:
- name: Find sha for plan
id: sha
env:
GITHUB_APP_ID: ${{ secrets.RW_GITHUB_APP_ID }}
GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', matrix.workspace)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
GITHUB_APP_PEM_FILE: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
GITHUB_APP_ID: ${{ secrets.RO_GITHUB_APP_ID }}
GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RO_GITHUB_APP_INSTALLATION_ID_{0}', matrix.workspace)] || secrets.RO_GITHUB_APP_INSTALLATION_ID }}
GITHUB_APP_PEM_FILE: ${{ secrets.RO_GITHUB_APP_PEM_FILE }}
run: node lib/actions/find-sha-for-plan.js
working-directory: scripts
apply:
Expand All @@ -58,6 +59,7 @@ jobs:
workspace: ${{ fromJson(needs.prepare.outputs.workspaces) }}
name: Apply
runs-on: ubuntu-latest
environment: write
env:
TF_IN_AUTOMATION: 1
TF_INPUT: 0
Expand All @@ -74,20 +76,28 @@ jobs:
working-directory: terraform
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
terraform_version: 1.12.0
terraform_wrapper: false
- name: Initialize terraform
run: terraform init
- name: Terraform Plan Download
- name: Download reviewed terraform plan
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SHA: ${{ needs.prepare.outputs.sha }}
run: gh run download -n "${TF_WORKSPACE}_${SHA}.tfplan" --repo "${GITHUB_REPOSITORY}"
- name: Terraform Apply
- name: Replan merged commit
run: |
terraform show -json > $TF_WORKSPACE.tfstate.json
terraform apply -lock-timeout=0s -no-color "${TF_WORKSPACE}.tfplan"
terraform plan -refresh=false -lock=false -out="${TF_WORKSPACE}.merged.tfplan" -no-color
- name: Compare reviewed and merged plans
run: |
terraform show -no-color "${TF_WORKSPACE}.tfplan" > "${TF_WORKSPACE}.reviewed.txt"
terraform show -no-color "${TF_WORKSPACE}.merged.tfplan" > "${TF_WORKSPACE}.merged.txt"
diff -u "${TF_WORKSPACE}.reviewed.txt" "${TF_WORKSPACE}.merged.txt"
- name: Terraform Apply
run: |
terraform apply -lock-timeout=0s -no-color "${TF_WORKSPACE}.merged.tfplan"
7 changes: 4 additions & 3 deletions .github/workflows/clean.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Discover workspaces
id: workspaces
env:
Expand All @@ -53,6 +53,7 @@ jobs:
workspace: ${{ fromJson(needs.prepare.outputs.workspaces) }}
name: Prepare
runs-on: ubuntu-latest
environment: write
env:
TF_IN_AUTOMATION: 1
TF_INPUT: 0
Expand All @@ -69,9 +70,9 @@ jobs:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Setup terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
terraform_version: 1.12.0
terraform_wrapper: false
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/cleanup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,20 +30,21 @@ jobs:
contents: write
name: Clean Up
runs-on: ubuntu-latest
environment: push # TODO: split into read part and push part
env:
GITHUB_APP_ID: ${{ secrets.RO_GITHUB_APP_ID }}
GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RO_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RO_GITHUB_APP_INSTALLATION_ID }}
GITHUB_APP_PEM_FILE: ${{ secrets.RO_GITHUB_APP_PEM_FILE }}
TF_WORKSPACE: ${{ github.repository_owner }}
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install pnpm
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6.0.6
with:
version: 10
- name: Use Node.js lts/*
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: lts/*
cache: ''
Expand Down
25 changes: 12 additions & 13 deletions .github/workflows/fix.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
skip-fix: ${{ steps.skip-fix.outputs.this }}
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- if: github.event_name == 'pull_request_target'
env:
NUMBER: ${{ github.event.pull_request.number }}
Expand Down Expand Up @@ -70,6 +70,7 @@ jobs:
workspace: ${{ fromJson(needs.prepare.outputs.workspaces || '[]') }}
name: Fix
runs-on: ubuntu-latest
environment: read
env:
TF_IN_AUTOMATION: 1
TF_INPUT: 0
Expand All @@ -82,7 +83,7 @@ jobs:
TF_VAR_write_delay_ms: 300
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- if: github.event_name == 'pull_request_target'
env:
NUMBER: ${{ github.event.pull_request.number }}
Expand All @@ -93,19 +94,19 @@ jobs:
git fetch origin "pull/${NUMBER}/head"
rm -rf github && git checkout "${SHA}" -- github
- name: Setup terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
terraform_version: 1.12.0
terraform_wrapper: false
- name: Initialize terraform
run: terraform init
working-directory: terraform
- name: Install pnpm
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6.0.6
with:
version: 10
- name: Use Node.js lts/*
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: lts/*
cache: ''
Expand All @@ -117,7 +118,7 @@ jobs:
run: node lib/actions/fix-yaml-config.js
working-directory: scripts
- name: Upload YAML config
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ${{ env.TF_WORKSPACE }}.yml
path: github/${{ env.TF_WORKSPACE }}.yml
Expand All @@ -126,7 +127,7 @@ jobs:
# NOTE(galargh, 2024-02-15): This will only work if GitHub as Code is used for a single organization
- name: Comment on pull request
if: github.event_name == 'pull_request_target' && steps.fix.outputs.comment
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
with:
header: fix
number: ${{ github.event.pull_request.number }}
Expand All @@ -138,9 +139,7 @@ jobs:
contents: read
name: Push
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.RO_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.RO_AWS_SECRET_ACCESS_KEY }}
environment: push
steps:
- name: Generate app token
id: token
Expand All @@ -151,18 +150,18 @@ jobs:
installation_retrieval_payload: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
private_key: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
ref: ${{ github.event.pull_request.head.sha || github.sha }}
token: ${{ steps.token.outputs.token }}
path: head
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
path: base
- name: Download YAML configs
uses: actions/download-artifact@v5
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: artifacts
- name: Copy YAML configs
Expand Down
7 changes: 4 additions & 3 deletions .github/workflows/labels.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,20 +28,21 @@ jobs:
contents: read
name: Sync
runs-on: ubuntu-latest
environment: write
env:
GITHUB_APP_ID: ${{ secrets.RW_GITHUB_APP_ID }}
GITHUB_APP_INSTALLATION_ID: ${{ secrets[format('RW_GITHUB_APP_INSTALLATION_ID_{0}', github.repository_owner)] || secrets.RW_GITHUB_APP_INSTALLATION_ID }}
GITHUB_APP_PEM_FILE: ${{ secrets.RW_GITHUB_APP_PEM_FILE }}
TF_WORKSPACE: ${{ github.repository_owner }}
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Install pnpm
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@91ab88e2619ed1f46221f0ba42d1492c02baf788 # v6.0.6
with:
version: 10
- name: Use Node.js lts/*
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: lts/*
cache: ''
Expand Down
31 changes: 17 additions & 14 deletions .github/workflows/plan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
workspaces: ${{ steps.workspaces.outputs.this }}
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- if: github.event_name == 'pull_request_target'
env:
NUMBER: ${{ github.event.pull_request.number }}
Expand Down Expand Up @@ -58,6 +58,7 @@ jobs:
workspace: ${{ fromJson(needs.prepare.outputs.workspaces || '[]') }}
name: Plan
runs-on: ubuntu-latest
environment: read
env:
TF_IN_AUTOMATION: 1
TF_INPUT: 0
Expand All @@ -70,7 +71,7 @@ jobs:
TF_VAR_write_delay_ms: 300
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- if: github.event_name == 'pull_request_target'
env:
NUMBER: ${{ github.event.pull_request.number }}
Expand All @@ -80,7 +81,7 @@ jobs:
git fetch origin "pull/${NUMBER}/head"
rm -rf github && git checkout "${SHA}" -- github
- name: Setup terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
terraform_version: 1.12.0
terraform_wrapper: false
Expand All @@ -93,7 +94,7 @@ jobs:
terraform plan -refresh=false -lock=false -out="${TF_WORKSPACE}.tfplan" -no-color
working-directory: terraform
- name: Upload terraform plan
uses: actions/upload-artifact@v4
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: ${{ env.TF_WORKSPACE }}_${{ github.event.pull_request.head.sha || github.sha }}.tfplan
path: terraform/${{ env.TF_WORKSPACE }}.tfplan
Expand All @@ -107,12 +108,13 @@ jobs:
pull-requests: write
name: Comment
runs-on: ubuntu-latest
environment: read
env:
AWS_ACCESS_KEY_ID: ${{ secrets.RO_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.RO_AWS_SECRET_ACCESS_KEY }}
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- if: github.event_name == 'pull_request_target'
env:
NUMBER: ${{ github.event.pull_request.number }}
Expand All @@ -122,47 +124,48 @@ jobs:
git fetch origin "pull/${NUMBER}/head"
rm -rf github && git checkout "${SHA}" -- github
- name: Setup terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
with:
terraform_version: 1.12.0
terraform_wrapper: false
- name: Initialize terraform
run: terraform init
working-directory: terraform
- name: Download terraform plans
uses: actions/download-artifact@v5
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
path: terraform
- name: Show terraform plans
run: |
for plan in $(find . -type f -name '*.tfplan'); do
echo "<details><summary>$(basename "${plan}" '.tfplan')</summary>" >> TERRAFORM_PLANS.md
echo '' >> TERRAFORM_PLANS.md
echo '```' >> TERRAFORM_PLANS.md
echo "$(terraform show -no-color "${plan}" 2>&1)" >> TERRAFORM_PLANS.md
echo '```' >> TERRAFORM_PLANS.md
echo '~~~~terraform' >> TERRAFORM_PLANS.md
terraform show -no-color "${plan}" 2>&1 | sed 's/^~~~~/~~~~ /' >> TERRAFORM_PLANS.md
echo '~~~~' >> TERRAFORM_PLANS.md
echo '' >> TERRAFORM_PLANS.md
echo '</details>' >> TERRAFORM_PLANS.md
done
cat TERRAFORM_PLANS.md
working-directory: terraform
- name: Prepare comment
run: |
echo 'COMMENT<<EOF' >> $GITHUB_ENV
delimiter="$(uuidgen)"
echo "COMMENT<<${delimiter}" >> $GITHUB_ENV
if [[ $(wc -c TERRAFORM_PLANS.md | cut -d' ' -f1) -ge 65000 ]]; then
echo "Terraform plans are too long to post as a comment. Please inspect [Plan > Comment > Show terraform plans](${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}) instead." >> $GITHUB_ENV
else
cat TERRAFORM_PLANS.md >> $GITHUB_ENV
fi
echo 'EOF' >> $GITHUB_ENV
echo "${delimiter}" >> $GITHUB_ENV
working-directory: terraform
- name: Comment on pull request
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
uses: marocchino/sticky-pull-request-comment@0ea0beb66eb9baf113663a64ec522f60e49231c0 # v3.0.4
with:
header: plan
number: ${{ github.event.pull_request.number }}
message: |
Before merge, verify that all the following plans are correct. They will be applied as-is after the merge.
Before merge, verify that all the following plans are correct. After merge, Apply will regenerate the plans from the merged commit and continue only if they match.

#### Terraform plans
${{ env.COMMENT }}
Loading
Loading