Renovate Terraform #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Renovate Terraform | |
on: status | |
jobs: | |
collect_details: | |
name: Collect details | |
runs-on: ubuntu-latest | |
outputs: | |
branch: ${{ steps.event.outputs.branch }} | |
commit_author: ${{ steps.event.outputs.commit_author }} | |
commit_sha: ${{ steps.event.outputs.commit_sha }} | |
context: ${{ steps.event.outputs.context }} | |
description: ${{ steps.event.outputs.description }} | |
pr_author: ${{ steps.pr.outputs.pr_author }} | |
pr_is_draft: ${{ steps.pr.outputs.pr_is_draft }} | |
pr_mergeable: ${{ steps.pr.outputs.pr_mergeable }} | |
pr_number: ${{ steps.pr.outputs.pr_number }} | |
sender: ${{ steps.event.outputs.sender }} | |
state: ${{ steps.event.outputs.state }} | |
verified: ${{ steps.event.outputs.verified }} | |
steps: | |
- name: Obtain token | |
id: token | |
uses: tibdex/github-app-token@v1 | |
with: | |
app_id: ${{ secrets.RENOVATE_APP_ID }} | |
private_key: ${{ secrets.RENOVATE_APP_PK }} | |
- name: Event details | |
id: event | |
run: | | |
echo "branch=${{ github.event.branches[0].name }}" >> $GITHUB_OUTPUT | |
echo "commit_author=${{ github.event.commit.author.login }}" >> $GITHUB_OUTPUT | |
echo "commit_sha=${{ github.event.sha }}" >> $GITHUB_OUTPUT | |
echo "context=${{ github.event.context }}" >> $GITHUB_OUTPUT | |
echo "description=${{ github.event.description }}" >> $GITHUB_OUTPUT | |
echo "sender=${{ github.event.sender.login }}" >> $GITHUB_OUTPUT | |
echo "state=${{ github.event.state }}" >> $GITHUB_OUTPUT | |
echo "verified=${{ github.event.commit.commit.verification.verified }}" >> $GITHUB_OUTPUT | |
- name: Pull request details | |
if: >- | |
startsWith(steps.event.outputs.branch, 'renovate/') && | |
steps.event.outputs.commit_author == vars.RENOVATE_USERNAME && | |
steps.event.outputs.context == 'Terraform Cloud/ghalactic/repos' && | |
steps.event.outputs.description == 'Terraform plan has no changes' && | |
steps.event.outputs.sender == 'terraform-cloud[bot]' && | |
steps.event.outputs.state == 'success' && | |
steps.event.outputs.verified == 'true' | |
id: pr | |
env: | |
GITHUB_TOKEN: ${{ steps.token.outputs.token }} | |
run: | | |
PR=$( | |
gh pr list \ | |
--repo "$GITHUB_REPOSITORY" \ | |
--author '${{ vars.RENOVATE_USERNAME }}' \ | |
--state OPEN \ | |
--json author,isDraft,mergeable,number \ | |
--search '${{ steps.event.outputs.commit_sha }}' | |
) | |
echo "pr_author=$(echo $PR | jq -r '.[0].author.login')" >> $GITHUB_OUTPUT | |
echo "pr_is_draft=$(echo $PR | jq -r '.[0].isDraft')" >> $GITHUB_OUTPUT | |
echo "pr_mergeable=$(echo $PR | jq -r '.[0].mergeable')" >> $GITHUB_OUTPUT | |
echo "pr_number=$(echo $PR | jq -r '.[0].number')" >> $GITHUB_OUTPUT | |
analyze_details: | |
name: Analyze details | |
runs-on: ubuntu-latest | |
needs: collect_details | |
outputs: | |
branch: ${{ steps.analyze_details.outputs.branch }} | |
commit_author: ${{ steps.analyze_details.outputs.commit_author }} | |
context: ${{ steps.analyze_details.outputs.context }} | |
description: ${{ steps.analyze_details.outputs.description }} | |
pr_author: ${{ steps.analyze_details.outputs.pr_author }} | |
pr_is_draft: ${{ steps.analyze_details.outputs.pr_is_draft }} | |
pr_mergeable: ${{ steps.analyze_details.outputs.pr_mergeable }} | |
sender: ${{ steps.analyze_details.outputs.sender }} | |
state: ${{ steps.analyze_details.outputs.state }} | |
verified: ${{ steps.analyze_details.outputs.verified }} | |
should_merge: ${{ steps.analyze_auto_merge.outputs.should_merge }} | |
steps: | |
- name: Analyze details | |
id: analyze_details | |
run: | | |
echo "branch=${{ startsWith(needs.collect_details.outputs.branch, 'renovate/') }}" >> $GITHUB_OUTPUT | |
echo "commit_author=${{ needs.collect_details.outputs.commit_author == vars.RENOVATE_USERNAME }}" >> $GITHUB_OUTPUT | |
echo "context=${{ needs.collect_details.outputs.context == 'Terraform Cloud/ghalactic/repos' }}" >> $GITHUB_OUTPUT | |
echo "description=${{ needs.collect_details.outputs.description == 'Terraform plan has no changes' }}" >> $GITHUB_OUTPUT | |
echo "pr_author=${{ needs.collect_details.outputs.pr_author == vars.RENOVATE_USERNAME }}" >> $GITHUB_OUTPUT | |
echo "pr_is_draft=${{ needs.collect_details.outputs.pr_is_draft == 'false' }}" >> $GITHUB_OUTPUT | |
echo "pr_mergeable=${{ needs.collect_details.outputs.pr_mergeable == 'MERGEABLE' }}" >> $GITHUB_OUTPUT | |
echo "sender=${{ needs.collect_details.outputs.sender == 'terraform-cloud[bot]' }}" >> $GITHUB_OUTPUT | |
echo "state=${{ needs.collect_details.outputs.state == 'success' }}" >> $GITHUB_OUTPUT | |
echo "verified=${{ needs.collect_details.outputs.verified == 'true' }}" >> $GITHUB_OUTPUT | |
- name: Analyze auto-merge | |
id: analyze_auto_merge | |
run: | | |
echo "should_merge=${{ | |
steps.analyze_details.outputs.branch == 'true' && | |
steps.analyze_details.outputs.commit_author == 'true' && | |
steps.analyze_details.outputs.context == 'true' && | |
steps.analyze_details.outputs.description == 'true' && | |
steps.analyze_details.outputs.pr_author == 'true' && | |
steps.analyze_details.outputs.pr_is_draft == 'true' && | |
steps.analyze_details.outputs.pr_mergeable == 'true' && | |
steps.analyze_details.outputs.sender == 'true' && | |
steps.analyze_details.outputs.state == 'true' && | |
steps.analyze_details.outputs.verified == 'true' | |
}}" >> $GITHUB_OUTPUT | |
output_analysis: | |
name: Output analysis | |
runs-on: ubuntu-latest | |
needs: | |
- collect_details | |
- analyze_details | |
steps: | |
- name: Output details | |
run: | | |
DETAILS='${{ toJson(needs.collect_details.outputs) }}' | |
DETAILS="${DETAILS//'%'/'%25'}" | |
DETAILS="${DETAILS//$'\n'/'%0A'}" | |
DETAILS="${DETAILS//$'\r'/'%0D'}" | |
echo ::notice title=details::$DETAILS | |
- name: Output analysis | |
run: | | |
ANALYSIS='${{ toJson(needs.analyze_details.outputs) }}' | |
ANALYSIS="${ANALYSIS//'%'/'%25'}" | |
ANALYSIS="${ANALYSIS//$'\n'/'%0A'}" | |
ANALYSIS="${ANALYSIS//$'\r'/'%0D'}" | |
echo ::notice title=analysis::$ANALYSIS | |
automerge: | |
name: Auto-merge | |
runs-on: ubuntu-latest | |
needs: | |
- collect_details | |
- analyze_details | |
if: needs.analyze_details.outputs.should_merge == 'true' | |
steps: | |
- name: Obtain token | |
id: token | |
uses: tibdex/github-app-token@v1 | |
with: | |
app_id: ${{ secrets.RENOVATE_APP_ID }} | |
private_key: ${{ secrets.RENOVATE_APP_PK }} | |
- name: Merge | |
env: | |
GITHUB_TOKEN: ${{ steps.token.outputs.token }} | |
run: | | |
gh pr comment \ | |
--repo "$GITHUB_REPOSITORY" \ | |
--body 'Looks like the Terraform plan has no changes, so this PR will be merged automatically.' \ | |
'${{ needs.collect_details.outputs.pr_number }}' | |
gh pr merge \ | |
--repo "$GITHUB_REPOSITORY" \ | |
--match-head-commit '${{ needs.collect_details.outputs.commit_sha }}' \ | |
--merge \ | |
--delete-branch \ | |
'${{ needs.collect_details.outputs.pr_number }}' |