Renovate Terraform #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Renovate Terraform | |
| on: status | |
| jobs: | |
| collect_details: | |
| name: Collect details | |
| runs-on: ubuntu-latest | |
| outputs: | |
| branch: ${{ steps.event.outputs.branch }} | |
| commit_author: ${{ steps.event.outputs.commit_author }} | |
| commit_sha: ${{ steps.event.outputs.commit_sha }} | |
| context: ${{ steps.event.outputs.context }} | |
| description: ${{ steps.event.outputs.description }} | |
| pr_author: ${{ steps.pr.outputs.pr_author }} | |
| pr_is_draft: ${{ steps.pr.outputs.pr_is_draft }} | |
| pr_mergeable: ${{ steps.pr.outputs.pr_mergeable }} | |
| pr_number: ${{ steps.pr.outputs.pr_number }} | |
| sender: ${{ steps.event.outputs.sender }} | |
| state: ${{ steps.event.outputs.state }} | |
| verified: ${{ steps.event.outputs.verified }} | |
| steps: | |
| - name: Obtain token | |
| id: token | |
| uses: tibdex/github-app-token@v1 | |
| with: | |
| app_id: ${{ secrets.RENOVATE_APP_ID }} | |
| private_key: ${{ secrets.RENOVATE_APP_PK }} | |
| - name: Event details | |
| id: event | |
| run: | | |
| echo "branch=${{ github.event.branches[0].name }}" >> $GITHUB_OUTPUT | |
| echo "commit_author=${{ github.event.commit.author.login }}" >> $GITHUB_OUTPUT | |
| echo "commit_sha=${{ github.event.sha }}" >> $GITHUB_OUTPUT | |
| echo "context=${{ github.event.context }}" >> $GITHUB_OUTPUT | |
| echo "description=${{ github.event.description }}" >> $GITHUB_OUTPUT | |
| echo "sender=${{ github.event.sender.login }}" >> $GITHUB_OUTPUT | |
| echo "state=${{ github.event.state }}" >> $GITHUB_OUTPUT | |
| echo "verified=${{ github.event.commit.commit.verification.verified }}" >> $GITHUB_OUTPUT | |
| - name: Pull request details | |
| if: >- | |
| startsWith(steps.event.outputs.branch, 'renovate/') && | |
| steps.event.outputs.commit_author == vars.RENOVATE_USERNAME && | |
| steps.event.outputs.context == 'Terraform Cloud/ghalactic/repos' && | |
| steps.event.outputs.description == 'Terraform plan has no changes' && | |
| steps.event.outputs.sender == 'terraform-cloud[bot]' && | |
| steps.event.outputs.state == 'success' && | |
| steps.event.outputs.verified == 'true' | |
| id: pr | |
| env: | |
| GITHUB_TOKEN: ${{ steps.token.outputs.token }} | |
| run: | | |
| PR=$( | |
| gh pr list \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --author '${{ vars.RENOVATE_USERNAME }}' \ | |
| --state OPEN \ | |
| --json author,isDraft,mergeable,number \ | |
| --search '${{ steps.event.outputs.commit_sha }}' | |
| ) | |
| echo "pr_author=$(echo $PR | jq -r '.[0].author.login')" >> $GITHUB_OUTPUT | |
| echo "pr_is_draft=$(echo $PR | jq -r '.[0].isDraft')" >> $GITHUB_OUTPUT | |
| echo "pr_mergeable=$(echo $PR | jq -r '.[0].mergeable')" >> $GITHUB_OUTPUT | |
| echo "pr_number=$(echo $PR | jq -r '.[0].number')" >> $GITHUB_OUTPUT | |
| analyze_details: | |
| name: Analyze details | |
| runs-on: ubuntu-latest | |
| needs: collect_details | |
| outputs: | |
| branch: ${{ steps.analyze_details.outputs.branch }} | |
| commit_author: ${{ steps.analyze_details.outputs.commit_author }} | |
| context: ${{ steps.analyze_details.outputs.context }} | |
| description: ${{ steps.analyze_details.outputs.description }} | |
| pr_author: ${{ steps.analyze_details.outputs.pr_author }} | |
| pr_is_draft: ${{ steps.analyze_details.outputs.pr_is_draft }} | |
| pr_mergeable: ${{ steps.analyze_details.outputs.pr_mergeable }} | |
| sender: ${{ steps.analyze_details.outputs.sender }} | |
| state: ${{ steps.analyze_details.outputs.state }} | |
| verified: ${{ steps.analyze_details.outputs.verified }} | |
| should_merge: ${{ steps.analyze_auto_merge.outputs.should_merge }} | |
| steps: | |
| - name: Analyze details | |
| id: analyze_details | |
| run: | | |
| echo "branch=${{ startsWith(needs.collect_details.outputs.branch, 'renovate/') }}" >> $GITHUB_OUTPUT | |
| echo "commit_author=${{ needs.collect_details.outputs.commit_author == vars.RENOVATE_USERNAME }}" >> $GITHUB_OUTPUT | |
| echo "context=${{ needs.collect_details.outputs.context == 'Terraform Cloud/ghalactic/repos' }}" >> $GITHUB_OUTPUT | |
| echo "description=${{ needs.collect_details.outputs.description == 'Terraform plan has no changes' }}" >> $GITHUB_OUTPUT | |
| echo "pr_author=${{ needs.collect_details.outputs.pr_author == vars.RENOVATE_USERNAME }}" >> $GITHUB_OUTPUT | |
| echo "pr_is_draft=${{ needs.collect_details.outputs.pr_is_draft == 'false' }}" >> $GITHUB_OUTPUT | |
| echo "pr_mergeable=${{ needs.collect_details.outputs.pr_mergeable == 'MERGEABLE' }}" >> $GITHUB_OUTPUT | |
| echo "sender=${{ needs.collect_details.outputs.sender == 'terraform-cloud[bot]' }}" >> $GITHUB_OUTPUT | |
| echo "state=${{ needs.collect_details.outputs.state == 'success' }}" >> $GITHUB_OUTPUT | |
| echo "verified=${{ needs.collect_details.outputs.verified == 'true' }}" >> $GITHUB_OUTPUT | |
| - name: Analyze auto-merge | |
| id: analyze_auto_merge | |
| run: | | |
| echo "should_merge=${{ | |
| steps.analyze_details.outputs.branch == 'true' && | |
| steps.analyze_details.outputs.commit_author == 'true' && | |
| steps.analyze_details.outputs.context == 'true' && | |
| steps.analyze_details.outputs.description == 'true' && | |
| steps.analyze_details.outputs.pr_author == 'true' && | |
| steps.analyze_details.outputs.pr_is_draft == 'true' && | |
| steps.analyze_details.outputs.pr_mergeable == 'true' && | |
| steps.analyze_details.outputs.sender == 'true' && | |
| steps.analyze_details.outputs.state == 'true' && | |
| steps.analyze_details.outputs.verified == 'true' | |
| }}" >> $GITHUB_OUTPUT | |
| output_analysis: | |
| name: Output analysis | |
| runs-on: ubuntu-latest | |
| needs: | |
| - collect_details | |
| - analyze_details | |
| steps: | |
| - name: Output details | |
| run: | | |
| DETAILS='${{ toJson(needs.collect_details.outputs) }}' | |
| DETAILS="${DETAILS//'%'/'%25'}" | |
| DETAILS="${DETAILS//$'\n'/'%0A'}" | |
| DETAILS="${DETAILS//$'\r'/'%0D'}" | |
| echo ::notice title=details::$DETAILS | |
| - name: Output analysis | |
| run: | | |
| ANALYSIS='${{ toJson(needs.analyze_details.outputs) }}' | |
| ANALYSIS="${ANALYSIS//'%'/'%25'}" | |
| ANALYSIS="${ANALYSIS//$'\n'/'%0A'}" | |
| ANALYSIS="${ANALYSIS//$'\r'/'%0D'}" | |
| echo ::notice title=analysis::$ANALYSIS | |
| automerge: | |
| name: Auto-merge | |
| runs-on: ubuntu-latest | |
| needs: | |
| - collect_details | |
| - analyze_details | |
| if: needs.analyze_details.outputs.should_merge == 'true' | |
| steps: | |
| - name: Obtain token | |
| id: token | |
| uses: tibdex/github-app-token@v1 | |
| with: | |
| app_id: ${{ secrets.RENOVATE_APP_ID }} | |
| private_key: ${{ secrets.RENOVATE_APP_PK }} | |
| - name: Merge | |
| env: | |
| GITHUB_TOKEN: ${{ steps.token.outputs.token }} | |
| run: | | |
| gh pr comment \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --body 'Looks like the Terraform plan has no changes, so this PR will be merged automatically.' \ | |
| '${{ needs.collect_details.outputs.pr_number }}' | |
| gh pr merge \ | |
| --repo "$GITHUB_REPOSITORY" \ | |
| --match-head-commit '${{ needs.collect_details.outputs.commit_sha }}' \ | |
| --merge \ | |
| --delete-branch \ | |
| '${{ needs.collect_details.outputs.pr_number }}' |