I'm using GitHub Environment to deploy into my testing account before merging to my master.I have specified the environment keyword in my workflow as "testing". My workflow will be triggered on a push to test branch which will then run plan and apply to testing account. I would like to have a manual approval after plan runs so I can see the output before approving to deploy into testing account. Please how can I configure manual approval so that after plan runs i can check the plan output before approving to deploy into my test account.
name: Testing Environment
on:
push:
branches:
- test
jobs:
plan&apply:
name: "Run Terragrunt Init,Plan and Apply"
runs-on: ubuntu-20.04
environment: testing
defaults:
run:
working-directory: ${{ env.TERRAFORM_WORKING_DIR }}
steps:
- name: 'Checkout'
uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: true
- name: Setup Terragrunt
uses: autero1/[email protected]
with:
terragrunt_version: ${{ env.TERRAGRUNT_VERSION }}
- name: configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-region: us-east-1
role-to-assume: ${{ env.ORCHESTRATION_ROLE_ARN }}
- name: Terragrunt Init
id: init
run: terragrunt run-all init -no-color --terragrunt-non-interactive
- name: Terragrunt Plan
id: plan
run: |
terragrunt run-all plan -no-color --terragrunt-non-interactive >/dev/null -out=tfplan
- name: terragrunt Apply
id: apply
run : terragrunt run-all apply -no-color --terragrunt-non-interactive
continue-on-error:true
CodePudding user response:
There are two ways to do this.
Approach 1:
In your GH actions environment settings, add reviewers. Create two jobs - Plan and Apply. Then, add "needs" in apply job. This approach also requires to upload plan output as an artifact as plan and apply are two separate jobs.
name: Testing Environment
on:
push:
branches:
- test
jobs:
plan:
name: "Run Terragrunt Plan"
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ env.TERRAFORM_WORKING_DIR }}
steps:
- name: 'Checkout'
uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: true
- name: Setup Terragrunt
uses: autero1/[email protected]
with:
terragrunt_version: ${{ env.TERRAGRUNT_VERSION }}
- name: configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-region: us-east-1
role-to-assume: ${{ env.ORCHESTRATION_ROLE_ARN }}
- name: Terragrunt Init
id: init
run: terragrunt run-all init -no-color --terragrunt-non-interactive
- name: Create Artifact Folder
shell: bash
run: |
sudo mkdir -p -m777 ${{ github.workspace }}/tfplanoutput
- name: Terragrunt Plan
id: plan
run: |
terragrunt run-all plan -no-color --terragrunt-non-interactive >/dev/null -out=${{ github.workspace }}/tfplanoutput/tf.plan
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: artifact
path: ${{ github.workspace }}/tfplanoutput/
if-no-files-found: error
apply:
name: "Run Terragrunt Apply"
needs: plan
runs-on: ubuntu-20.04
environment: testing
- name: 'Checkout'
uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: true
- name: Setup Terragrunt
uses: autero1/[email protected]
with:
terragrunt_version: ${{ env.TERRAGRUNT_VERSION }}
- name: configure AWS credentials
uses: aws-actions/[email protected]
with:
aws-region: us-east-1
role-to-assume: ${{ env.ORCHESTRATION_ROLE_ARN }}
- name: Terragrunt Init
id: init
run: terragrunt run-all init -no-color --terragrunt-non-interactive
- name: Download Build Artifact
uses: actions/download-artifact@v3
with:
name: artifact
path: ${{ github.workspace }}/tfplanoutput
- name: terragrunt Apply
run : terragrunt run-all apply tf.plan -no-color --terragrunt-non-interactive
continue-on-error:true
Approach 2: You can create composite actions - plan and apply same as above.
Hope this helps!!!