search

hackforla / incubator

https://github.com/orgs/hackforla/projects/73/views/5
GNU General Public License v2.0
3 stars 14 forks source link

GitHub Action for Terraform Plan on PRs #30

Closed Tyson-miller closed 8 months ago

Tyson-miller commented 1 year ago

Adding a GitHub action to post plans on PRs where directories containing terraform have been modified

github-actions[bot] commented 10 months ago

Terraform plan in terraform-incubator/people-depot/dev

Plan: 9 to add, 0 to change, 9 to destroy, 1 to move. Changes to Outputs. ```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create - destroy Terraform will perform the following actions: # aws_appautoscaling_policy.ecs_autoscale_cpu will be destroyed # (because aws_appautoscaling_policy.ecs_autoscale_cpu is not in configuration) - resource "aws_appautoscaling_policy" "ecs_autoscale_cpu" { - alarm_arns = [ - "arn:aws:cloudwatch:us-west-2:035866691871:alarm:TargetTracking-service/incubator-prod/people-depot-backend-dev-AlarmHigh-400240ef-055f-4b10-b735-6542fd7c6dee", - "arn:aws:cloudwatch:us-west-2:035866691871:alarm:TargetTracking-service/incubator-prod/people-depot-backend-dev-AlarmLow-97101a5b-b9f1-4417-920e-555af308c2aa", ] -> null - arn = "arn:aws:autoscaling:us-west-2:035866691871:scalingPolicy:339820cc-9009-4453-86c5-3432afed2643:resource/ecs/service/incubator-prod/people-depot-backend-dev:policyName/ecs_autoscale_cpu" -> null - id = "ecs_autoscale_cpu" -> null - name = "ecs_autoscale_cpu" -> null - policy_type = "TargetTrackingScaling" -> null - resource_id = "service/incubator-prod/people-depot-backend-dev" -> null - scalable_dimension = "ecs:service:DesiredCount" -> null - service_namespace = "ecs" -> null - target_tracking_scaling_policy_configuration { - disable_scale_in = false -> null - scale_in_cooldown = 0 -> null - scale_out_cooldown = 0 -> null - target_value = 60 -> null - predefined_metric_specification { - predefined_metric_type = "ECSServiceAverageCPUUtilization" -> null } } } # aws_appautoscaling_policy.ecs_autoscale_memory will be destroyed # (because aws_appautoscaling_policy.ecs_autoscale_memory is not in configuration) - resource "aws_appautoscaling_policy" "ecs_autoscale_memory" { - alarm_arns = [ - "arn:aws:cloudwatch:us-west-2:035866691871:alarm:TargetTracking-service/incubator-prod/people-depot-backend-dev-AlarmHigh-00cd01aa-d7f0-4046-8746-ff302e13b8a5", - "arn:aws:cloudwatch:us-west-2:035866691871:alarm:TargetTracking-service/incubator-prod/people-depot-backend-dev-AlarmLow-fa1b4205-e7fb-4bfe-8d35-4f1cfff340c3", ] -> null - arn = "arn:aws:autoscaling:us-west-2:035866691871:scalingPolicy:339820cc-9009-4453-86c5-3432afed2643:resource/ecs/service/incubator-prod/people-depot-backend-dev:policyName/ecs_autoscale_memory" -> null - id = "ecs_autoscale_memory" -> null - name = "ecs_autoscale_memory" -> null - policy_type = "TargetTrackingScaling" -> null - resource_id = "service/incubator-prod/people-depot-backend-dev" -> null - scalable_dimension = "ecs:service:DesiredCount" -> null - service_namespace = "ecs" -> null - target_tracking_scaling_policy_configuration { - disable_scale_in = false -> null - scale_in_cooldown = 0 -> null - scale_out_cooldown = 0 -> null - target_value = 80 -> null - predefined_metric_specification { - predefined_metric_type = "ECSServiceAverageMemoryUtilization" -> null } } } # aws_appautoscaling_target.ecs_target will be destroyed # (because aws_appautoscaling_target.ecs_target is not in configuration) - resource "aws_appautoscaling_target" "ecs_target" { - arn = "arn:aws:application-autoscaling:us-west-2:035866691871:scalable-target/0ec5339820cc9009445386c53432afed2643" -> null - id = "service/incubator-prod/people-depot-backend-dev" -> null - max_capacity = 4 -> null - min_capacity = 1 -> null - resource_id = "service/incubator-prod/people-depot-backend-dev" -> null - role_arn = "arn:aws:iam::035866691871:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> null - scalable_dimension = "ecs:service:DesiredCount" -> null - service_namespace = "ecs" -> null - tags = {} -> null - tags_all = {} -> null } # aws_cloudwatch_log_group.cwlogs will be destroyed # (because aws_cloudwatch_log_group.cwlogs is not in configuration) - resource "aws_cloudwatch_log_group" "cwlogs" { - arn = "arn:aws:logs:us-west-2:035866691871:log-group:ecs/people-depot-backend-dev" -> null - id = "ecs/people-depot-backend-dev" -> null - log_group_class = "STANDARD" -> null - name = "ecs/people-depot-backend-dev" -> null - retention_in_days = 14 -> null - skip_destroy = false -> null - tags = {} -> null - tags_all = {} -> null } # aws_ecs_service.fargate[0] will be destroyed # (because aws_ecs_service.fargate is not in configuration) - resource "aws_ecs_service" "fargate" { - cluster = "arn:aws:ecs:us-west-2:035866691871:cluster/incubator-prod" -> null - deployment_maximum_percent = 200 -> null - deployment_minimum_healthy_percent = 100 -> null - desired_count = 1 -> null - enable_ecs_managed_tags = false -> null - enable_execute_command = true -> null - health_check_grace_period_seconds = 0 -> null - iam_role = "/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS" -> null - id = "arn:aws:ecs:us-west-2:035866691871:service/incubator-prod/people-depot-backend-dev" -> null - launch_type = "FARGATE" -> null - name = "people-depot-backend-dev" -> null - platform_version = "LATEST" -> null - propagate_tags = "NONE" -> null - scheduling_strategy = "REPLICA" -> null - tags = {} -> null - tags_all = {} -> null - task_definition = "arn:aws:ecs:us-west-2:035866691871:task-definition/people-depot-backend-dev:7" -> null - triggers = {} -> null - wait_for_steady_state = false -> null - deployment_circuit_breaker { - enable = false -> null - rollback = false -> null } - deployment_controller { - type = "ECS" -> null } - load_balancer { - container_name = "people-depot-backend-dev" -> null - container_port = 8000 -> null - target_group_arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:targetgroup/people-depot-backend-dev/6603e421d89b235f" -> null } - network_configuration { - assign_public_ip = true -> null - security_groups = [ - "sg-08832fecdee2cee14", ] -> null - subnets = [ - "subnet-03202f3bf9a24c1a5", - "subnet-08c26edd1afc2b9d7", ] -> null } } # aws_ecs_task_definition.task will be destroyed # (because aws_ecs_task_definition.task is not in configuration) - resource "aws_ecs_task_definition" "task" { - arn = "arn:aws:ecs:us-west-2:035866691871:task-definition/people-depot-backend-dev:7" -> null - arn_without_revision = "arn:aws:ecs:us-west-2:035866691871:task-definition/people-depot-backend-dev" -> null - container_definitions = jsonencode( [ - { - cpu = 256 - environment = [ - { - name = "COGNITO_AWS_REGION" - value = "us-west-2" }, - { - name = "COGNITO_USER_POOL" - value = "us-west-2_Fn4rkZpuB" }, - { - name = "DATABASE" - value = "postgres" }, - { - name = "DJANGO_ALLOWED_HOSTS" - value = "localhost 127.0.0.1 [::1]" }, - { - name = "SECRET_KEY" - value = "foo" }, - { - name = "SQL_DATABASE" - value = "people_depot_dev" }, - { - name = "SQL_ENGINE" - value = "django.db.backends.postgresql" }, - { - name = "SQL_HOST" - value = "incubator-prod-database.cewewwrvdqjn.us-west-2.rds.amazonaws.com" }, - { - name = "SQL_PASSWORD" - value = "people_depot" }, - { - name = "SQL_PORT" - value = "5432" }, - { - name = "SQL_USER" - value = "people_depot" }, ] - essential = true - image = "035866691871.dkr.ecr.us-west-2.amazonaws.com/people-depot-backend-dev:latest" - linuxParameters = { - initProcessEnabled = true } - logConfiguration = { - logDriver = "awslogs" - options = { - awslogs-group = "ecs/people-depot-backend-dev" - awslogs-region = "us-west-2" - awslogs-stream-prefix = "backend" } } - memoryReservation = 512 - mountPoints = [] - name = "people-depot-backend-dev" - portMappings = [ - { - containerPort = 8000 - hostPort = 8000 - protocol = "tcp" }, ] - readonlyRootFilesystem = false - volumesFrom = [] }, ] ) -> null - cpu = "256" -> null - execution_role_arn = "arn:aws:iam::035866691871:role/incubator-prod-ecs-task-role" -> null - family = "people-depot-backend-dev" -> null - id = "people-depot-backend-dev" -> null - memory = "512" -> null - network_mode = "awsvpc" -> null - requires_compatibilities = [ - "FARGATE", ] -> null - revision = 7 -> null - skip_destroy = false -> null - tags = {} -> null - tags_all = {} -> null - task_role_arn = "arn:aws:iam::035866691871:role/incubator-prod-ecs-task-role" -> null } # aws_lb_listener_rule.static will be destroyed # (because aws_lb_listener_rule.static is not in configuration) - resource "aws_lb_listener_rule" "static" { - arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:listener-rule/app/incubator-prod-lb/7451adf77133ef36/390a225766a4daf3/8f35bb4a2420e295" -> null - id = "arn:aws:elasticloadbalancing:us-west-2:035866691871:listener-rule/app/incubator-prod-lb/7451adf77133ef36/390a225766a4daf3/8f35bb4a2420e295" -> null - listener_arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:listener/app/incubator-prod-lb/7451adf77133ef36/390a225766a4daf3" -> null - priority = 15 -> null - tags = {} -> null - tags_all = {} -> null - action { - order = 1 -> null - target_group_arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:targetgroup/people-depot-backend-dev/6603e421d89b235f" -> null - type = "forward" -> null } - condition { - host_header { - values = [ - "people-depot-backend.com", ] -> null } } - condition { - path_pattern { - values = [ - "/*", ] -> null } } } # aws_lb_target_group.this will be destroyed # (because aws_lb_target_group.this is not in configuration) - resource "aws_lb_target_group" "this" { - arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:targetgroup/people-depot-backend-dev/6603e421d89b235f" -> null - arn_suffix = "targetgroup/people-depot-backend-dev/6603e421d89b235f" -> null - connection_termination = false -> null - deregistration_delay = "5" -> null - id = "arn:aws:elasticloadbalancing:us-west-2:035866691871:targetgroup/people-depot-backend-dev/6603e421d89b235f" -> null - ip_address_type = "ipv4" -> null - lambda_multi_value_headers_enabled = false -> null - load_balancing_algorithm_type = "round_robin" -> null - load_balancing_anomaly_mitigation = "off" -> null - load_balancing_cross_zone_enabled = "use_load_balancer_configuration" -> null - name = "people-depot-backend-dev" -> null - port = 80 -> null - protocol = "HTTP" -> null - protocol_version = "HTTP1" -> null - proxy_protocol_v2 = false -> null - slow_start = 0 -> null - tags = {} -> null - tags_all = {} -> null - target_type = "ip" -> null - vpc_id = "vpc-0bec93a4d80243845" -> null - health_check { - enabled = true -> null - healthy_threshold = 3 -> null - interval = 15 -> null - matcher = "200,302" -> null - path = "/" -> null - port = "traffic-port" -> null - protocol = "HTTP" -> null - timeout = 5 -> null - unhealthy_threshold = 2 -> null } - stickiness { - cookie_duration = 86400 -> null - enabled = true -> null - type = "lb_cookie" -> null } - target_failover {} - target_health_state {} } # aws_security_group.fargate will be destroyed # (because aws_security_group.fargate is not in configuration) - resource "aws_security_group" "fargate" { - arn = "arn:aws:ec2:us-west-2:035866691871:security-group/sg-08832fecdee2cee14" -> null - description = "Allow TLS inbound traffic" -> null - egress = [ - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "" - from_port = 0 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "-1" - security_groups = [] - self = false - to_port = 0 }, ] -> null - id = "sg-08832fecdee2cee14" -> null - ingress = [ - { - cidr_blocks = [ - "10.10.0.0/16", ] - description = "All Internal traffic" - from_port = 0 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65535 }, ] -> null - name = "ecs_fargate_people-depot-backend-dev" -> null - owner_id = "035866691871" -> null - revoke_rules_on_delete = false -> null - tags = { - "Name" = "ecs_container_instance_people-depot-backend-dev" } -> null - tags_all = { - "Name" = "ecs_container_instance_people-depot-backend-dev" } -> null - vpc_id = "vpc-0bec93a4d80243845" -> null } # module.dev.module.people_depot.aws_appautoscaling_policy.ecs_autoscale_cpu will be created + resource "aws_appautoscaling_policy" "ecs_autoscale_cpu" { + alarm_arns = (known after apply) + arn = (known after apply) + id = (known after apply) + name = "ecs_autoscale_cpu" + policy_type = "TargetTrackingScaling" + resource_id = "***********************************************" + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + target_tracking_scaling_policy_configuration { + disable_scale_in = false + target_value = 60 + predefined_metric_specification { + predefined_metric_type = "ECSServiceAverageCPUUtilization" } } } # module.dev.module.people_depot.aws_appautoscaling_policy.ecs_autoscale_memory will be created + resource "aws_appautoscaling_policy" "ecs_autoscale_memory" { + alarm_arns = (known after apply) + arn = (known after apply) + id = (known after apply) + name = "ecs_autoscale_memory" + policy_type = "TargetTrackingScaling" + resource_id = "***********************************************" + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + target_tracking_scaling_policy_configuration { + disable_scale_in = false + target_value = 80 + predefined_metric_specification { + predefined_metric_type = "ECSServiceAverageMemoryUtilization" } } } # module.dev.module.people_depot.aws_appautoscaling_target.ecs_target will be created + resource "aws_appautoscaling_target" "ecs_target" { + arn = (known after apply) + id = (known after apply) + max_capacity = 4 + min_capacity = 1 + resource_id = "***********************************************" + role_arn = (known after apply) + scalable_dimension = "ecs:service:DesiredCount" + service_namespace = "ecs" + tags_all = (known after apply) } # module.dev.module.people_depot.aws_cloudwatch_log_group.cwlogs will be created + resource "aws_cloudwatch_log_group" "cwlogs" { + arn = (known after apply) + id = (known after apply) + log_group_class = (known after apply) + name = "ecs/people-depot-backend-dev" + name_prefix = (known after apply) + retention_in_days = 14 + skip_destroy = false + tags_all = (known after apply) } # module.dev.module.people_depot.aws_ecs_service.fargate[0] will be created + resource "aws_ecs_service" "fargate" { + cluster = "arn:aws:ecs:us-west-2:035866691871:cluster/incubator-prod" + deployment_maximum_percent = 200 + deployment_minimum_healthy_percent = 100 + desired_count = 1 + enable_ecs_managed_tags = false + enable_execute_command = true + iam_role = (known after apply) + id = (known after apply) + launch_type = "FARGATE" + name = "people-depot-backend-dev" + platform_version = (known after apply) + scheduling_strategy = "REPLICA" + tags_all = (known after apply) + task_definition = (known after apply) + triggers = (known after apply) + wait_for_steady_state = false + load_balancer { + container_name = "people-depot-backend-dev" + container_port = 8000 + target_group_arn = (known after apply) } + network_configuration { + assign_public_ip = true + security_groups = (known after apply) + subnets = [ + "subnet-03202f3bf9a24c1a5", + "subnet-08c26edd1afc2b9d7", ] } } # module.dev.module.people_depot.aws_ecs_task_definition.task will be created + resource "aws_ecs_task_definition" "task" { + arn = (known after apply) + arn_without_revision = (known after apply) + container_definitions = jsonencode( [ + { + cpu = 256 + environment = [ + { + name = "COGNITO_AWS_REGION" + value = "us-west-2" }, + { + name = "COGNITO_USER_POOL" + value = "us-west-2_Fn4rkZpuB" }, + { + name = "DATABASE" + value = "postgres" }, + { + name = "DJANGO_ALLOWED_HOSTS" + value = "localhost 127.0.0.1 [::1]" }, + { + name = "SECRET_KEY" + value = "bar" }, + { + name = "SQL_DATABASE" + value = "people_depot_dev" }, + { + name = "SQL_ENGINE" + value = "django.db.backends.postgresql" }, + { + name = "SQL_HOST" + value = "incubator-prod-database.cewewwrvdqjn.us-west-2.rds.amazonaws.com" }, + { + name = "SQL_PASSWORD" + value = "password" }, + { + name = "SQL_PORT" + value = "5432" }, + { + name = "SQL_USER" + value = "people_depot" }, ] + essential = true + image = "035866691871.dkr.ecr.us-west-2.amazonaws.com/people-depot-backend-dev:new" + linuxParameters = { + initProcessEnabled = true } + logConfiguration = { + logDriver = "awslogs" + options = { + awslogs-group = "ecs/people-depot-backend-dev" + awslogs-region = "us-west-2" + awslogs-stream-prefix = "backend" } } + memoryReservation = 512 + mountPoints = [] + name = "people-depot-backend-dev" + portMappings = [ + { + containerPort = 8000 + hostPort = 8000 + protocol = "tcp" }, ] + readonlyRootFilesystem = false + volumesFrom = [] }, ] ) + cpu = "256" + execution_role_arn = "arn:aws:iam::035866691871:role/incubator-prod-ecs-task-role" + family = "people-depot-backend-dev" + id = (known after apply) + memory = "512" + network_mode = "awsvpc" + requires_compatibilities = [ + "FARGATE", ] + revision = (known after apply) + skip_destroy = false + tags_all = (known after apply) + task_role_arn = "arn:aws:iam::035866691871:role/incubator-prod-ecs-task-role" } # module.dev.module.people_depot.aws_lb_listener_rule.static will be created + resource "aws_lb_listener_rule" "static" { + arn = (known after apply) + id = (known after apply) + listener_arn = "arn:aws:elasticloadbalancing:us-west-2:035866691871:listener/app/incubator-prod-lb/7451adf77133ef36/390a225766a4daf3" + priority = (known after apply) + tags_all = (known after apply) + action { + order = (known after apply) + target_group_arn = (known after apply) + type = "forward" } + condition { + host_header { + values = [ + "people-depot-backend.com", ] } } + condition { + path_pattern { + values = [ + "/*", ] } } } # module.dev.module.people_depot.aws_lb_target_group.this will be created + resource "aws_lb_target_group" "this" { + arn = (known after apply) + arn_suffix = (known after apply) + connection_termination = (known after apply) + deregistration_delay = "5" + id = (known after apply) + ip_address_type = (known after apply) + lambda_multi_value_headers_enabled = false + load_balancing_algorithm_type = (known after apply) + load_balancing_anomaly_mitigation = (known after apply) + load_balancing_cross_zone_enabled = (known after apply) + name = "people-depot-backend-dev" + name_prefix = (known after apply) + port = 80 + preserve_client_ip = (known after apply) + protocol = "HTTP" + protocol_version = (known after apply) + proxy_protocol_v2 = false + slow_start = 0 + tags_all = (known after apply) + target_type = "ip" + vpc_id = "*********************" + health_check { + enabled = true + healthy_threshold = 3 + interval = 15 + matcher = "200,302" + path = "/" + port = "traffic-port" + protocol = "HTTP" + timeout = (known after apply) + unhealthy_threshold = 2 } + stickiness { + cookie_duration = 86400 + enabled = true + type = "lb_cookie" } + target_failover { + on_deregistration = (known after apply) + on_unhealthy = (known after apply) } + target_health_state { + enable_unhealthy_connection_termination = (known after apply) } } # module.dev.module.people_depot.aws_security_group.fargate will be created + resource "aws_security_group" "fargate" { + arn = (known after apply) + description = "Allow TLS inbound traffic" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "10.10.0.0/16", ] + description = "All Internal traffic" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65535 }, ] + name = "ecs_fargate_people-depot-backend-dev" + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Name" = "ecs_container_instance_people-depot-backend-dev" } + tags_all = { + "Name" = "ecs_container_instance_people-depot-backend-dev" } + vpc_id = "*********************" } # module.ecr.aws_ecr_repository.this has moved to module.dev.module.people_depot.module.ecr.aws_ecr_repository.this resource "aws_ecr_repository" "this" { id = "people-depot-backend-dev" name = "people-depot-backend-dev" tags = {} # (5 unchanged attributes hidden) # (2 unchanged blocks hidden) } Plan: 9 to add, 0 to change, 9 to destroy. Changes to Outputs: ```

:memo: Plan generated in PR Terraform Plan #19

Tyson-miller commented 10 months ago

The logic is as follows:

  1. Detect any changes within terraform-incubator/ and terraform-modules/ directories.
  2. Plan terraform directories accordingly based on what changed (ex: if terraform-incubator/people-depot/project/ changes then it will post plans for both terraform-incubator/people-depot/dev/ and terraform-incubator/people-depot/prod/)
  3. comment on the PR with the plan as github-actions user.

You can see an example in this PR from above although I removed the terraform changes so that plan is out of date now.

Future task would be do the same thing but apply on a merge to main.

ExperimentsInHonesty commented 8 months ago

@chelseybeck I am confused by your review above. Are you approving this PR or do you think it needs the change?