feat(GHO-109): upgrade Vultr provider to v2.28.1, remove block storag… #524
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Feature branch tofu fmt check | |
| on: | |
| push: | |
| branches: | |
| - "feature/**" | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| # Detect which files changed to determine if we need to run checks | |
| changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| infra: ${{ steps.filter.outputs.infra }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check for infrastructure file changes | |
| uses: dorny/paths-filter@v4 | |
| id: filter | |
| with: | |
| # For new branches, compare against develop (the branch features are created from) | |
| base: develop | |
| filters: | | |
| infra: | |
| - 'opentofu/**/*.tofu' | |
| - 'opentofu/**/*.bu' | |
| - 'opentofu/**/*.tftpl' | |
| - 'opentofu/**/*.sh' | |
| - 'opentofu/**/*.tofutest.hcl' | |
| - '.github/workflows/pr-tofu-*.yml' | |
| tofu-checks: | |
| needs: changes | |
| if: needs.changes.outputs.infra == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # Required if the GHCR image is private | |
| - name: Log in to GHCR | |
| env: | |
| GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
| run: | | |
| docker login ghcr.io -u "noahwhite" --password-stdin <<< "$GHCR_TOKEN" | |
| - name: Pull OpenTofu tools image | |
| run: | | |
| docker pull ghcr.io/noahwhite/ghost-stack-shell:latest | |
| - name: Run tofu fmt check (recursive) | |
| run: | | |
| docker run --rm \ | |
| -v "${GITHUB_WORKSPACE}:/home/devops/app" \ | |
| -w /home/devops/app \ | |
| ghcr.io/noahwhite/ghost-stack-shell:latest \ | |
| tofu fmt -check -recursive | |
| - name: Fix workspace permissions for Docker container | |
| run: | | |
| chmod -R a+w "${GITHUB_WORKSPACE}/opentofu" | |
| - name: Run tofu init (download providers for test runner) | |
| run: | | |
| docker run --rm \ | |
| -v "${GITHUB_WORKSPACE}:/home/devops/app" \ | |
| -w /home/devops/app \ | |
| ghcr.io/noahwhite/ghost-stack-shell:latest \ | |
| bash -c "git config --global --add safe.directory /home/devops/app && tofu -chdir=opentofu/envs/dev init -backend=false" | |
| - name: Run tofu test | |
| run: | | |
| docker run --rm \ | |
| -v "${GITHUB_WORKSPACE}:/home/devops/app" \ | |
| -w /home/devops/app \ | |
| -e TAILSCALE_API_KEY=dummy-for-unit-tests \ | |
| ghcr.io/noahwhite/ghost-stack-shell:latest \ | |
| bash -c "git config --global --add safe.directory /home/devops/app && tofu -chdir=opentofu/envs/dev test" | |
| # Summary job that always runs to provide clear status | |
| status: | |
| needs: [changes, tofu-checks] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check status | |
| run: | | |
| if [[ "${{ needs.changes.outputs.infra }}" != "true" ]]; then | |
| echo "✅ Skipped: No infrastructure files changed" | |
| exit 0 | |
| fi | |
| if [[ "${{ needs.tofu-checks.result }}" == "success" ]]; then | |
| echo "✅ OpenTofu format check and tests passed" | |
| exit 0 | |
| fi | |
| echo "❌ OpenTofu format check or tests failed" | |
| exit 1 |