stackoom
  简体   繁体   中英

Manually trigger Github Actions workflow after another workflow successfully runs

 原文  2021-12-04 22:47:40       github/ continuous-integration/ terraform/ github-actions

Question

I'm trying to create CI that does the following:

  1. Run terraform plan -out=plan.out to generate a Terraform plan.
  2. After looking at the Terraform plan output in Github actions, I can manually run another job or workflow that calls terraform apply plan.out with the previously generated plan. I want to manually run this automation after the other automation has successfully run, dependent on the previous automation's success, using an artifact from the previous automation.

I've looked online for some examples of this but all the examples of this I can find just run terraform apply without actually allowing someone to verify the plan output.

Is this something that's possible to do in Github Actions?

2 answers

solution1
 0  2021-12-05 09:56:00

This can be done using protected environments' required reviewers: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#required-reviewers

What you would do is setup an environment eg production and add yourself as reviewer.

In your workflow, you would then add the environments like so:

jobs:
  plan:
    steps:
      - run: terraform plan
  apply:
    environment: production
    steps:
      - run: terraform apply

This means that as soon as the workflow reaches the job apply , it is going to stop and you'll need to manually click a button to approve.

solution2
 0 ACCPTED  2021-12-10 20:18:07

My solution ended up being the following:

When the PR is approved and merged, a Terraform plan is created and pushed to an S3 bucket with the commit hash in the path. Then when the apply workflow is triggered via workflow dispatch it looks for a plan for the commit hash of the code it's running and applies it.

Using pull requests as suggested wasn't the right solution for me because of the following:

  1. How do you know that the plan that was run for the pull request was run with the latest changes on the base branch? The plan could be invalid in this case. The way I solved this was by having the plan workflow run on push of a specific branch that corresponds to the environment being Terraformed. This way the plan is always generated for the state the Terraform says the specific environment should be in.

  2. How do you know that an apply is applying the exact plan that was generated for the pull request? All the examples I saw actually ended up re-running the plan in the apply workflow, which breaks the intended use of Terraform plans. The way I solved this was by having the apply workflow look for a specific commit hash in cloud storage.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Github actions - cancel/manually trigger workflow GitHub Actions triggering workflow form another workflow Invoke GitHub Actions workflow manually and pass parameters Share workflow artifacts between workflow runs / github actions using the API GitHub Actions on release created workflow trigger not working Description for a workflow in github actions Trigger a github workflow before running another workflow on : release [created] Workflow is not shown so I cannot run it manually (Github Actions) Github actions: How to cache dependencies between workflow runs of different branches? How to trigger a workflow job in repository B(downstream job) from workflow job of repository A in Github using github actions
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM