Code Update #1

Workflow file for this run

.github/workflows/terraform-multi.yaml at be3f583

	name: terraform-multi
Check failure on line 1 in .github/workflows/terraform-multi.yaml View workflow run for this annotation GitHub Actions / .github/workflows/terraform-multi.yaml Invalid workflow file `(Line: 140, Col: 5): 'steps' is already defined`

	on:
	workflow_call:
	inputs:
	environment:
	required: true
	type: string
	tfvars_file:
	required: true
	type: string
	rgname:
	required: true
	type: string
	saname:
	required: true
	type: string
	scname:
	required: true
	type: string
	key:
	required: true
	type: string
	runInit:
	type: boolean
	default: false
	runFmt:
	type: boolean
	default: false
	runValidate:
	type: boolean
	default: false
	runPlan:
	type: boolean
	default: false
	runApply:
	type: boolean
	default: false
	runDestroy:
	type: boolean
	default: false
	secrets:
	AZURE_CLIENT_ID:
	required: true
	AZURE_TENANT_ID:
	required: true
	AZURE_SUBSCRIPTION_ID:
	required: true

	permissions:
	id-token: write
	contents: read

	jobs:
	init:
	if: ${{ inputs.runInit }}
	# runs-on: self-hosted
	runs-on: ubuntu-latest
	# environment: ${{ inputs.environment }}
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Checkout
	uses: actions/checkout@v5.0.0

	- name: Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.6.6



	# - name: Azure Login
	# uses: Azure/login@v2.3.0
	# with:
	# client-id: ${{ secrets.AZURE_CLIENT_ID }}
	# tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	# subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Azure Login (OIDC)
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	# 👇 ADD THIS: Export OIDC vars so Terraform can use them
	- name: Export Azure OIDC Environment Variables
	run: \|
	echo "ARM_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV
	echo "ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV
	echo "ARM_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV
	echo "ARM_USE_OIDC=true" >> $GITHUB_ENV


	- name: Debug ARM OIDC Environment Variables
	run: \|
	echo "ARM_CLIENT_ID: $ARM_CLIENT_ID"
	echo "ARM_TENANT_ID: $ARM_TENANT_ID"
	echo "ARM_SUBSCRIPTION_ID: $ARM_SUBSCRIPTION_ID"
	echo "ARM_USE_OIDC: $ARM_USE_OIDC"




	# - name: Setup Terraform
	# uses: hashicorp/setup-terraform@v3
	# with:
	# terraform_version: 1.6.6

	- name: Terraform Init (remote backend)
	run: terraform init -input=false -backend-config="resource_group_name=${{ inputs.rgname }}" -backend-config="storage_account_name=${{ inputs.saname }}" -backend-config="container_name=${{ inputs.scname }}" -backend-config="key=${{ inputs.key }}"


	# - name: Upload providers dir
	# uses: actions/upload-artifact@v4
	# with:
	# name: tf-providers
	# path: infra/.terraform/*

	# - name: Upload lockfile
	# uses: actions/upload-artifact@v4
	# with:
	# name: tf-lockfile
	# path: infra/.terraform.lock.hcl

	fmt:
	needs: [init]
	if: ${{ always() && inputs.runFmt && needs.init.result == 'success' }}
	# runs-on: self-hosted
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Checkout
	uses: actions/checkout@v5.0.0 # 👈 ADD THIS

	steps:
	- name: Terraform fmt
	run: terraform fmt

	validate:
	needs: [fmt, init]
	if: ${{ always()
	&& inputs.runValidate
	&& (
	( inputs.runFmt && needs.fmt.result == 'success' ) \|\|
	( !inputs.runFmt && needs.init.result == 'success' )
	)
	}}
	# runs-on: self-hosted
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Terraform validate
	run: terraform validate

	plan:
	needs: [validate, fmt, init]
	if: ${{ always()
	&& inputs.runPlan
	&& (
	( inputs.runValidate && needs.validate.result == 'success' ) \|\|
	( !inputs.runValidate && inputs.runFmt && needs.fmt.result == 'success' ) \|\|
	( !inputs.runValidate && !inputs.runFmt && needs.init.result == 'success' )
	)
	}}
	# runs-on: self-hosted
	runs-on: ubuntu-latest
	# environment: ${{ inputs.environment }}
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Azure Login (OIDC)
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Terraform plan
	run: terraform plan -var-file="../${{ inputs.tfvars_file }}" -out="plan-${{ inputs.environment }}.tfplan"

	- name: Upload plan
	uses: actions/upload-artifact@v4
	with:
	name: tf-plan-${{ inputs.environment }}
	path: infra/plan-${{ inputs.environment }}.tfplan
	if-no-files-found: error


	apply:
	needs: [plan, validate, fmt, init]
	if: ${{ always()
	&& inputs.runApply
	&& (
	( inputs.runPlan && needs.plan.result == 'success' ) \|\|
	( !inputs.runPlan && inputs.runValidate && needs.validate.result == 'success' ) \|\|
	( !inputs.runPlan && !inputs.runValidate && inputs.runFmt && needs.fmt.result == 'success' ) \|\|
	( !inputs.runPlan && !inputs.runValidate && !inputs.runFmt && needs.init.result == 'success' )
	)
	}}
	# runs-on: self-hosted
	runs-on: ubuntu-latest
	environment: ${{ inputs.environment }}
	defaults:
	run:
	working-directory: infra
	steps:
	- name: Checkout
	uses: actions/checkout@v4


	- name: Azure Login (OIDC)
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}


	- name: Terraform Init (remote backend)
	run: terraform init -input=false -backend-config="resource_group_name=${{ inputs.rgname }}" -backend-config="storage_account_name=${{ inputs.saname }}" -backend-config="container_name=${{ inputs.scname }}" -backend-config="key=${{ inputs.key }}"


	- name: Download plan
	uses: actions/download-artifact@v4
	with:
	name: tf-plan-${{ inputs.environment }}
	path: infra


	- name: Terraform apply
	run: terraform apply -auto-approve "plan-${{ inputs.environment }}.tfplan"


	destroy:
	needs: [apply, plan, validate, fmt, init]
	if: ${{ always()
	&& inputs.runDestroy
	&& (
	( inputs.runApply && needs.apply.result == 'success' ) \|\|
	( !inputs.runApply && inputs.runPlan && needs.plan.result == 'success' ) \|\|
	( !inputs.runApply && !inputs.runPlan && inputs.runValidate && needs.validate.result == 'success' ) \|\|
	( !inputs.runApply && !inputs.runPlan && !inputs.runValidate && inputs.runFmt && needs.fmt.result == 'success' ) \|\|
	( !inputs.runApply && !inputs.runPlan && !inputs.runValidate && !inputs.runFmt && needs.init.result == 'success' )
	)
	}}
	# runs-on: self-hosted
	runs-on: ubuntu-latest
	environment: ${{ inputs.environment }}
	defaults:
	run:
	working-directory: infra
	steps:
	- uses: actions/checkout@v4

	- name: Azure Login (OIDC)
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Terraform Init (remote backend)
	run: terraform init -input=false -backend-config="resource_group_name=${{ inputs.rgname }}" -backend-config="storage_account_name=${{ inputs.saname }}" -backend-config="container_name=${{ inputs.scname }}" -backend-config="key=${{ inputs.key }}"



	- name: Terraform destroy
	run: terraform destroy -auto-approve -var-file="../${{ inputs.tfvars_file }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Code Update #1

Workflow file

Code Update #1

Uh oh!

Jobs

Run details

Workflow file for this run

GitHub Actions / .github/workflows/terraform-multi.yaml