diff --git a/.gitea/CODEOWNERS b/.gitea/CODEOWNERS new file mode 100644 index 0000000..e286c1e --- /dev/null +++ b/.gitea/CODEOWNERS @@ -0,0 +1 @@ +* @luke diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..c987aee --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,58 @@ +name: CI +on: + pull_request: + types: + - opened + - edited + - synchronize + - reopened + +jobs: + ci: + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v4.2.2 + + - name: Setup OpenTofu + uses: opentofu/setup-opentofu@v1 + + - name: OpenTofu fmt + id: fmt + run: tofu fmt -check + continue-on-error: true + + - name: OpenTofu init + id: init + run: tofu init + + - name: OpenTofu validate + id: validate + run: tofu validate -no-color + + - name: OpenTofu refresh + id: validate + run: tofu refresh + continue-on-error: true + + - name: OpenTofu plan + id: plan + run: tofu plan -no-color + continue-on-error: true + + - name: Post comment to PR + if: gitea.event_name == 'pull_request' + env: + PLAN: "tofu\n${{ steps.plan.outputs.stdout }}" + run: | + export PR_NUMBER="${{ gitea.event.number }}" + sed -i "s+[FMT_OUTCOME]+${{ steps.fmt.outcome }}+g" pr_comment.md + sed -i "s+[INIT_OUTCOME]+${{ steps.init.outcome }}+g" pr_comment.md + sed -i "s+[VALIDATE_OUTCOME]+${{ steps.validate.outcome }}+g" pr_comment.md + sed -i "s+[VALIDATE_OUTPUT]+${{ steps.validate.outputs.stdout }}+g" pr_comment.md + sed -i "s+[PLAN_OUTCOME]+${{ steps.plan.outcome }}+g" pr_comment.md + curl -X POST \ + -H "Authorization: token ${{ secrets.ACTIONS_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"body\": \"$(cat pr_comment.md)\"}" \ + "https://${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/$PR_NUMBER/comments" diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..abd6b1f --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,37 @@ +name: Deploy +on: + push: + branches: + - main + paths: + - tf/** + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v4.2.2 + + - name: Setup OpenTofu + uses: opentofu/setup-opentofu@v1 + + - name: OpenTofu init + id: init + run: tofu init + + - name: OpenTofu validate + id: validate + run: tofu validate -no-color + + - name: OpenTofu refresh + id: validate + run: tofu refresh + + - name: OpenTofu plan + id: plan + run: tofu plan -no-color -out /tmp/plan.tfplan + + - name: OpenTofu apply + id: apply + run: tofu apply /tmp/plan.tfplan diff --git a/pr_comment.md b/pr_comment.md new file mode 100644 index 0000000..4392741 --- /dev/null +++ b/pr_comment.md @@ -0,0 +1,21 @@ +#### OpenTofu Format and Style 🖌 [FMT_OUTCOME] +#### OpenTofu Initialization ⚙️ [INIT_OUTCOME] +#### OpenTofu Validation 🤖 [VALIDATE_OUTCOME] + +
Validation Output + +\`\`\`\n +[VALIDATE_OUTPUT] +\`\`\` + +
+ +#### OpenTofu Plan 📖 [PLAN_OUTCOME] + +
Show Plan + +\`\`\`\n +[PLAN_OUTPUT] +\`\`\` + +
diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..6582185 --- /dev/null +++ b/renovate.json @@ -0,0 +1,20 @@ +{ + "assignAutomerge": false, + "assigneesFromCodeOwners": false, + "dependencyDashboardAutoclose": true, + "extends": ["config:recommended"], + "ignorePaths": ["**/.archive/**"], + "labels": ["type/dependencies"], + "platformCommit": "enabled", + "rebaseWhen": "behind-base-branch", + "rollbackPrs": true, + "vulnerabilityAlerts": { + "commitMessagePrefix": "[SECURITY] ", + "enabled": true, + "labels": ["security"], + "prCreation": "immediate" + }, + "lockFileMaintenance": { + "enabled": true + } +}