Skip to content

PLT-212 New workflows for tofu fmt, plan, and apply #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 49 commits into
base: main
Choose a base branch
from
Open

PLT-212 New workflows for tofu fmt, plan, and apply #320

wants to merge 49 commits into from
+293 −1,448

Conversation

@christopher-maboh
Copy link
Contributor

@christopher-maboh christopher-maboh commented Sep 30, 2025
edited by gsf
Loading

🎫 Ticket

https://jira.cms.gov/browse/PLT-212

🛠 Changes

CDAP tf workflows have been replaced by tofu fmt, tofu plan, and tofu apply workflows.

ℹ️ Context

This change errs on the side of running tofu apply more often since we should be running it daily to keep infra drift in check anyway. By doing so, we can run a job per application and environment, planning and applying tf for all services within each environment whenever there is a change to our terraform services.

🧪 Validation

See checks.

@christopher-maboh christopher-maboh requested a review from a team as a code owner September 30, 2025 16:28
gsf
gsf requested changes Oct 1, 2025
View reviewed changes
.github/workflows/tf-admin-aco-deny.yml Outdated
workflows: ["tofu-format-and-validate"]
types:
- completed

Copy link
Member

@gsf gsf Oct 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an interesting idea but I think it would end up triggering this workflow on every push that changes anything in the terraform directory. These workflows can instead run independently.

@juliareynolds-nava juliareynolds-nava requested a review from a team October 2, 2025 15:55
@gsf gsf changed the title PLT-212: CDAP workflow for tofu format and lint PLT-212 CDAP workflow for tofu format and lint Oct 3, 2025
juliareynolds-nava
juliareynolds-nava reviewed Oct 17, 2025
View reviewed changes
.github/workflows/tofu-checks.yml Outdated
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
Copy link
Contributor

@juliareynolds-nava juliareynolds-nava Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why fetch-depth: 0 instead of 1? Does zero fetch everything?

Copy link
Member

@gsf gsf Nov 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've dropped the need for commit comparison in this file but see python-checks for a place where I leverage tj-actions/changed-files to run tests on changed directories only.

gsf
gsf previously approved these changes Nov 20, 2025
View reviewed changes
@gsf gsf changed the title PLT-212 CDAP workflow for tofu format and lint PLT-212 New workflows for tofu fmt, plan, and apply Nov 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gsf gsf gsf approved these changes

@juliareynolds-nava juliareynolds-nava juliareynolds-nava approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@christopher-maboh @gsf @juliareynolds-nava