Skip to content

fix: work around legacy checks not having write on statuses #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chris11-taylor-nttd merged 1 commit into from
May 7, 2026
Merged

fix: work around legacy checks not having write on statuses #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion .github/workflows/reusable-terraform-check-aws.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,30 @@ on:
default: "us-east-2"
required: true
type: string
status_check_app_id:
description: "GitHub App ID used to generate a token for writing commit statuses."
required: false
type: string
default: ${{ vars.LAUNCH_STATUS_CHECK_APP_ID }}
secrets:
LAUNCH_STATUS_CHECK_KEY:
required: true

permissions:
id-token: write
contents: read
statuses: write

jobs:
check:
name: "Check AWS Terraform Code"
runs-on: ubuntu-latest
steps:
- id: get-app-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3
with:
app-id: ${{ inputs.status_check_app_id }}
private-key: ${{ secrets.LAUNCH_STATUS_CHECK_KEY }}

- name: Checkout
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493

Expand Down Expand Up @@ -71,6 +84,7 @@ jobs:
check_name: "Terraform Lint"
status: "pending"
description: "Terraform lint check is running..."
github_token: ${{ steps.get-app-token.outputs.token }}

- id: lint
name: "make lint"
Expand All @@ -85,6 +99,7 @@ jobs:
status: ${{ steps.lint.outcome == 'success' && 'success' || steps.lint.outcome
== 'failure' && 'failure' || 'error' }}
description: "Terraform lint ${{ steps.lint.outcome }}"
github_token: ${{ steps.get-app-token.outputs.token }}

- id: aws-login
name: Configure AWS credentials
Expand Down Expand Up @@ -114,6 +129,7 @@ jobs:
check_name: "Terraform Tests"
status: "pending"
description: "Terraform tests are running..."
github_token: ${{ steps.get-app-token.outputs.token }}

- id: test
name: "make test"
Expand All @@ -128,3 +144,4 @@ jobs:
status: ${{ steps.test.outcome == 'success' && 'success' || steps.test.outcome
== 'failure' && 'failure' || 'error' }}
description: "Terraform tests ${{ steps.test.outcome }}"
github_token: ${{ steps.get-app-token.outputs.token }}
19 changes: 18 additions & 1 deletion .github/workflows/reusable-terraform-check-azure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,24 +2,37 @@ name: Check Azure Terraform Code

on:
workflow_call:
inputs:
status_check_app_id:
description: "GitHub App ID used to generate a token for writing commit statuses."
required: false
type: string
default: ${{ vars.LAUNCH_STATUS_CHECK_APP_ID }}
secrets:
TERRAFORM_CHECK_AZURE_CLIENT_ID:
required: true
TERRAFORM_CHECK_AZURE_TENANT_ID:
required: true
TERRAFORM_CHECK_AZURE_SUBSCRIPTION_ID:
required: true
LAUNCH_STATUS_CHECK_KEY:
required: true

permissions:
id-token: write
contents: read
statuses: write

jobs:
check:
name: "Check Azure Terraform Code"
runs-on: ubuntu-latest
steps:
- id: get-app-token
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3
with:
app-id: ${{ inputs.status_check_app_id }}
private-key: ${{ secrets.LAUNCH_STATUS_CHECK_KEY }}

- name: Checkout
uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493

Expand Down Expand Up @@ -67,6 +80,7 @@ jobs:
check_name: "Terraform Lint"
status: "pending"
description: "Terraform lint check is running..."
github_token: ${{ steps.get-app-token.outputs.token }}

- id: lint
name: "make lint"
Expand All @@ -81,6 +95,7 @@ jobs:
status: ${{ steps.lint.outcome == 'success' && 'success' || steps.lint.outcome
== 'failure' && 'failure' || 'error' }}
description: "Terraform lint ${{ steps.lint.outcome }}"
github_token: ${{ steps.get-app-token.outputs.token }}

- name: Azure login
uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5
Expand All @@ -95,6 +110,7 @@ jobs:
check_name: "Terraform Tests"
status: "pending"
description: "Terraform tests are running..."
github_token: ${{ steps.get-app-token.outputs.token }}

- id: test
name: "make test"
Expand All @@ -109,3 +125,4 @@ jobs:
status: ${{ steps.test.outcome == 'success' && 'success' || steps.test.outcome
== 'failure' && 'failure' || 'error' }}
description: "Terraform tests ${{ steps.test.outcome }}"
github_token: ${{ steps.get-app-token.outputs.token }}
Loading