♻️ DEV-3458: Quickstart TLC (#794)

Author: cloudpossebot

examples/snippets/.github/workflows/atmos-components-updater.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch: {}
 
   schedule:
-    - cron: 0 8 * * *
+    - cron: "0 8 * * *"
 
 jobs:
   update:

examples/snippets/.github/workflows/atmos-pro-terraform-apply.yaml

@@ -0,0 +1,57 @@
+name: 👽 Atmos Terraform Apply Matrix (Reusable)
+run-name: 👽 Atmos Terraform Apply Matrix (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      stacks:
+        description: "Stacks"
+        required: true
+        type: string
+      sha:
+        description: "Commit SHA to apply. Default: github.sha"
+        type: string
+        required: false
+        default: "${{ github.event.pull_request.head.sha }}"
+      atmos-version:
+        description: The version of atmos to install
+        required: false
+        default: ">= 1.63.0"
+        type: string
+      atmos-config-path:
+        description: The path to the atmos.yaml file
+        required: true
+        type: string
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read  # This is required for actions/checkout
+
+jobs:
+  atmos-apply:
+    if: ${{ inputs.stacks != '{include:[]}' }}
+    name: ${{ matrix.stack_slug }}
+    runs-on:
+      - "runs-on=${{ github.run_id }}"
+      - "runner=terraform"
+      - "tag=${{ inputs.component }}-${{ inputs.stack }}"
+      - "private=false"
+    strategy:
+      max-parallel: 10
+      fail-fast: false # Don't fail fast to avoid locking TF State
+      matrix: ${{ fromJson(inputs.stacks) }}
+    ## Avoid running the same stack in parallel mode (from different workflows)
+    concurrency:
+      group: ${{ matrix.stack_slug }}
+      cancel-in-progress: false
+    steps:
+      - uses: unfor19/install-aws-cli-action@v1
+
+      - name: Apply Atmos Component
+        uses: cloudposse/github-action-atmos-terraform-apply@v2
+        with:
+          component: ${{ matrix.component }}
+          stack: ${{ matrix.stack }}
+          sha: ${{ inputs.sha }}
+          atmos-version: ${{ inputs.atmos-version }}
+          atmos-config-path: ${{ inputs.atmos-config-path }}

examples/snippets/.github/workflows/atmos-pro-terraform-plan.yaml

@@ -0,0 +1,104 @@
+name: 👽 Atmos Terraform Apply
+run-name: 👽 Atmos Terraform Apply
+
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  pr:
+    name: PR Context
+    runs-on:
+      - "self-hosted"
+      - "amd64"
+      - "common"
+    steps:
+      - uses: cloudposse-github-actions/get-pr@v2
+        id: pr
+
+    outputs:
+      base: ${{ fromJSON(steps.pr.outputs.json).base.sha }}
+      head: ${{ fromJSON(steps.pr.outputs.json).head.sha }}
+      auto-apply: ${{ contains( fromJSON(steps.pr.outputs.json).labels.*.name, 'auto-apply') }}
+      no-apply: ${{ contains( fromJSON(steps.pr.outputs.json).labels.*.name, 'no-apply') }}
+
+  atmos-affected:
+    name: Determine Affected Stacks
+    if: needs.pr.outputs.no-apply == 'false'
+    needs: ["pr"]
+    runs-on:
+      - "runs-on=${{ github.run_id }}"
+      - "runner=terraform"
+      - "tag=${{ inputs.component }}-${{ inputs.stack }}"
+      - "private=false"
+    steps:
+      - id: affected
+        uses: cloudposse/github-action-atmos-affected-stacks@v4
+        with:
+          base-ref: ${{ needs.pr.outputs.base }}
+          head-ref: ${{ needs.pr.outputs.head }}
+          atmos-version: ${{ vars.ATMOS_VERSION }}
+          atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+    outputs:
+      stacks: ${{ steps.affected.outputs.matrix }}
+      has-affected-stacks: ${{ steps.affected.outputs.has-affected-stacks }}
+
+  plan-atmos-components:
+    needs: ["atmos-affected", "pr"]
+    if: |
+      needs.atmos-affected.outputs.has-affected-stacks == 'true' && needs.pr.outputs.auto-apply != 'true'
+    name: Validate plan (${{ matrix.name }})
+    uses: ./.github/workflows/atmos-terraform-plan-matrix.yaml
+    strategy:
+      matrix: ${{ fromJson(needs.atmos-affected.outputs.stacks) }}
+      max-parallel: 1 # This is important to avoid ddos GHA API
+      fail-fast: false # Don't fail fast to avoid locking TF State
+    with:
+      stacks: ${{ matrix.items }}
+      drift-detection-mode-enabled: "true"
+      continue-on-error: 'true'
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+      sha: ${{ needs.pr.outputs.head }}
+    secrets: inherit
+
+  drift-detection:
+    needs: ["atmos-affected", "plan-atmos-components", "pr"]
+    if: |
+      always() && needs.atmos-affected.outputs.has-affected-stacks == 'true' && needs.pr.outputs.auto-apply != 'true'
+    name: Reconcile issues
+    runs-on:
+      - "self-hosted"
+      - "amd64"
+      - "common"
+    steps:
+      - name: Drift Detection
+        uses: cloudposse/github-action-atmos-terraform-drift-detection@v2
+        with:
+          max-opened-issues: '-1'
+          process-all: 'false'
+
+  auto-apply:
+    needs: ["atmos-affected", "pr"]
+    if: |
+      needs.atmos-affected.outputs.has-affected-stacks == 'true' && needs.pr.outputs.auto-apply == 'true'
+    name: Apply (${{ matrix.name }})
+    uses: ./.github/workflows/atmos-terraform-apply-matrix.yaml
+    strategy:
+      max-parallel: 1
+      fail-fast: false # Don't fail fast to avoid locking TF State
+      matrix: ${{ fromJson(needs.atmos-affected.outputs.stacks) }}
+    with:
+      stacks: ${{ matrix.items }}
+      sha: ${{ needs.pr.outputs.head }}
+      atmos-version: ${{ vars.ATMOS_VERSION }}
+      atmos-config-path: ${{ vars.ATMOS_CONFIG_PATH }}
+    secrets: inherit