diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/dependabot.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/deploy.yaml | 39 |
2 files changed, 43 insertions, 2 deletions
diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1d662ce..2f4695a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,3 +6,9 @@ updates: interval: "weekly" commit-message: prefix: "actions" + - package-ecosystem: "terraform" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "tofu" diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 34f4f26..0f3f1ed 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,4 +1,4 @@ -name: Deploy systems +name: Deploy infrastructure on: check_suite: @@ -6,7 +6,9 @@ on: workflow_dispatch: jobs: - deploy: + nixos: + name: Deploy NixOS systems + runs-on: ubuntu-latest concurrency: @@ -46,3 +48,36 @@ jobs: run: | nix develop --accept-flake-config \ --command just deploy-all + + opentofu: + name: Apply OpenTofu plan + needs: nixos + + runs-on: ubuntu-latest + + concurrency: + group: tofu + cancel-in-progress: true + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup local Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Setup OpenTofu + uses: opentofu/setup-opentofu@v1 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup OpenTofu cache + uses: terraform-cache/terraform-cache@v1 + + - name: Run plan + run: nix run .#plan + + - name: Apply + run: tofu apply |