Skip to content

Example: COAT tag validation action integration #42383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Lev Gorbunov (levgorbunov1) wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

Example: COAT tag validation action integration #42383

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
d2f14ff
add tag validaiton workflow
levgorbunov1 May 11, 2026
d434017
push test change to terraform
levgorbunov1 May 11, 2026
2cd5c67
set mock terraform variables
levgorbunov1 May 11, 2026
6e299df
set dummy aws creds for terraform plan
levgorbunov1 May 11, 2026
71da818
configure aws credentials
levgorbunov1 May 11, 2026
5275da4
use older aws configure creds step
levgorbunov1 May 11, 2026
0a0391a
bump aws configure creds version and hardcode aws region
levgorbunov1 May 11, 2026
c5eadce
update step name
levgorbunov1 May 11, 2026
4efbd90
add skeleton configure aws creds step
levgorbunov1 May 11, 2026
84633b6
remove uneeded perms
levgorbunov1 May 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
105 changes: 105 additions & 0 deletions .github/workflows/validate-tags.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
name: Validate Tags

on:
pull_request:
paths:
- 'namespaces/*/*/resources/*.tf'

permissions:
contents: read

jobs:
get-changed-files:
name: Get changed files
runs-on: ubuntu-latest
outputs:
skip_validate_tags: ${{ steps.changed-files.outputs.skip_validate_tags }}
namespaces: ${{ steps.changed-files.outputs.namespaces }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0

- name: Get changed files
id: changed-files
shell: bash
run: |
if [[ "${{ github.event_name }}" == "pull_request" ]]; then
git fetch origin "${{ github.base_ref }}"
CHANGED_FILES=$(git diff --name-only "origin/${{ github.base_ref }}...${{ github.sha }}")
else
CHANGED_FILES=""
fi

echo "Changed files:"
echo "$CHANGED_FILES"

TF_FILES=$(echo "$CHANGED_FILES" | grep -E '^namespaces/[^/]+/[^/]+/resources/[^/]+\.tf$' || true)

if [[ -z "$TF_FILES" ]]; then
echo "No matching Terraform files changed. Skipping tag validation."
echo "skip_validate_tags=true" >> "$GITHUB_OUTPUT"
echo 'namespaces=[]' >> "$GITHUB_OUTPUT"
exit 0
fi

AFFECTED_NAMESPACES=$(echo "$TF_FILES" \
| sed -E 's#^(namespaces/[^/]+/[^/]+/resources)/[^/]+\.tf$#\1#' \
| sort -u)

EXISTING_NAMESPACES=""
while IFS= read -r ns; do
if [[ -d "$ns" ]]; then
EXISTING_NAMESPACES="${EXISTING_NAMESPACES}${ns}"$'\n'
fi
done <<< "$AFFECTED_NAMESPACES"

EXISTING_NAMESPACES=$(echo "$EXISTING_NAMESPACES" | sed '/^$/d' | sort -u)

if [[ -z "$EXISTING_NAMESPACES" ]]; then
echo "No relevant namespaces changed. Skipping tag validation."
echo "skip_validate_tags=true" >> "$GITHUB_OUTPUT"
echo 'namespaces=[]' >> "$GITHUB_OUTPUT"
else
NAMESPACES_JSON=$(echo "$EXISTING_NAMESPACES" | jq -R . | jq -s -c .)

echo "Namespaces to validate:"
echo "$EXISTING_NAMESPACES"

echo "skip_validate_tags=false" >> "$GITHUB_OUTPUT"
echo "namespaces=$NAMESPACES_JSON" >> "$GITHUB_OUTPUT"
fi

validate-tags:
name: Tag Validation
needs: get-changed-files
if: ${{ needs.get-changed-files.outputs.skip_validate_tags != 'true' }}
runs-on: ubuntu-latest
strategy:
matrix:
path: ${{ fromJson(needs.get-changed-files.outputs.namespaces) }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
role-to-assume: "arn:aws:iam::111111111111:role/my-read-only-role"
role-session-name: "myrolesessionname"
aws-region: "eu-west-2"

- name: Set mock default terraform vars
run: |
echo "TF_VAR_vpc_name=XIHIUHIU-1" >> "$GITHUB_ENV"
echo "TF_VAR_eks_cluster_name=XIHIUHIU" >> "$GITHUB_ENV"
echo "TF_VAR_kubernetes_cluster="XIHIUHIU.eks.amazonaws.com"" >> "$GITHUB_ENV"

- name: Validate Tags
if: ${{ steps.changed-files.outputs.skip_tflint != 'true' }}
id: validate
uses: ministryofjustice/coat-tag-validator@37cca54b0e16536130d99bdf184cafd8bf2b71ae #v2.1.3
with:
terraform_directory: ${{ matrix.path }}
soft_fail: false
2 changes: 1 addition & 1 deletion ...es/live.cloud-platform.service.justice.gov.uk/github-community-dev/resources/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ variable "kubernetes_cluster" {
variable "application" {
description = "Name of the application you are deploying"
type = string
default = "github-community"
default = "github-community-dev"
}

variable "namespace" {
Expand Down
Loading