diff --git a/.github/workflows/reusable-terragrunt-deploy-aws.yml b/.github/workflows/reusable-terragrunt-deploy-aws.yml index da92972..a10886b 100644 --- a/.github/workflows/reusable-terragrunt-deploy-aws.yml +++ b/.github/workflows/reusable-terragrunt-deploy-aws.yml @@ -67,7 +67,11 @@ on: description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands." required: false type: string - default: "" + default: '' + outputs: + terraform_outputs: + description: 'JSON string containing all Terraform outputs from the deployment (base64 encoded)' + value: ${{ jobs.deploy.outputs.terraform_outputs }} permissions: id-token: write @@ -78,6 +82,8 @@ jobs: name: "Plan & Deploy ${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" runs-on: ubuntu-latest environment: ${{ inputs.gh_environment || inputs.environment }} + outputs: + terraform_outputs: ${{ steps.set-outputs.outputs.terraform_outputs }} steps: - name: Checkout uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 @@ -150,5 +156,21 @@ jobs: with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" - tg_command: "apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" + tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' + tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + + - name: Get Terraform Outputs + id: set-outputs + working-directory: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' + env: + AWS_REGION: ${{ inputs.region }} + run: | + echo "=== Getting Terraform outputs ===" + TF_OUTPUTS=$(terragrunt output -json 2>/dev/null || echo '{}') + echo "Raw outputs:" + echo "$TF_OUTPUTS" | jq '.' + + # Base64 encode for safe transfer + ENCODED_OUTPUTS=$(echo "$TF_OUTPUTS" | base64 -w 0) + echo "terraform_outputs=$ENCODED_OUTPUTS" >> "$GITHUB_OUTPUT" + echo "=== Outputs captured and encoded ===" diff --git a/.github/workflows/reusable-terragrunt-deploy-azure.yml b/.github/workflows/reusable-terragrunt-deploy-azure.yml index d5885bb..03f372f 100644 --- a/.github/workflows/reusable-terragrunt-deploy-azure.yml +++ b/.github/workflows/reusable-terragrunt-deploy-azure.yml @@ -63,7 +63,11 @@ on: description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands." required: false type: string - default: "" + default: '' + outputs: + terraform_outputs: + description: 'JSON string containing all Terraform outputs from the deployment (base64 encoded)' + value: ${{ jobs.deploy.outputs.terraform_outputs }} secrets: TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID: required: true @@ -80,6 +84,8 @@ jobs: deploy: name: "Plan & Deploy ${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" runs-on: ubuntu-latest + outputs: + terraform_outputs: ${{ steps.set-outputs.outputs.terraform_outputs }} steps: - name: Checkout uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 @@ -149,5 +155,24 @@ jobs: ARM_USE_OIDC: true TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} with: - tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" - tg_command: "apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" + tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' + tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + + - name: Get Terraform Outputs + id: set-outputs + working-directory: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' + env: + ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} + ARM_USE_OIDC: true + run: | + echo "=== Getting Terraform outputs ===" + TF_OUTPUTS=$(terragrunt output -json 2>/dev/null || echo '{}') + echo "Raw outputs:" + echo "$TF_OUTPUTS" | jq '.' + + # Base64 encode for safe transfer + ENCODED_OUTPUTS=$(echo "$TF_OUTPUTS" | base64 -w 0) + echo "terraform_outputs=$ENCODED_OUTPUTS" >> "$GITHUB_OUTPUT" + echo "=== Outputs captured and encoded ===" diff --git a/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml b/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml index 090a1fa..92f5f5e 100644 --- a/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml +++ b/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml @@ -37,7 +37,7 @@ on: description: "Commands to run prior to executing Terragrunt plan." required: false type: string - default: "" + default: '' before_deploy_commands: description: "Commands to run prior to executing Terragrunt apply." required: false @@ -63,6 +63,11 @@ on: required: false type: string default: "" + outputs: + terraform_outputs: + description: 'JSON string containing all Terraform outputs from the deployment (base64 encoded)' + value: ${{ jobs.deploy.outputs.terraform_outputs }} + permissions: id-token: write contents: read @@ -71,6 +76,8 @@ jobs: deploy: name: "Plan & Deploy ephemeral/${{ inputs.region }}/${{ inputs.env_id }}" runs-on: ubuntu-latest + outputs: + terraform_outputs: ${{ steps.set-outputs.outputs.terraform_outputs }} steps: - name: Checkout uses: actions/checkout@8edcb1bdb4e267140fa742c62e395cd74f332709 @@ -140,5 +147,21 @@ jobs: with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: "${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}" - tg_command: "apply ephemeral-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" + tg_dir: '${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}' + tg_command: 'apply ephemeral-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + + - name: Get Terraform Outputs + id: set-outputs + working-directory: '${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}' + env: + AWS_REGION: ${{ inputs.region }} + run: | + echo "=== Getting Terraform outputs ===" + TF_OUTPUTS=$(terragrunt output -json 2>/dev/null || echo '{}') + echo "Raw outputs:" + echo "$TF_OUTPUTS" | jq '.' + + # Base64 encode for safe transfer + ENCODED_OUTPUTS=$(echo "$TF_OUTPUTS" | base64 -w 0) + echo "terraform_outputs=$ENCODED_OUTPUTS" >> "$GITHUB_OUTPUT" + echo "=== Outputs captured and encoded ==="