Skip to content

Commit

Permalink
Merge branch 'main' of github.e.it.census.gov:CSVD/automation-repos
Browse files Browse the repository at this point in the history
  • Loading branch information
@arnol377
arnol377 committed Sep 26, 2024
2 parents 79a5c3f + 375f5c2 commit 04c0163
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 90 deletions.
13 changes: 5 additions & 8 deletions .github/workflows/terraform_apply.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ jobs:
GITHUB_OWNER: CSVD
GITHUB_BASE_URL: https://github.e.it.census.gov
TF_WORKSPACE: ${{ vars.terraform_workspace }}
TF_CLI_ARGS_plan: -lock-timeout=30m
TF_CLI_ARGS_apply: -lock-timeout=30m

# Steps represent a sequence of tasks that will be executed as part of the job
steps:
Expand Down Expand Up @@ -51,12 +53,7 @@ jobs:
id: validate
run: /opt/tfenv/bin/terraform validate

- name: Terraform Plan
id: plan
run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars

# - name: Terraform Apply
# id: plan
# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
# continue-on-error: true
- name: Terraform Apply
id: apply
run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars

110 changes: 28 additions & 82 deletions .github/workflows/terraform_plan.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,113 +4,59 @@ name: Terraform Plan
# Controls when the workflow will run
on:
pull_request:
# Allows you to run this workflow manually from the Actions tab
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
Plan:
# The type of runner that the job will run on
runs-on: [ "229685449397" ]
env:
AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}"
AWS_DEFAULT_REGION: "${{ vars.AWS_SESSION_TOKEN }}"
GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}"
GITHUB_OWNER: CSVD
GITHUB_BASE_URL: https://github.e.it.census.gov
TF_WORKSPACE: ${{ vars.terraform_workspace }}
TF_CLI_ARGS_plan: -lock-timeout=30m
TF_CLI_ARGS_apply: -lock-timeout=30m


# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: CSVD/gh-actions-checkout@v3
with:
github-server-url: https://github.e.it.census.gov
ref: ${{ github.head_ref }}
token: ${{ secrets.GH_TOKEN }}

- uses: actions/checkout@v3

- uses: CSVD/gh-actions-setup-node@v3
with:
node-version: 16

- uses: CSVD/gh-actions-setup-terraform@v2
with:
terraform_version: ${{ vars.terraform_version }}

- name: Set output
id: vars
run: echo ::set-output name=short_ref::${GITHUB_REF#refs/*/}

- name: Terraform Format
id: fmt
run: |
terraform fmt
if ! git diff-index --quiet HEAD; then
git config --global user.name '${{ vars.REPO_OWNER }}'
git config --global user.email '${{ vars.REPO_OWNER_EMAIL }}'
git commit -am "Autoformatting TF Code"
git push
echo "auto_format=true" >> $GITHUB_ENV
fi
- name: Autoformat Halt
if: env.auto_format == 'true'
run: exit 0
- name: blow up .terraform
run: rm -rf ${{ github.workspace }}/.terraform || echo "nope"

- name: Setup AWS Credentials
id: aws_credentials
run: |
curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json
aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json`
echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV
aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json`
echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV
aws configure set aws_session_token `jq -r '.Token' aws_credentials.json`
echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV
- name: Terraform Init
id: init
run: terraform init -upgrade
run: /opt/tfenv/bin/terraform init -upgrade

- name: Terraform Validate
id: validate
run: terraform validate -no-color
run: /opt/tfenv/bin/terraform validate

- name: Terraform Plan
id: plan
if: github.event_name == 'pull_request'
run: terraform plan -out plans/${{ github.sha }}
continue-on-error: true
run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars

- name: Terraform Plan
id: show_plan
if: github.event_name == 'pull_request'
run: terraform show -no-color plans/${{ github.sha }}
continue-on-error: true

- uses: CSVD/gh-actions-github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.show_plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GH_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Validation Output</summary>
\`\`\`\n
${{ steps.validate.outputs.stdout }}
\`\`\`
</details>
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
# - name: Terraform Apply
# id: plan
# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
# continue-on-error: true

0 comments on commit 04c0163

Please sign in to comment.