From 30044655f6d4c54bdc5a33dbb0f02053f5b59970 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 26 Sep 2024 10:22:50 -0700 Subject: [PATCH 1/6] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 111 +++++++------------------- 1 file changed, 28 insertions(+), 83 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 13dcdbe..a46cc96 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -3,10 +3,11 @@ name: Terraform Plan # Controls when the workflow will run on: - pull_request: - # Allows you to run this workflow manually from the Actions tab + push: + branches: [ "main" ] + # Allows you to run this workflow manually from the Actions tab workflow_dispatch: - + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: # This workflow contains a single job called "build" @@ -14,103 +15,47 @@ jobs: # The type of runner that the job will run on runs-on: [ "229685449397" ] env: - AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" - AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_DEFAULT_REGION: "${{ vars.AWS_SESSION_TOKEN }}" GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}" + GITHUB_OWNER: CSVD + GITHUB_BASE_URL: https://github.e.it.census.gov + TF_WORKSPACE: ${{ vars.terraform_workspace }} - # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: CSVD/gh-actions-checkout@v3 - with: - github-server-url: https://github.e.it.census.gov - ref: ${{ github.head_ref }} - token: ${{ secrets.GH_TOKEN }} - + - uses: actions/checkout@v3 - uses: CSVD/gh-actions-setup-node@v3 with: node-version: 16 - - uses: CSVD/gh-actions-setup-terraform@v2 - with: - terraform_version: ${{ vars.terraform_version }} - - - name: Set output - id: vars - run: echo ::set-output name=short_ref::${GITHUB_REF#refs/*/} - - - name: Terraform Format - id: fmt - run: | - terraform fmt - if ! git diff-index --quiet HEAD; then - git config --global user.name '${{ vars.REPO_OWNER }}' - git config --global user.email '${{ vars.REPO_OWNER_EMAIL }}' - git commit -am "Autoformatting TF Code" - git push - echo "auto_format=true" >> $GITHUB_ENV - fi - - - name: Autoformat Halt - if: env.auto_format == 'true' - run: exit 0 + - name: blow up .terraform + run: rm -rf ${{ github.workspace }}/.terraform || echo "nope" + - name: Setup AWS Credentials + id: aws_credentials + run: | + curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json + aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json` + echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV + aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json` + echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV + aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` + echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV + - name: Terraform Init id: init - run: terraform init -upgrade + run: /opt/tfenv/bin/terraform init -upgrade - name: Terraform Validate id: validate - run: terraform validate -no-color + run: /opt/tfenv/bin/terraform validate - name: Terraform Plan id: plan - if: github.event_name == 'pull_request' - run: terraform plan -out plans/${{ github.sha }} - continue-on-error: true + run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars - - name: Terraform Plan - id: show_plan - if: github.event_name == 'pull_request' - run: terraform show -no-color plans/${{ github.sha }} - continue-on-error: true - - - uses: CSVD/gh-actions-github-script@v6 - if: github.event_name == 'pull_request' - env: - PLAN: "terraform\n${{ steps.show_plan.outputs.stdout }}" - with: - github-token: ${{ secrets.GH_TOKEN }} - script: | - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` - #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` -
Validation Output - - \`\`\`\n - ${{ steps.validate.outputs.stdout }} - \`\`\` - -
- - #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` - -
Show Plan - - \`\`\`\n - ${process.env.PLAN} - \`\`\` - -
- - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) +# - name: Terraform Apply +# id: plan +# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars +# continue-on-error: true From 77fd815d8046f120c9139f78c43d1bf143762616 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 26 Sep 2024 10:23:35 -0700 Subject: [PATCH 2/6] Update terraform_apply.yaml --- .github/workflows/terraform_apply.yaml | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml index e42431f..c3dbd18 100644 --- a/.github/workflows/terraform_apply.yaml +++ b/.github/workflows/terraform_apply.yaml @@ -51,12 +51,8 @@ jobs: id: validate run: /opt/tfenv/bin/terraform validate - - name: Terraform Plan + - name: Terraform Apply id: plan - run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars - -# - name: Terraform Apply -# id: plan -# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars -# continue-on-error: true + run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars + continue-on-error: true From 38f9873698e6dee05cb88c72e18329cc765e1c6e Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 26 Sep 2024 10:28:55 -0700 Subject: [PATCH 3/6] Update terraform_apply.yaml --- .github/workflows/terraform_apply.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml index c3dbd18..34eb0c6 100644 --- a/.github/workflows/terraform_apply.yaml +++ b/.github/workflows/terraform_apply.yaml @@ -19,6 +19,8 @@ jobs: GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov TF_WORKSPACE: ${{ vars.terraform_workspace }} + TF_CLI_ARGS_plan: -lock-timeout=30m + TF_CLI_ARGS_apply: -lock-timeout=30m # Steps represent a sequence of tasks that will be executed as part of the job steps: From 4843b5eee4cfd9cf3e44fa28dbbc47e4ee242c18 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 26 Sep 2024 10:29:22 -0700 Subject: [PATCH 4/6] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index a46cc96..da1bd11 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -19,6 +19,8 @@ jobs: GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov TF_WORKSPACE: ${{ vars.terraform_workspace }} + TF_CLI_ARGS_plan: -lock-timeout=30m + TF_CLI_ARGS_apply: -lock-timeout=30m # Steps represent a sequence of tasks that will be executed as part of the job steps: From 468ac4bc1ee90f4a7b3982cb39d756cc6c6100b5 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 26 Sep 2024 10:31:31 -0700 Subject: [PATCH 5/6] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index da1bd11..392bcea 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -3,8 +3,7 @@ name: Terraform Plan # Controls when the workflow will run on: - push: - branches: [ "main" ] + pull_request: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: From 375f5c2d325cbef0a714175c11e5d7bb912efb21 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 26 Sep 2024 10:32:53 -0700 Subject: [PATCH 6/6] Update terraform_apply.yaml --- .github/workflows/terraform_apply.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml index 34eb0c6..807b7df 100644 --- a/.github/workflows/terraform_apply.yaml +++ b/.github/workflows/terraform_apply.yaml @@ -54,7 +54,6 @@ jobs: run: /opt/tfenv/bin/terraform validate - name: Terraform Apply - id: plan + id: apply run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars - continue-on-error: true