Sandbox (#13)

* Refactor image pipeline module names and update workflows * Refactor image pipeline module names and update workflows * adding a workspace for managing service accounts * Autoformatting TF Code * fixing module source * adding service-accounts for use with github actions * Refactor image pipeline module names and update workflows * chore: Update module name in sandbox.tf * chore: Update module source in sandbox.tf * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update sandbox.tf --------- Co-authored-by: Dave Arnold <dave@roknsound.com>
CSVD · Aug 20, 2024 · 064278d · 064278d
1 parent 00768a1
commit 064278d
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 3 deletions.
diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml
@@ -68,13 +68,20 @@ jobs:
 
       - name: Terraform Plan
         id: plan
-        run: terraform plan -no-color
+        if: github.event_name == 'pull_request'
+        run: terraform plan -out plans/${{ github.sha }}
+        continue-on-error: true
+
+      - name: Terraform Plan
+        id: show_plan
+        if: github.event_name == 'pull_request'
+        run: terraform show -no-color plans/${{ github.sha }}
         continue-on-error: true
 
       - uses: CSVD/gh-actions-github-script@v6
         if: github.event_name == 'pull_request'
         env:
-          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+          PLAN: "terraform\n${{ steps.show_plan.outputs.stdout }}"
         with:
           github-token: ${{ secrets.GH_TOKEN }}
           script: |

diff --git a/actions_secrets.tf b/actions_secrets.tf
@@ -0,0 +1,14 @@
+locals {
+  secrets = [
+    "AWS_SECRET_ACCESS_KEY",
+    "AWS_SESSION_TOKEN",
+    "AWS_ACCESS_KEY_ID",
+    "GITHUB_TOKEN"
+  ]
+}
+
+module "env_var" {
+  source   = "HappyPathway/var/env"
+  for_each = toset(local.secrets)
+  env_var  = each.value
+}
diff --git a/image-pipeline.tf b/image-pipeline.tf
@@ -132,7 +132,7 @@ module "terraform_aws_image_pipeline" {
       content = templatefile(
         "${path.module}/workflows/terraform-plan.yaml.tpl",
         {
-          repo_name = "aws-image-pipeline",
+          repo_name = "terraform-aws-image-pipeline",
           directory = "./examples"
           git_owner = {
             name  = "arnol377"

diff --git a/sandbox.tf b/sandbox.tf
@@ -0,0 +1,61 @@
+
+locals {
+  workspace_instances = [
+    "arnol377-sandbox"
+  ]
+}
+
+module "sandbox" {
+  source                  = "HappyPathway/repo/github"
+  for_each                = toset(local.workspace_instances)
+  github_repo_description = "Sandbox - ${each.value}"
+  repo_org                = "arnol377"
+  name                    = each.value
+  github_repo_topics = [
+    "terraform"
+  ]
+  force_name        = true
+  github_is_private = false
+  create_codeowners = false
+  enforce_prs       = false
+  collaborators     = {"arnol377": "admin"}
+  managed_extra_files = [
+    {
+      path = ".github/workflows/terraform-plan.yaml"
+      content = templatefile(
+        "${path.module}/workflows/terraform-plan.yaml.tpl",
+        {
+          repo_name = each.value,
+          directory = null
+          git_owner = {
+            name  = "arnol377"
+            email = "david.j.arnold.jr@census.gov"
+          }
+        }
+      )
+    },
+    {
+      path = ".github/workflows/terraform-apply.yaml"
+      content = templatefile(
+        "${path.module}/workflows/terraform-apply.yaml.tpl",
+        {
+          repo_name = each.value,
+          directory = null
+        }
+      )
+    }
+  ]
+  secrets = [
+    for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] :
+    {
+      name  = replace(secret, "GITHUB", "GH")
+      value = lookup(module.env_var, secret).value
+    }
+  ]
+  vars = [
+    {
+      name  = "AWS_ACCESS_KEY_ID"
+      value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value
+    }
+  ]
+}