Refactor Terraform workflow to use GitHub Actions setup and cache (#22)

* Refactor Terraform workflow to use GitHub Actions setup and cache This commit refactors the Terraform workflow to use the GitHub Actions setup and cache. It removes the unnecessary steps for checking out the repository and blowing up the .terraform directory. It also adds the setup for AWS and GitHub credentials. The Terraform init and plan steps are now using the CSVD/terraform-init and CSVD/terraform-plan actions, respectively, with specific versions and workspace configurations. * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml --------- Co-authored-by: David John Arnold Jr <david.j.arnold.jr@census.gov>
CSVD · Oct 9, 2024 · 0f44bd0 · 0f44bd0
1 parent 1050676
commit 0f44bd0
Showing 1 changed file with 42 additions and 35 deletions.
diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml
@@ -16,57 +16,64 @@ jobs:
     runs-on: [ "229685449397" ]
 
     env:
-#     GITHUB_APP_ID: ${{ vars.GH_APP_ID }}
       GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }}
       GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }}
-#     GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
       GITHUB_OWNER: CSVD
       GITHUB_BASE_URL: https://github.e.it.census.gov/
       TF_WORKSPACE: ${{ vars.terraform_workspace }}
       TF_CLI_ARGS_plan: -lock-timeout=30m
       TF_CLI_ARGS_apply: -lock-timeout=30m
+      NO_PROXY: ${{ vars.NO_PROXY }}
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
-
-      - uses: CSVD/gh-actions-setup-node@v3
+      - uses: CSVD/gh-actions-checkout@v4
+        id: checkout
         with:
-           node-version: 16
-
-      - name: blow up .terraform
-        run: rm -rf ${{ github.workspace }}/.terraform || echo "nope"
-
-      - name: Setup AWS Credentials
-        id: aws_credentials
-        run: |
-          curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json
-          aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json`
-          echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV
-          aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json`
-          echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV
-          aws configure set aws_session_token `jq -r '.Token' aws_credentials.json`
-          echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV
+          persist-credentials: false
 
+      - name: AWS Auth
+        id: aws_auth
+        uses: CSVD/aws-auth@main
+        with:
+          ecs: true
+
       - name: Setup GITHUB Credentials
         id: github_credentials
         run: |
           echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV
-
+          
       - name: Terraform Init
-        id: init
-        run: /opt/tfenv/bin/terraform init -upgrade
+        uses: CSVD/terraform-init@main
+        id: terraform_init
+        with:
+          commit_sha: ${{ steps.checkout.outputs.commit }}
+          terraform_version: "1.9.1"
+          workspace: ${{ vars.terraform_workspace }}
+          setup_terraform: true
+          terraform_init: true
+        env:
+          GITHUB_TOKEN: $GITHUB_TOKEN
+          AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }}
+          AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }}
+          AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }}
+
+#       - name: Terraform Plan
+#         uses: CSVD/terraform-plan@main
+#         with:
+#           terraform_version: "1.9.1"
+#           workspace: ${{ vars.terraform_workspace }}
+#           commit_sha: ${{ steps.terraform_init.outputs.commit_sha }}
+#           varfile: varfiles/${{ vars.terraform_workspace }}.tfvars
+#           download_cache: true
+#           setup_terraform: false
+#         env:
+#           AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }}
+#           AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }}
+#           AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }}
+#           GITHUB_TOKEN: $GITHUB_TOKEN
+#           HTTP_PROXY: http://proxy.tco.census.gov:3128
+#           HTTPS_PROXY: http://proxy.tco.census.gov:3128
+#           NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com"
 
-      - name: Terraform Validate
-        id: validate
-        run: /opt/tfenv/bin/terraform validate
 
-      - name: Terraform Plan
-        id: plan
-        run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
-
-#       - name: Terraform Apply
-#         id: plan
-#         run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
-#         continue-on-error: true