diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index d57aa70..fb864b0 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -16,57 +16,64 @@ jobs: runs-on: [ "229685449397" ] env: -# GITHUB_APP_ID: ${{ vars.GH_APP_ID }} GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }} -# GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov/ TF_WORKSPACE: ${{ vars.terraform_workspace }} TF_CLI_ARGS_plan: -lock-timeout=30m TF_CLI_ARGS_apply: -lock-timeout=30m + NO_PROXY: ${{ vars.NO_PROXY }} # Steps represent a sequence of tasks that will be executed as part of the job steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 - - - uses: CSVD/gh-actions-setup-node@v3 + - uses: CSVD/gh-actions-checkout@v4 + id: checkout with: - node-version: 16 - - - name: blow up .terraform - run: rm -rf ${{ github.workspace }}/.terraform || echo "nope" - - - name: Setup AWS Credentials - id: aws_credentials - run: | - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json - aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json` - echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV - aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json` - echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV - aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` - echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV + persist-credentials: false + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + - name: Setup GITHUB Credentials id: github_credentials run: | echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - + - name: Terraform Init - id: init - run: /opt/tfenv/bin/terraform init -upgrade + uses: CSVD/terraform-init@main + id: terraform_init + with: + commit_sha: ${{ steps.checkout.outputs.commit }} + terraform_version: "1.9.1" + workspace: ${{ vars.terraform_workspace }} + setup_terraform: true + terraform_init: true + env: + GITHUB_TOKEN: $GITHUB_TOKEN + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + +# - name: Terraform Plan +# uses: CSVD/terraform-plan@main +# with: +# terraform_version: "1.9.1" +# workspace: ${{ vars.terraform_workspace }} +# commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} +# varfile: varfiles/${{ vars.terraform_workspace }}.tfvars +# download_cache: true +# setup_terraform: false +# env: +# AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} +# AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} +# AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} +# GITHUB_TOKEN: $GITHUB_TOKEN +# HTTP_PROXY: http://proxy.tco.census.gov:3128 +# HTTPS_PROXY: http://proxy.tco.census.gov:3128 +# NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" - - name: Terraform Validate - id: validate - run: /opt/tfenv/bin/terraform validate - - name: Terraform Plan - id: plan - run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars - -# - name: Terraform Apply -# id: plan -# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars -# continue-on-error: true