From 0f44bd062be183fce6b636b2e5e87af51bfaf8a0 Mon Sep 17 00:00:00 2001 From: James Farr Gomez Date: Wed, 9 Oct 2024 16:03:31 -0700 Subject: [PATCH] Refactor Terraform workflow to use GitHub Actions setup and cache (#22) * Refactor Terraform workflow to use GitHub Actions setup and cache This commit refactors the Terraform workflow to use the GitHub Actions setup and cache. It removes the unnecessary steps for checking out the repository and blowing up the .terraform directory. It also adds the setup for AWS and GitHub credentials. The Terraform init and plan steps are now using the CSVD/terraform-init and CSVD/terraform-plan actions, respectively, with specific versions and workspace configurations. * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml * Update terraform_plan.yaml --------- Co-authored-by: David John Arnold Jr --- .github/workflows/terraform_plan.yaml | 77 +++++++++++++++------------ 1 file changed, 42 insertions(+), 35 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index d57aa70..fb864b0 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -16,57 +16,64 @@ jobs: runs-on: [ "229685449397" ] env: -# GITHUB_APP_ID: ${{ vars.GH_APP_ID }} GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }} -# GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov/ TF_WORKSPACE: ${{ vars.terraform_workspace }} TF_CLI_ARGS_plan: -lock-timeout=30m TF_CLI_ARGS_apply: -lock-timeout=30m + NO_PROXY: ${{ vars.NO_PROXY }} # Steps represent a sequence of tasks that will be executed as part of the job steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 - - - uses: CSVD/gh-actions-setup-node@v3 + - uses: CSVD/gh-actions-checkout@v4 + id: checkout with: - node-version: 16 - - - name: blow up .terraform - run: rm -rf ${{ github.workspace }}/.terraform || echo "nope" - - - name: Setup AWS Credentials - id: aws_credentials - run: | - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json - aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json` - echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV - aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json` - echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV - aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` - echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV + persist-credentials: false + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + - name: Setup GITHUB Credentials id: github_credentials run: | echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - + - name: Terraform Init - id: init - run: /opt/tfenv/bin/terraform init -upgrade + uses: CSVD/terraform-init@main + id: terraform_init + with: + commit_sha: ${{ steps.checkout.outputs.commit }} + terraform_version: "1.9.1" + workspace: ${{ vars.terraform_workspace }} + setup_terraform: true + terraform_init: true + env: + GITHUB_TOKEN: $GITHUB_TOKEN + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + +# - name: Terraform Plan +# uses: CSVD/terraform-plan@main +# with: +# terraform_version: "1.9.1" +# workspace: ${{ vars.terraform_workspace }} +# commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} +# varfile: varfiles/${{ vars.terraform_workspace }}.tfvars +# download_cache: true +# setup_terraform: false +# env: +# AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} +# AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} +# AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} +# GITHUB_TOKEN: $GITHUB_TOKEN +# HTTP_PROXY: http://proxy.tco.census.gov:3128 +# HTTPS_PROXY: http://proxy.tco.census.gov:3128 +# NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" - - name: Terraform Validate - id: validate - run: /opt/tfenv/bin/terraform validate - - name: Terraform Plan - id: plan - run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars - -# - name: Terraform Apply -# id: plan -# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars -# continue-on-error: true