Refactor GitHub Actions workflow for Terraform apply

CSVD · Oct 16, 2024 · 989fc2e · 989fc2e
1 parent 74a53f8
commit 989fc2e
Showing 1 changed file with 28 additions and 14 deletions.
diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml
@@ -18,22 +18,22 @@ jobs:
   # This workflow contains a single job called "build"
   Plan:
     # The type of runner that the job will run on
-    outputs:
-      commit_sha: "${{ steps.git_show.utputs.commit_sha }}"
-      cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }}
-      github_token: ${{ steps.github_credentials.outputs.github_token }}
-      aws_access_key_id: ${{ steps.aws_auth.outputs.aws_access_key_id }}
-      aws_secret_access_key: ${{ steps.aws_auth.outputs.aws_secret_access_key }}
-      aws_session_token: ${{ steps.aws_auth.outputs.aws_session_token }}
-
     runs-on: ["229685449397"]
-    
+
     env:
       TF_WORKSPACE: ${{ vars.terraform_workspace }}
       TF_CLI_ARGS_plan: -lock-timeout=30m
       TF_CLI_ARGS_apply: -lock-timeout=30m
       NO_PROXY: ${{ vars.NO_PROXY }}
 
+    outputs:
+      commit_sha: "${{ steps.git_show.outputs.commit_sha }}"
+      cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }}
+      github_token: ${{ steps.github_credentials.outputs.github_token }}
+      aws_access_key_id: ${{ steps.aws_auth.outputs.aws_access_key_id }}
+      aws_secret_access_key: ${{ steps.aws_auth.outputs.aws_secret_access_key }}
+      aws_session_token: ${{ steps.aws_auth.outputs.aws_session_token }}
+
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - uses: CSVD/gh-actions-checkout@v4
@@ -104,21 +104,35 @@ jobs:
     needs: Plan
     environment: requires_approval
     steps:
+      - name: AWS Auth
+        id: aws_auth
+        uses: CSVD/aws-auth@main
+        with:
+          ecs: true
+
+      - name: Setup GITHUB Credentials
+        id: github_credentials
+        uses: CSVD/gh-auth@main
+        with:
+          github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+          github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+          github_base_url: "${{ github.server_url }}/"
+
       - name: Terraform Apply
         uses: CSVD/terraform-apply@main
         with:
           terraform_version: "1.9.1"
           workspace: ${{ vars.terraform_workspace }}
-          commit_sha: ${{ steps.terraform_init.outputs.commit_sha }}
+          commit_sha: ${{ needs.Plan.outputs.commit_sha }}
           download_cache: true
           setup_terraform: true
           terraform_wrapper: false
           cache_key: ${{ needs.Plan.outputs.cache_key }}
         env:
-          AWS_ACCESS_KEY_ID: ${{ needs.Plan.outputs.aws_access_key_id }}
-          AWS_SECRET_ACCESS_KEY: ${{ needs.Plan.outputs.aws_secret_access_key }}
-          AWS_SESSION_TOKEN: ${{ needs.Plan.outputs.aws_session_token }}
-          GITHUB_TOKEN: ${{ needs.Plan.outputs.github_token }}
+          AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }}
+          AWS_SECRET_ACCESS_KEY: ${{ steps.aws_auth.outputs.aws_secret_access_key }}
+          AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }}
+          GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }}
           GITHUB_OWNER: ${{ github.repository_owner }}
           GITHUB_BASE_URL: "${{ github.server_url }}/"
           HTTP_PROXY: http://proxy.tco.census.gov:3128