From accfb481065db0b2b89b618a576b0dd6b8a78483 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 15 Aug 2024 12:46:38 -0700 Subject: [PATCH 1/3] Refactor image pipeline module names and update workflows --- workflows/terraform-plan.yaml.tpl | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/workflows/terraform-plan.yaml.tpl b/workflows/terraform-plan.yaml.tpl index c941500..2906111 100644 --- a/workflows/terraform-plan.yaml.tpl +++ b/workflows/terraform-plan.yaml.tpl @@ -24,7 +24,9 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v3 - + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.GH_TOKEN }} - uses: CSVD/gh-actions-setup-node@v3 with: @@ -48,7 +50,7 @@ jobs: - name: Autoformat Halt if: env.auto_format == 'true' - run: exit 1 + run: exit 0 - name: Terraform Init id: init @@ -71,23 +73,4 @@ jobs: %{ endif } run: terraform plan continue-on-error: true - - - name: Update Pull Request - uses: CSVD/gh-actions-github-script@v6 - if: github.event_name == 'pull_request' - with: - github-token: $${{ secrets.GH_TOKEN }} - script: | - const output = `#### Terraform Format and Style 🖌\`$${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`$${{ steps.init.outcome }}\` - #### Terraform Validation 🤖\`$${{ steps.validate.outcome }}\` - #### Terraform Plan: - $${{ steps.plan.outcome }} - *Pushed by: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`*`; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) \ No newline at end of file +L \ No newline at end of file From 9741a63541ea38ae33b5c49836494b2306dbf06f Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 15 Aug 2024 12:53:14 -0700 Subject: [PATCH 2/3] Refactor image pipeline module names and update workflows --- workflows/terraform-plan.yaml.tpl | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/workflows/terraform-plan.yaml.tpl b/workflows/terraform-plan.yaml.tpl index 2906111..a354a76 100644 --- a/workflows/terraform-plan.yaml.tpl +++ b/workflows/terraform-plan.yaml.tpl @@ -73,4 +73,23 @@ jobs: %{ endif } run: terraform plan continue-on-error: true -L \ No newline at end of file + + - name: Update Pull Request + uses: CSVD/gh-actions-github-script@v6 + if: github.event_name == 'pull_request' + with: + github-token: $${{ secrets.GH_TOKEN }} + script: | + const output = `#### Terraform Format and Style 🖌\`$${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`$${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`$${{ steps.validate.outcome }}\` + #### Terraform Plan: + $${{ steps.plan.outcome }} + *Pushed by: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) From cb6d48492a412650add9d39799f5b56e78cef095 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Tue, 20 Aug 2024 12:50:13 -0700 Subject: [PATCH 3/3] Refactor image pipeline module names and update workflows --- actions_secrets.tf | 14 +++++++++++ image-pipeline.tf | 2 +- main.tf | 2 ++ sandbox.tf | 61 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 actions_secrets.tf create mode 100644 sandbox.tf diff --git a/actions_secrets.tf b/actions_secrets.tf new file mode 100644 index 0000000..2c43dce --- /dev/null +++ b/actions_secrets.tf @@ -0,0 +1,14 @@ +locals { + secrets = [ + "AWS_SECRET_ACCESS_KEY", + "AWS_SESSION_TOKEN", + "AWS_ACCESS_KEY_ID", + "GITHUB_TOKEN" + ] +} + +module "env_var" { + source = "HappyPathway/var/env" + for_each = toset(local.secrets) + env_var = each.value +} diff --git a/image-pipeline.tf b/image-pipeline.tf index e978deb..f19cd98 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -132,7 +132,7 @@ module "terraform_aws_image_pipeline" { content = templatefile( "${path.module}/workflows/terraform-plan.yaml.tpl", { - repo_name = "aws-image-pipeline", + repo_name = "terraform-aws-image-pipeline", directory = "./examples" git_owner = { name = "arnol377" diff --git a/main.tf b/main.tf index 6c72d56..3f8fa6a 100644 --- a/main.tf +++ b/main.tf @@ -206,3 +206,5 @@ module "ghe_runners" { collaborators = local.collaborators } + + diff --git a/sandbox.tf b/sandbox.tf new file mode 100644 index 0000000..081143c --- /dev/null +++ b/sandbox.tf @@ -0,0 +1,61 @@ + +locals { + workspace_instances = [ + "arnol377-sandbox" + ] +} + +module "ghe_runners" { + source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" + for_each = toset(local.workspace_instances) + github_repo_description = "Sandbox - ${each.value}" + repo_org = "arnol377" + name = each.value + github_repo_topics = [ + "terraform" + ] + force_name = true + github_is_private = false + create_codeowners = false + enforce_prs = false + collaborators = local.collaborators + managed_extra_files = [ + { + path = ".github/workflows/terraform-plan.yaml" + content = templatefile( + "${path.module}/workflows/terraform-plan.yaml.tpl", + { + repo_name = each.value, + directory = null + git_owner = { + name = "arnol377" + email = "david.j.arnold.jr@census.gov" + } + } + ) + }, + { + path = ".github/workflows/terraform-apply.yaml" + content = templatefile( + "${path.module}/workflows/terraform-apply.yaml.tpl", + { + repo_name = each.value, + directory = null + } + ) + } + ] + secrets = [ + for secret in [for secret in local.secrets : secret if secret != "AWS_ACCESS_KEY_ID"] : + { + name = replace(secret, "GITHUB", "GH") + value = lookup(module.env_var, secret).value + } + ] + vars = [ + { + name = "AWS_ACCESS_KEY_ID" + value = lookup(module.env_var, "AWS_ACCESS_KEY_ID").value + } + ] +} \ No newline at end of file