Merge branch 'main' of github.e.it.census.gov:CSVD/automation-repos i…

…nto repo_cleanup
CSVD · Oct 10, 2024 · d6e9731 · d6e9731
2 parents f52cb8b + 24c4988
commit d6e9731
Showing 1 changed file with 50 additions and 35 deletions.
diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml
@@ -6,6 +6,9 @@ on:
   pull_request:
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
+
+concurrency:
+  group: ${{ github.repo }}-${{ vars.terraform_workspace }}
 
 permissions: write-all
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
@@ -16,57 +19,69 @@ jobs:
     runs-on: [ "229685449397" ]
 
     env:
-#     GITHUB_APP_ID: ${{ vars.GH_APP_ID }}
       GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }}
       GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }}
-#     GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
       GITHUB_OWNER: CSVD
       GITHUB_BASE_URL: https://github.e.it.census.gov/
       TF_WORKSPACE: ${{ vars.terraform_workspace }}
       TF_CLI_ARGS_plan: -lock-timeout=30m
       TF_CLI_ARGS_apply: -lock-timeout=30m
+      NO_PROXY: ${{ vars.NO_PROXY }}
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
-
-      - uses: CSVD/gh-actions-setup-node@v3
+      - uses: CSVD/gh-actions-checkout@v4
+        id: checkout
         with:
-           node-version: 16
-
-      - name: blow up .terraform
-        run: rm -rf ${{ github.workspace }}/.terraform || echo "nope"
-
-      - name: Setup AWS Credentials
-        id: aws_credentials
-        run: |
-          curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json
-          aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json`
-          echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV
-          aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json`
-          echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV
-          aws configure set aws_session_token `jq -r '.Token' aws_credentials.json`
-          echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV
+          persist-credentials: false
 
+      - name: AWS Auth
+        id: aws_auth
+        uses: CSVD/aws-auth@main
+        with:
+          ecs: true
+
       - name: Setup GITHUB Credentials
         id: github_credentials
         run: |
           echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV
-
+          
       - name: Terraform Init
-        id: init
-        run: /opt/tfenv/bin/terraform init -upgrade
+        uses: CSVD/terraform-init@main
+        id: terraform_init
+        with:
+          commit_sha: ${{ steps.checkout.outputs.commit }}
+          terraform_version: "1.9.1"
+          workspace: ${{ vars.terraform_workspace }}
+          setup_terraform: true
+          terraform_init: true
+        env:
+          GITHUB_TOKEN: $GITHUB_TOKEN
+          AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }}
+          AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }}
+          AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }}
+
+      - name: debug outputs
+        run: |
+          echo S3 Upload Path: ${{ job.terraform_init.outputs.s3_upload_path }}"
+          echo Commit SHA: ${{ job.terraform_init.outputs.commit_sha }}"
+          
+#       - name: Terraform Plan
+#         uses: CSVD/terraform-plan@main
+#         with:
+#           terraform_version: "1.9.1"
+#           workspace: ${{ vars.terraform_workspace }}
+#           commit_sha: ${{ steps.terraform_init.outputs.commit_sha }}
+#           varfile: varfiles/${{ vars.terraform_workspace }}.tfvars
+#           download_cache: true
+#           setup_terraform: false
+#         env:
+#           AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }}
+#           AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }}
+#           AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }}
+#           GITHUB_TOKEN: $GITHUB_TOKEN
+#           HTTP_PROXY: http://proxy.tco.census.gov:3128
+#           HTTPS_PROXY: http://proxy.tco.census.gov:3128
+#           NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com"
 
-      - name: Terraform Validate
-        id: validate
-        run: /opt/tfenv/bin/terraform validate
 
-      - name: Terraform Plan
-        id: plan
-        run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
-
-#       - name: Terraform Apply
-#         id: plan
-#         run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars
-#         continue-on-error: true