diff --git a/.github/workflows/terraform_apply.yaml b/.github/workflows/terraform_apply.yaml new file mode 100644 index 0000000..292208a --- /dev/null +++ b/.github/workflows/terraform_apply.yaml @@ -0,0 +1,59 @@ +# This is a basic workflow to help you get started with Actions +name: Terraform Apply + +# Controls when the workflow will run +on: + push: + branches: [ "main" ] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + Apply: + # The type of runner that the job will run on + runs-on: [ automation-repos ] + env: + AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" + AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" + GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}" + + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + + + - uses: CSVD/gh-actions-setup-node@v3 + with: + node-version: 16 + + - uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_wrapper: false + terraform_version: ${{ vars.terraform_version }} + + - name: Terraform Format + id: fmt + run: | + terraform fmt -check + + - name: Autoformat Halt + if: env.auto_format == 'true' + run: exit 1 + + - name: Terraform Init + id: init + run: terraform init -upgrade + + - name: Terraform Validate + id: validate + run: terraform validate + + - name: Terraform Apply + id: plan + run: terraform apply -auto-approve + continue-on-error: true diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml new file mode 100644 index 0000000..25f471d --- /dev/null +++ b/.github/workflows/terraform_plan.yaml @@ -0,0 +1,109 @@ +# This is a basic workflow to help you get started with Actions +name: Terraform Plan + +# Controls when the workflow will run +on: + pull_request: + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + Plan: + # The type of runner that the job will run on + runs-on: [ automation-repos ] + env: + AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" + AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" + GITHUB_TOKEN: "${{ secrets.GH_TOKEN }}" + + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: CSVD/gh-actions-checkout@v3 + with: + github-server-url: https://github.e.it.census.gov + ref: ${{ github.head_ref }} + token: ${{ secrets.GH_TOKEN }} + + + - uses: CSVD/gh-actions-setup-node@v3 + with: + node-version: 16 + + - uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: ${{ vars.terraform_version }} + + - name: Set output + id: vars + run: echo ::set-output name=short_ref::${GITHUB_REF#refs/*/} + + - name: Terraform Format + id: fmt + run: | + terraform fmt + if ! git diff-index --quiet HEAD; then + git config --global user.name '${{ vars.REPO_OWNER }}' + git config --global user.email '${{ vars.REPO_OWNER_EMAIL }}' + git commit -am "Autoformatting TF Code" + git push + echo "auto_format=true" >> $GITHUB_ENV + fi + + - name: Autoformat Halt + if: env.auto_format == 'true' + run: exit 0 + + - name: Terraform Init + id: init + run: terraform init -upgrade + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + run: terraform plan -no-color + continue-on-error: true + + - uses: CSVD/gh-actions-github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GH_TOKEN }} + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` +
Validation Output + + \`\`\`\n + ${{ steps.validate.outputs.stdout }} + \`\`\` + +
+ + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) diff --git a/.gitignore b/.gitignore index 2faf43d..5eaab15 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc +plans diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index d7c91c8..fd9184f 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,30 +2,53 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.56.1" + version = "5.63.0" constraints = ">= 2.0.0" hashes = [ - "h1:3c0jJCaLRgXrOZoGMAOjH+omtHUo96AkukUF4/h9gaE=", - "zh:0fff674596251d3f46b5a9e242220871d6c634f7cf69f2741d1c3c8f4baa708c", - "zh:1495d0f71bbd849ad286e7afa9d531a45217e6af7e3d165a447809dab364bd9b", - "zh:3eab136bd5b6c58a99f5cb588220819c70061b48da98f2b40061ebabfcbe1957", - "zh:3faa780ae84db4751d32ce3e7c4797711c9b5c537b67884037f0951a2f93c1ee", - "zh:47455bd243986893cc79f3d884633961244faeeef678fd64a37fcc77f3dabe24", - "zh:4a26df74f018ea25f3b543e9bc9d5763c7adc0cec647fc1cb1acec47cc331953", - "zh:592cebca964f297f569dc86e99789bfcc301904a9c26cd7294dab99e106acf59", - "zh:75d5ed50f1f56c484f7fcb1bd1c4ad33e2679ed249cc8db05e561233f8f5781f", - "zh:7ec8cce722a91ba141a3b2db0e833acc3be91e4eec6abb41f012bc9d641ca24e", + "h1:mhVxzwfSZVxPJNZsr1fvKZe51+48BdM7pzWChVQ4v68=", + "zh:21f3a6870dd80b8312b6aac28784b29a7c2cf072175f0de943f09bddbf14cad6", + "zh:28feb0621baeaa9b6992a6209fd0d7ad1c665b1dd895123f2fd36d91d69d116f", + "zh:301d51b398c3e3488ea2b63defeb254436854c83046d9fc5ca129b13faaa4319", + "zh:343e89645a2b23363226e2e0571639637ac1ddf7fa8c562bf883b17c8ad30d7d", + "zh:56c89148fc105a1bf32ffcd574ec1e679144377ea26c9ae4211dd491a3def358", + "zh:5e3b88e3eb28b23819126d43b191a2bda28a09d7690aee7e577b3b6235c4824a", + "zh:64c21f3b38a8f0f0ef8b938df71cde76d77e010236bb6a0b46f66daa6cab6f99", + "zh:6869e5fafe6535954ac75ece63e9765d6b12d1752b54cf9639a01585f1a5583e", + "zh:90a6894868c585a5abf00e784723d74ea80aff3d0403b36028c4b08c5c4894d6", + "zh:92e9e4b7c183e518c1decd0fbc780e9f1941d05710c9c20329c78556a7f0adac", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:cba68f518f794e695b0448be4ff90906a7817f65ca5e4d987720e37fbeea7c90", - "zh:e29712ab48d6527253ae4aef3851bd8e831b7b0bb57b5097bef16cbb69af6e85", - "zh:ef34bd8ff4e1fb8cc222b78217df917d4833361ea514465e7dae9122a7c7cf7a", - "zh:fece9ac372653ab3195630cc9d817ad0f81cce1d2880bec03ffc624591f3702b", - "zh:ffd1c3b3e4fa447dd2a78f6696d0dac969cb2996d640e3efbf2a96c49892d298", + "zh:bbc053d060d4f6e95ef60549a0e92487fbbd88807f8161507cc389edc7dde0f7", + "zh:cfd8e88029a2fdafdfa77688f966705ade9211d173cbb6aa1552839c9993c19a", + "zh:d291875c26a6a05b60e02f1481c296269080232fa0ae86cce5caa04a6df82ed6", + "zh:f42f0b81587de0c51859e37cd671c442d8eaf42558d83c6421b1e46549576f89", ] } provider "registry.terraform.io/hashicorp/github" { - version = "6.2.2" + version = "6.2.3" + hashes = [ + "h1:nHTegsQYYUJZbaTnU1aMJBgnZUbR2zsfCl7DsL/kZjQ=", + "zh:05874671652a260b12d784cc46b0eea156f493a5f12e00368d1f6cb319156257", + "zh:0c7a3cae5a66e5c5efc3b25ba646a0d46bfe1fd3edba1f5a75f51aede85a9d1b", + "zh:174310010d08f13e36e53ff18e44a21dd040c89884ef190a192c6ce27926a912", + "zh:23d1d8731e518354ce6a83419f49101aece63882b0ca7c489f3c598cc6ea5d5e", + "zh:4e88953816daf11ab1681c32c7988d4e29476fc44f0959fe03173532cf5044de", + "zh:6fab07734ccf27f5afee4442abae2d33245eabf35519032ce1e2aad6961a640a", + "zh:7b2f324b918e161c892c29ee80d36c48ca8b891b8047e132fc701ca741e5ae72", + "zh:8ef4f0d691ade98082ef1f6b36e556468e5ab26e60021f0de0fb22e3acdfd990", + "zh:8f0f3e139faa8f2b9075bb9978dd683f4bab5ac91171bbb969addd04d7f0b90f", + "zh:97cb6d7fdf640237cc2f0ab830db8f878770968c59fd28298e9dddb8b9e6294d", + "zh:a17038d8747c6bb660e4c5981e8ffbbc33c66ba164868fd35d442e7f828a1e01", + "zh:aa9f4b7d947f7b11277b4e9ba7147f5594cf60a6589b7aac4344f73d1400d1c0", + "zh:c780b951e14d583ef6ffef9a934831b56ee157c50ed8e969c676a636810f7db1", + "zh:d8497bb2986fd76107b7208b33cc39281797164fdea09453e987b969a461befb", + "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", + ] +} + +provider "registry.terraform.io/integrations/github" { + version = "6.2.2" + constraints = ">= 6.2.2, 6.2.2" hashes = [ "h1:3gbrNGsK0dQ5zpN0qeHm3uNdWJl+f760+VtV2GJZ8Vg=", "zh:43d7e5f1e11d67e38ca717016d209d6d9a6fa03321b489f91984351bfb143b69", @@ -45,25 +68,3 @@ provider "registry.terraform.io/hashicorp/github" { "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", ] } - -provider "registry.terraform.io/integrations/github" { - version = "6.2.0" - constraints = "6.2.0" - hashes = [ - "h1:FdWqFyRBP1NkVVE2ZTbk2HdQ9FCuQ7Iiw+517sZUjOc=", - "zh:1206dd543cbfb82510f3de8cebc60b3b53803ed2e58b155beae60ad47375da92", - "zh:1b37f423227697a8dfedd12552826f22153c0125233caf2ab3426a968db63cfc", - "zh:273f57855ded264c6e08260e536f495b5db836c369a567c54d3852c3f24f9256", - "zh:569bc57a5bbb5ae09871a080fd17fef266da22bd4e29b5db74f10607343ba3ed", - "zh:58f3bc7becc4124ca8c9996137b286673262fd3eb9f30ae32401bd18cf87378a", - "zh:72fd37a1f0629293102ea9daa8ab300dec8465f2fb47223597946c374a445b82", - "zh:78bc062964a4bdc7b11d506ecc593731b2f9570f6d1a91bd0da5d2c9af92e964", - "zh:9c1dd21173e1814496defe7e8d0bfbbb3f34f5ec73bf38fad87aca5ad3f728ba", - "zh:a80948ebfe0c803ccb37fd94cbb4a1cb09c8e89fa85cf4468060aa35ff227916", - "zh:a8fb4fdc3f4326ea7a456a64b346bb187046832ea1819134bb0ea8e53447ee8e", - "zh:aaff85ec7753f368ffefe8fd022961fe7c8c67fef9963d60a4a17df9d0cb1c5d", - "zh:bd9efdd9dcc11067b48b269587ba34cb22aa7d559e26843e25c4faad7453b81c", - "zh:c123572fb43f3a7cd5fcb19c29063342ebd9a9e40effaab3adfd0c404441efd7", - "zh:d55b2fed99d988015b0269c1ec2fbd969ec0cf144cf1cb1ce0543df36f233061", - ] -} diff --git a/backend.tf b/backend.tf index 96d1478..aa514fb 100644 --- a/backend.tf +++ b/backend.tf @@ -5,4 +5,4 @@ terraform { region = "us-gov-east-1" dynamodb_table = "tf_remote_state" } -} \ No newline at end of file +} diff --git a/image-pipeline.tf b/image-pipeline.tf index 40c7b7d..e978deb 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -3,7 +3,8 @@ locals { "image-pipeline-goss-testing", "image-pipeline-ansible-playbooks", "linux-image-pipeline", - "windows-image-pipeline" + "windows-image-pipeline", + "docker-image-pipeline" ] } @@ -141,4 +142,4 @@ module "terraform_aws_image_pipeline" { ) } ] -} \ No newline at end of file +} diff --git a/main.tf b/main.tf index d276cb5..6c72d56 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ locals { collaborators = { naray007 = "push", morga471 = "push", - lolli001 = "pull", + lolli001 = "push", gomez385 = "push" } pull_request_bypassers = [ @@ -10,11 +10,6 @@ locals { ] } -# Add a team to the organization -resource "github_team" "team" { - name = "csvd-automation" -} - module "elastic_beanstalk" { source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" @@ -30,7 +25,6 @@ module "elastic_beanstalk" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -50,7 +44,6 @@ module "automation-repos" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -68,7 +61,6 @@ module "terraform-github-repo" { enforce_prs = false create_codeowners = false collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -89,7 +81,6 @@ module "elastic_beanstalk_java" { collaborators = local.collaborators template_repo = "aws-beanstalk" template_repo_org = "CSVD" - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -109,7 +100,6 @@ module "elastic_beanstalk_php" { collaborators = local.collaborators template_repo = "aws-beanstalk" template_repo_org = "CSVD" - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -129,7 +119,6 @@ module "elastic_beanstalk_nodejs" { collaborators = local.collaborators template_repo = "aws-beanstalk" template_repo_org = "CSVD" - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -151,7 +140,6 @@ module "elastic_beanstalk_docker" { collaborators = local.collaborators template_repo = "aws-beanstalk" template_repo_org = "CSVD" - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -169,7 +157,6 @@ module "beanstalk-demo" { enforce_prs = false is_template = true collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } @@ -186,7 +173,6 @@ module "setup_terraform" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - admin_teams = [github_team.team.name] } module "setup_node" { @@ -202,7 +188,6 @@ module "setup_node" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - admin_teams = [github_team.team.name] } # ghe-runner @@ -219,6 +204,5 @@ module "ghe_runners" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - admin_teams = [github_team.team.name] } diff --git a/plans/1843a387eb06c4e779a39e3f9eb5d8f87c47695e b/plans/1843a387eb06c4e779a39e3f9eb5d8f87c47695e new file mode 100644 index 0000000..2ba3c24 Binary files /dev/null and b/plans/1843a387eb06c4e779a39e3f9eb5d8f87c47695e differ diff --git a/plans/34b2524537939b5d976403b4734553a968bb94f8 b/plans/34b2524537939b5d976403b4734553a968bb94f8 new file mode 100644 index 0000000..a21d760 Binary files /dev/null and b/plans/34b2524537939b5d976403b4734553a968bb94f8 differ diff --git a/plans/3e907ece923dfa9d033a61e82baac655b05e3246 b/plans/3e907ece923dfa9d033a61e82baac655b05e3246 new file mode 100644 index 0000000..745fbb8 Binary files /dev/null and b/plans/3e907ece923dfa9d033a61e82baac655b05e3246 differ diff --git a/plans/5d5257c1faba98284980f00106df68bb6aeea308 b/plans/5d5257c1faba98284980f00106df68bb6aeea308 new file mode 100644 index 0000000..e6cdcea Binary files /dev/null and b/plans/5d5257c1faba98284980f00106df68bb6aeea308 differ diff --git a/plans/6e5067c1edb9abb9b198e8eca861a6be21882abd b/plans/6e5067c1edb9abb9b198e8eca861a6be21882abd new file mode 100644 index 0000000..b49ae6d Binary files /dev/null and b/plans/6e5067c1edb9abb9b198e8eca861a6be21882abd differ diff --git a/plans/9550c73db7e5035e114d48a4039bae1cb4132736 b/plans/9550c73db7e5035e114d48a4039bae1cb4132736 new file mode 100644 index 0000000..01a411e Binary files /dev/null and b/plans/9550c73db7e5035e114d48a4039bae1cb4132736 differ diff --git a/plans/9bfc2a45b3e7ef72becc0a13e91328aec03b3c12 b/plans/9bfc2a45b3e7ef72becc0a13e91328aec03b3c12 new file mode 100644 index 0000000..9ba21e8 Binary files /dev/null and b/plans/9bfc2a45b3e7ef72becc0a13e91328aec03b3c12 differ diff --git a/plans/b7696c7976cce5e4c00af77a5eb6ca777e1b5051 b/plans/b7696c7976cce5e4c00af77a5eb6ca777e1b5051 new file mode 100644 index 0000000..4c5393e Binary files /dev/null and b/plans/b7696c7976cce5e4c00af77a5eb6ca777e1b5051 differ diff --git a/plans/c729245f61679f412edd4ed9c695c41346aa9e87 b/plans/c729245f61679f412edd4ed9c695c41346aa9e87 new file mode 100644 index 0000000..93138c7 Binary files /dev/null and b/plans/c729245f61679f412edd4ed9c695c41346aa9e87 differ diff --git a/plans/caa8fa122c9c3aca1b32e1963feaa51e9e9359d9 b/plans/caa8fa122c9c3aca1b32e1963feaa51e9e9359d9 new file mode 100644 index 0000000..5f16736 Binary files /dev/null and b/plans/caa8fa122c9c3aca1b32e1963feaa51e9e9359d9 differ diff --git a/workflows/s3_upload.yaml.tpl b/workflows/s3_upload.yaml.tpl index 6ce63bc..531c9b6 100644 --- a/workflows/s3_upload.yaml.tpl +++ b/workflows/s3_upload.yaml.tpl @@ -29,5 +29,5 @@ jobs: node-version: 16 - run: | - zip ${repo_name}.zip * + zip -r ${repo_name}.zip * aws s3 cp ${repo_name}.zip s3://${bucket_name} diff --git a/workflows/terraform-plan.yaml.tpl b/workflows/terraform-plan.yaml.tpl index a354a76..f4a20cb 100644 --- a/workflows/terraform-plan.yaml.tpl +++ b/workflows/terraform-plan.yaml.tpl @@ -25,8 +25,8 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v3 with: - ref: ${{ github.head_ref }} - token: ${{ secrets.GH_TOKEN }} + ref: $${{ github.head_ref }} + token: $${{ secrets.GH_TOKEN }} - uses: CSVD/gh-actions-setup-node@v3 with: