From d250628c35fbdb46eb325821537f9516bbdae10d Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 15 Aug 2024 08:46:55 -0700 Subject: [PATCH 1/5] chore: Refactor image pipeline module names and update workflows --- image-pipeline.tf | 37 +++++++++++++++ variables.tf | 0 workflows/terraform-apply.yaml.tpl | 16 ++++++- workflows/terraform-plan.yaml.tpl | 76 ++++++++++++++++++++++++++++-- 4 files changed, 123 insertions(+), 6 deletions(-) create mode 100644 variables.tf diff --git a/image-pipeline.tf b/image-pipeline.tf index 7b15719..9a981c5 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -122,4 +122,41 @@ module "aws_image_pipeline" { ) } ] +} + + +# image-pipeline +module "terraform_aws_image_pipeline" { + source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" + #github_codeowners_team = "CSVD" + github_repo_description = "Terraform Module that creates codepipeline and codebuild jobs and other resources for building and deploying images" + repo_org = "arnol377" + name = "terraform-aws-image-pipeline" + github_repo_topics = [ + "terraform" + ] + force_name = true + create_codeowners = false + enforce_prs = true + collaborators = local.collaborators + admin_teams = [github_team.team.name] + pull_request_bypassers = local.pull_request_bypassers + vars = [ + { + name = "terraform_version" + value = "1.9.1" + } + ] + extra_files = [ + { + path = ".github/workflows/terraform-plan.yaml" + content = templatefile( + "${path.module}/workflows/terraform-plan.yaml.tpl", + { + repo_name = "aws-image-pipeline" + directory = "./examples" + } + ) + } + ] } \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/workflows/terraform-apply.yaml.tpl b/workflows/terraform-apply.yaml.tpl index dbdf241..c112c78 100644 --- a/workflows/terraform-apply.yaml.tpl +++ b/workflows/terraform-apply.yaml.tpl @@ -33,27 +33,41 @@ jobs: - uses: CSVD/gh-actions-setup-terraform@v2 with: - terraform_wrapper: false terraform_version: $${{ vars.terraform_version }} - name: Terraform Format id: fmt + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: | terraform fmt -check - name: Autoformat Halt if: env.auto_format == 'true' + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: exit 1 - name: Terraform Init id: init + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: terraform init -upgrade - name: Terraform Validate id: validate + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: terraform validate - name: Terraform Apply id: apply + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: terraform apply -auto-approve continue-on-error: true diff --git a/workflows/terraform-plan.yaml.tpl b/workflows/terraform-plan.yaml.tpl index bbf8248..c0854e1 100644 --- a/workflows/terraform-plan.yaml.tpl +++ b/workflows/terraform-plan.yaml.tpl @@ -32,27 +32,93 @@ jobs: - uses: CSVD/gh-actions-setup-terraform@v2 with: - terraform_wrapper: false terraform_version: $${{ vars.terraform_version }} - name: Terraform Format id: fmt + continue-on-error: true + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: | terraform fmt -check - - name: Autoformat Halt - if: env.auto_format == 'true' - run: exit 1 - - name: Terraform Init id: init + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: terraform init -upgrade - name: Terraform Validate id: validate + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: terraform validate - name: Terraform Plan id: plan + %{ if directory != null } + working-directory: ${directory} + %{ endif } run: terraform plan continue-on-error: true + + - uses: actions/github-script@v7 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GH_TOKEN }} + script: | + // 1. Retrieve existing bot comments for the PR + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }) + const botComment = comments.find(comment => { + return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style') + }) + + // 2. Prepare format of the comment + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` +
Validation Output + + \`\`\`\n + ${{ steps.validate.outputs.stdout }} + \`\`\` + +
+ + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + // 3. If we have a comment, update it, otherwise create a new one + if (botComment) { + github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: botComment.id, + body: output + }) + } else { + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + } \ No newline at end of file From ec42140173c8d4729a271aa3945b78d4e6a81a65 Mon Sep 17 00:00:00 2001 From: arnol377 Date: Thu, 15 Aug 2024 11:49:50 -0400 Subject: [PATCH 2/5] fixing zip command --- workflows/s3_upload.yaml.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflows/s3_upload.yaml.tpl b/workflows/s3_upload.yaml.tpl index 6ce63bc..531c9b6 100644 --- a/workflows/s3_upload.yaml.tpl +++ b/workflows/s3_upload.yaml.tpl @@ -29,5 +29,5 @@ jobs: node-version: 16 - run: | - zip ${repo_name}.zip * + zip -r ${repo_name}.zip * aws s3 cp ${repo_name}.zip s3://${bucket_name} From c446131ace6a90e4dfebef5199aee240c1b8f9c2 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 15 Aug 2024 09:04:17 -0700 Subject: [PATCH 3/5] Refactor image pipeline module names and update workflows --- image-pipeline.tf | 32 ++++---------------------------- 1 file changed, 4 insertions(+), 28 deletions(-) diff --git a/image-pipeline.tf b/image-pipeline.tf index 9a981c5..c901aa1 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -7,30 +7,6 @@ locals { ] } -moved { - from = module.linux_image_pipeline - to = module.image_pipeline_repos["linux-image-pipeline"] -} - -moved { - from = module.win_image_pipeline - to = module.image_pipeline_repos["windows-image-pipeline"] -} - -moved { - from = module.goss-testing - to = module.image_pipeline_repos["image-pipeline-goss-testing"] -} - -moved { - from = module.image_pipeline_ansible_playbooks - to = module.image_pipeline_repos["image-pipeline-ansible-playbooks"] -} - -moved { - from = module.image_pipeline - to = module.aws_image_pipeline -} module "image_pipeline_repos" { for_each = toset(local.pipeline_repos) @@ -46,7 +22,6 @@ module "image_pipeline_repos" { create_codeowners = false enforce_prs = true collaborators = merge(local.collaborators, { garri325 = "admin" }) - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers extra_files = [ { @@ -62,6 +37,7 @@ module "image_pipeline_repos" { ] } + # image-pipeline-asset-releases module "asset_releases" { source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" @@ -76,10 +52,10 @@ module "asset_releases" { create_codeowners = false enforce_prs = false collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers } + # image-pipeline module "aws_image_pipeline" { source = "git@github.e.it.census.gov:CSVD/terraform-github-repo" @@ -94,7 +70,6 @@ module "aws_image_pipeline" { create_codeowners = false enforce_prs = true collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers vars = [ { @@ -109,6 +84,7 @@ module "aws_image_pipeline" { "${path.module}/workflows/terraform-plan.yaml.tpl", { repo_name = "aws-image-pipeline" + directory = null } ) }, @@ -118,6 +94,7 @@ module "aws_image_pipeline" { "${path.module}/workflows/terraform-apply.yaml.tpl", { repo_name = "aws-image-pipeline" + directory = null } ) } @@ -139,7 +116,6 @@ module "terraform_aws_image_pipeline" { create_codeowners = false enforce_prs = true collaborators = local.collaborators - admin_teams = [github_team.team.name] pull_request_bypassers = local.pull_request_bypassers vars = [ { From 24ff60f3e3631a642438024bbc43f066323ef489 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 15 Aug 2024 09:06:19 -0700 Subject: [PATCH 4/5] Refactor image pipeline module names and update workflows --- image-pipeline.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/image-pipeline.tf b/image-pipeline.tf index c901aa1..f0464b2 100644 --- a/image-pipeline.tf +++ b/image-pipeline.tf @@ -29,7 +29,7 @@ module "image_pipeline_repos" { content = templatefile( "${path.module}/workflows/s3_upload.yaml.tpl", { - repo_name = each.value + repo_name = each.value, bucket_name = "image-pipeline-assets" } ) @@ -83,7 +83,7 @@ module "aws_image_pipeline" { content = templatefile( "${path.module}/workflows/terraform-plan.yaml.tpl", { - repo_name = "aws-image-pipeline" + repo_name = "aws-image-pipeline", directory = null } ) @@ -93,7 +93,7 @@ module "aws_image_pipeline" { content = templatefile( "${path.module}/workflows/terraform-apply.yaml.tpl", { - repo_name = "aws-image-pipeline" + repo_name = "aws-image-pipeline", directory = null } ) @@ -129,7 +129,7 @@ module "terraform_aws_image_pipeline" { content = templatefile( "${path.module}/workflows/terraform-plan.yaml.tpl", { - repo_name = "aws-image-pipeline" + repo_name = "aws-image-pipeline", directory = "./examples" } ) From c38a17e82a3809a17ea0b34ae865b9b8ecbaf66e Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 15 Aug 2024 09:08:52 -0700 Subject: [PATCH 5/5] Refactor image pipeline module names and update workflows --- workflows/terraform-plan.yaml.tpl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/workflows/terraform-plan.yaml.tpl b/workflows/terraform-plan.yaml.tpl index c0854e1..63f91c5 100644 --- a/workflows/terraform-plan.yaml.tpl +++ b/workflows/terraform-plan.yaml.tpl @@ -68,9 +68,9 @@ jobs: - uses: actions/github-script@v7 if: github.event_name == 'pull_request' env: - PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + PLAN: "terraform\n$${{ steps.plan.outputs.stdout }}" with: - github-token: ${{ secrets.GH_TOKEN }} + github-token: $${{ secrets.GH_TOKEN }} script: | // 1. Retrieve existing bot comments for the PR const { data: comments } = await github.rest.issues.listComments({ @@ -83,28 +83,28 @@ jobs: }) // 2. Prepare format of the comment - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` - #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + const output = `#### Terraform Format and Style 🖌\`$${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`$${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`$${{ steps.validate.outcome }}\`
Validation Output \`\`\`\n - ${{ steps.validate.outputs.stdout }} + $${{ steps.validate.outputs.stdout }} \`\`\`
- #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + #### Terraform Plan 📖\`$${{ steps.plan.outcome }}\`
Show Plan \`\`\`\n - ${process.env.PLAN} + $${process.env.PLAN} \`\`\`
- *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; // 3. If we have a comment, update it, otherwise create a new one if (botComment) {