From c6ea55ae4e9415cab7f858516b9a30b6c76da67f Mon Sep 17 00:00:00 2001 From: gomez385 Date: Mon, 7 Oct 2024 19:45:37 -0400 Subject: [PATCH 01/22] Refactor Terraform workflow to use GitHub Actions setup and cache This commit refactors the Terraform workflow to use the GitHub Actions setup and cache. It removes the unnecessary steps for checking out the repository and blowing up the .terraform directory. It also adds the setup for AWS and GitHub credentials. The Terraform init and plan steps are now using the CSVD/terraform-init and CSVD/terraform-plan actions, respectively, with specific versions and workspace configurations. --- .github/workflows/terraform_plan.yaml | 38 +++++++++++---------------- 1 file changed, 15 insertions(+), 23 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index d57aa70..bcbb3d1 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -28,16 +28,6 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 - - - uses: CSVD/gh-actions-setup-node@v3 - with: - node-version: 16 - - - name: blow up .terraform - run: rm -rf ${{ github.workspace }}/.terraform || echo "nope" - - name: Setup AWS Credentials id: aws_credentials run: | @@ -48,6 +38,7 @@ jobs: echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Setup GITHUB Credentials id: github_credentials @@ -55,18 +46,19 @@ jobs: echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - name: Terraform Init - id: init - run: /opt/tfenv/bin/terraform init -upgrade - - - name: Terraform Validate - id: validate - run: /opt/tfenv/bin/terraform validate + uses: CSVD/terraform-init@main + id: terraform_init + with: + terraform_version: "1.9.1" + workspace: ${{ vars.terraform_workspace }} + setup_terraform: true + terraform_init: true - name: Terraform Plan - id: plan - run: /opt/tfenv/bin/terraform plan -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars - -# - name: Terraform Apply -# id: plan -# run: /opt/tfenv/bin/terraform apply -auto-approve -var-file=varfiles/${{ vars.terraform_workspace }}.tfvars -# continue-on-error: true + uses: CSVD/terraform-plan@main + with: + terraform_version: "1.9.1" + workspace: ${{ vars.terraform_workspace }} + commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} + varfile: varfiles/${{ vars.terraform_workspace }}.tfvars + download_cache: true From c1b753a170bc3850937bc94ef30d62091f50b6c4 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 09:59:33 -0700 Subject: [PATCH 02/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index bcbb3d1..7541b47 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -46,7 +46,7 @@ jobs: echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - name: Terraform Init - uses: CSVD/terraform-init@main + uses: CSVD/terraform-init@fixing_stuff id: terraform_init with: terraform_version: "1.9.1" From 75338a4bcbdff3c4a057b252fadf1a0eca75b3fb Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 10:01:05 -0700 Subject: [PATCH 03/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 7541b47..bcbb3d1 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -46,7 +46,7 @@ jobs: echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - name: Terraform Init - uses: CSVD/terraform-init@fixing_stuff + uses: CSVD/terraform-init@main id: terraform_init with: terraform_version: "1.9.1" From 1ac7d9d3d58c6afb65487f9d82323437ab0117ef Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 10:05:48 -0700 Subject: [PATCH 04/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index bcbb3d1..a1d928e 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -62,3 +62,4 @@ jobs: commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} varfile: varfiles/${{ vars.terraform_workspace }}.tfvars download_cache: true + setup_terraform: false From c8c829ee81cde4872a4dbff78c52dad1fa8a48f1 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 13:10:42 -0700 Subject: [PATCH 05/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index a1d928e..16dd037 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -16,10 +16,8 @@ jobs: runs-on: [ "229685449397" ] env: -# GITHUB_APP_ID: ${{ vars.GH_APP_ID }} GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} GITHUB_APP_PEM_FILE: ${{ secrets.GH_APP_PEM_FILE }} -# GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} GITHUB_OWNER: CSVD GITHUB_BASE_URL: https://github.e.it.census.gov/ TF_WORKSPACE: ${{ vars.terraform_workspace }} @@ -44,6 +42,7 @@ jobs: id: github_credentials run: | echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV + echo "PyGenerated GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}" - name: Terraform Init uses: CSVD/terraform-init@main @@ -53,6 +52,8 @@ jobs: workspace: ${{ vars.terraform_workspace }} setup_terraform: true terraform_init: true + env: + GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} - name: Terraform Plan uses: CSVD/terraform-plan@main From 66deb0a2342d6d59a845f215f1ad6fc1dff1b39f Mon Sep 17 00:00:00 2001 From: James Farr Gomez Date: Tue, 8 Oct 2024 13:15:06 -0700 Subject: [PATCH 06/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 16dd037..5c9df91 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -42,7 +42,7 @@ jobs: id: github_credentials run: | echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - echo "PyGenerated GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }}" + echo "PyGenerated GITHUB_TOKEN: $GITHUB_TOKEN" - name: Terraform Init uses: CSVD/terraform-init@main @@ -53,7 +53,7 @@ jobs: setup_terraform: true terraform_init: true env: - GITHUB_TOKEN: ${{ env.GITHUB_TOKEN }} + GITHUB_TOKEN: $GITHUB_TOKEN - name: Terraform Plan uses: CSVD/terraform-plan@main From d9f7e96743e3bf72089ed10d498b7b93e61924f0 Mon Sep 17 00:00:00 2001 From: James Farr Gomez Date: Tue, 8 Oct 2024 13:20:56 -0700 Subject: [PATCH 07/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 5c9df91..94aebf6 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -42,8 +42,12 @@ jobs: id: github_credentials run: | echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV + + - name: Echo GITHUB Credentials + id: github_credentials + run: | echo "PyGenerated GITHUB_TOKEN: $GITHUB_TOKEN" - + - name: Terraform Init uses: CSVD/terraform-init@main id: terraform_init From 5c5342696cee136cc3e0d548f01ef0d5e7e2246a Mon Sep 17 00:00:00 2001 From: James Farr Gomez Date: Tue, 8 Oct 2024 13:21:21 -0700 Subject: [PATCH 08/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 94aebf6..e789c4a 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -44,7 +44,7 @@ jobs: echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - name: Echo GITHUB Credentials - id: github_credentials + id: echo_github_credentials run: | echo "PyGenerated GITHUB_TOKEN: $GITHUB_TOKEN" From b172016e3c8841036202c8da432895bc959fa9d6 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 13:44:50 -0700 Subject: [PATCH 09/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index e789c4a..7aa0c3c 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -27,27 +27,13 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - name: Setup AWS Credentials - id: aws_credentials - run: | - curl -qL -o aws_credentials.json http://169.254.170.2/${AWS_CONTAINER_CREDENTIALS_RELATIVE_URI} > aws_credentials.json - aws configure set aws_access_key_id `jq -r '.AccessKeyId' aws_credentials.json` - echo AWS_ACCESS_KEY_ID=`jq -r '.AccessKeyId' aws_credentials.json` >> $GITHUB_ENV - aws configure set aws_secret_access_key `jq -r '.SecretAccessKey' aws_credentials.json` - echo AWS_SECRET_ACCESS_KEY=`jq -r '.SecretAccessKey' aws_credentials.json` >> $GITHUB_ENV - aws configure set aws_session_token `jq -r '.Token' aws_credentials.json` - echo AWS_SESSION_TOKEN=`jq -r '.Token' aws_credentials.json` >> $GITHUB_ENV - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + uses: CSVD/aws-auth@main - name: Setup GITHUB Credentials id: github_credentials run: | echo GITHUB_TOKEN=$(python encode_jwt.py "$GITHUB_APP_PEM_FILE" "$GITHUB_APP_INSTALLATION_ID" "$GITHUB_BASE_URL") >> $GITHUB_ENV - - name: Echo GITHUB Credentials - id: echo_github_credentials - run: | - echo "PyGenerated GITHUB_TOKEN: $GITHUB_TOKEN" - - name: Terraform Init uses: CSVD/terraform-init@main id: terraform_init From a92252cfaae27f695176687ca371d876f8543069 Mon Sep 17 00:00:00 2001 From: James Farr Gomez Date: Tue, 8 Oct 2024 14:47:31 -0700 Subject: [PATCH 10/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 7aa0c3c..c768343 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -44,6 +44,7 @@ jobs: terraform_init: true env: GITHUB_TOKEN: $GITHUB_TOKEN + NO_PROXY: *.census.gov - name: Terraform Plan uses: CSVD/terraform-plan@main From 9485e44e5bbee6bed5cdc3f9a32e03c7769a93a0 Mon Sep 17 00:00:00 2001 From: James Farr Gomez Date: Tue, 8 Oct 2024 14:48:22 -0700 Subject: [PATCH 11/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index c768343..6179783 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -44,7 +44,7 @@ jobs: terraform_init: true env: GITHUB_TOKEN: $GITHUB_TOKEN - NO_PROXY: *.census.gov + NO_PROXY: "*.census.gov" - name: Terraform Plan uses: CSVD/terraform-plan@main From deba39bab87a33d47e52e6c1df2d6eda72f63d9f Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 17:02:45 -0700 Subject: [PATCH 12/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 6179783..ceb4f16 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -23,6 +23,7 @@ jobs: TF_WORKSPACE: ${{ vars.terraform_workspace }} TF_CLI_ARGS_plan: -lock-timeout=30m TF_CLI_ARGS_apply: -lock-timeout=30m + NO_PROXY: ${{ vars.no_proxy }} # Steps represent a sequence of tasks that will be executed as part of the job steps: From 7e18f90ca0d22e0b60ad874b5b9748ea5b33a6fa Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 17:10:09 -0700 Subject: [PATCH 13/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index ceb4f16..c423d48 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -23,7 +23,7 @@ jobs: TF_WORKSPACE: ${{ vars.terraform_workspace }} TF_CLI_ARGS_plan: -lock-timeout=30m TF_CLI_ARGS_apply: -lock-timeout=30m - NO_PROXY: ${{ vars.no_proxy }} + NO_PROXY: ${{ vars.NO_PROXY }} # Steps represent a sequence of tasks that will be executed as part of the job steps: From 8fec5b56ea29497dd71bbaefbd65b2df72dd30ec Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 8 Oct 2024 17:19:28 -0700 Subject: [PATCH 14/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index c423d48..f8b388d 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -27,6 +27,9 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: + - name: curl github + run: curl https://github.e.it.census.gov + - name: Setup AWS Credentials uses: CSVD/aws-auth@main From 1631b027d1e03343133a2f4902b4412ea7218530 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 11:05:44 -0700 Subject: [PATCH 15/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index f8b388d..6183776 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -13,7 +13,7 @@ jobs: # This workflow contains a single job called "build" Plan: # The type of runner that the job will run on - runs-on: [ "229685449397" ] + runs-on: [ "csvd-ec2" ] env: GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} @@ -27,10 +27,8 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - - name: curl github - run: curl https://github.e.it.census.gov - - name: Setup AWS Credentials + id: aws_auth uses: CSVD/aws-auth@main - name: Setup GITHUB Credentials @@ -49,6 +47,9 @@ jobs: env: GITHUB_TOKEN: $GITHUB_TOKEN NO_PROXY: "*.census.gov" + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} - name: Terraform Plan uses: CSVD/terraform-plan@main @@ -59,3 +60,9 @@ jobs: varfile: varfiles/${{ vars.terraform_workspace }}.tfvars download_cache: true setup_terraform: false + env: + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + GITHUB_TOKEN: $GITHUB_TOKEN + From 848eb8fc9687666cad60eadb8fc142bd618c2a10 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 12:12:22 -0700 Subject: [PATCH 16/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 6183776..32eade0 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -27,9 +27,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - - name: Setup AWS Credentials - id: aws_auth - uses: CSVD/aws-auth@main + - name: Setup GITHUB Credentials id: github_credentials From 9338e6fe574d01401b1e70448028ff28a03fba24 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 12:58:22 -0700 Subject: [PATCH 17/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 32eade0..42265f4 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -27,7 +27,12 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ec2: true + instance_role: Morpheus-InstanceRole - name: Setup GITHUB Credentials id: github_credentials From 4aaf344ca17eccc05b05924203be6e20db987e67 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 13:08:01 -0700 Subject: [PATCH 18/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 42265f4..518443f 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -33,6 +33,10 @@ jobs: with: ec2: true instance_role: Morpheus-InstanceRole + env: + HTTP_PROXY: http://proxy.tco.census.gov:3128 + HTTPS_PROXY: http://proxy.tco.census.gov:3128 + NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" - name: Setup GITHUB Credentials id: github_credentials @@ -49,10 +53,12 @@ jobs: terraform_init: true env: GITHUB_TOKEN: $GITHUB_TOKEN - NO_PROXY: "*.census.gov" AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + HTTP_PROXY: http://proxy.tco.census.gov:3128 + HTTPS_PROXY: http://proxy.tco.census.gov:3128 + NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" - name: Terraform Plan uses: CSVD/terraform-plan@main @@ -68,4 +74,8 @@ jobs: AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} GITHUB_TOKEN: $GITHUB_TOKEN + HTTP_PROXY: http://proxy.tco.census.gov:3128 + HTTPS_PROXY: http://proxy.tco.census.gov:3128 + NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" + From 83280564a7589b0d3541e0524c2ae7219fb7fd5a Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 13:11:04 -0700 Subject: [PATCH 19/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 518443f..689f1b2 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -31,8 +31,7 @@ jobs: id: aws_auth uses: CSVD/aws-auth@main with: - ec2: true - instance_role: Morpheus-InstanceRole + ecs: true env: HTTP_PROXY: http://proxy.tco.census.gov:3128 HTTPS_PROXY: http://proxy.tco.census.gov:3128 From 721ee6ff8cb2def7da5a473f772fc76d066226a0 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 13:17:30 -0700 Subject: [PATCH 20/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 689f1b2..20400ae 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -13,7 +13,7 @@ jobs: # This workflow contains a single job called "build" Plan: # The type of runner that the job will run on - runs-on: [ "csvd-ec2" ] + runs-on: [ "229685449397" ] env: GITHUB_APP_INSTALLATION_ID: ${{ vars.GH_APP_INSTALLATION_ID }} @@ -32,11 +32,7 @@ jobs: uses: CSVD/aws-auth@main with: ecs: true - env: - HTTP_PROXY: http://proxy.tco.census.gov:3128 - HTTPS_PROXY: http://proxy.tco.census.gov:3128 - NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" - + - name: Setup GITHUB Credentials id: github_credentials run: | @@ -55,10 +51,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} - HTTP_PROXY: http://proxy.tco.census.gov:3128 - HTTPS_PROXY: http://proxy.tco.census.gov:3128 - NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" - + - name: Terraform Plan uses: CSVD/terraform-plan@main with: From 7d4d83d67301b93ad5a06c2b893cd0a95629fad5 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 14:21:36 -0700 Subject: [PATCH 21/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 34 +++++++++++++-------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 20400ae..216c9ac 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -52,22 +52,22 @@ jobs: AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} - - name: Terraform Plan - uses: CSVD/terraform-plan@main - with: - terraform_version: "1.9.1" - workspace: ${{ vars.terraform_workspace }} - commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} - varfile: varfiles/${{ vars.terraform_workspace }}.tfvars - download_cache: true - setup_terraform: false - env: - AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} - AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} - AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} - GITHUB_TOKEN: $GITHUB_TOKEN - HTTP_PROXY: http://proxy.tco.census.gov:3128 - HTTPS_PROXY: http://proxy.tco.census.gov:3128 - NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" +# - name: Terraform Plan +# uses: CSVD/terraform-plan@main +# with: +# terraform_version: "1.9.1" +# workspace: ${{ vars.terraform_workspace }} +# commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} +# varfile: varfiles/${{ vars.terraform_workspace }}.tfvars +# download_cache: true +# setup_terraform: false +# env: +# AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} +# AWS_SECRET_ACCESS_KEY: $${{ steps.aws_auth.outputs.aws_secret_access_key }} +# AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} +# GITHUB_TOKEN: $GITHUB_TOKEN +# HTTP_PROXY: http://proxy.tco.census.gov:3128 +# HTTPS_PROXY: http://proxy.tco.census.gov:3128 +# NO_PROXY: ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com" From 3ff2b09203cdab0f78e4980ba343190a32ab7443 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 9 Oct 2024 15:50:50 -0700 Subject: [PATCH 22/22] Update terraform_plan.yaml --- .github/workflows/terraform_plan.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 216c9ac..fb864b0 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -27,6 +27,11 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: + - uses: CSVD/gh-actions-checkout@v4 + id: checkout + with: + persist-credentials: false + - name: AWS Auth id: aws_auth uses: CSVD/aws-auth@main @@ -42,6 +47,7 @@ jobs: uses: CSVD/terraform-init@main id: terraform_init with: + commit_sha: ${{ steps.checkout.outputs.commit }} terraform_version: "1.9.1" workspace: ${{ vars.terraform_workspace }} setup_terraform: true