Add .github/workflows/terraform-apply-dev.yml #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dev - Terraform Apply | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| concurrency: | |
| group: aws-image-pipeline-dev | |
| cancel-in-progress: false | |
| permissions: write-all | |
| jobs: | |
| Auth: | |
| runs-on: ["self-hosted"] | |
| outputs: | |
| aws_access_key_id: ${{ steps.aws_auth.outputs.aws_access_key_id }} | |
| aws_secret_access_key: ${{ steps.aws_auth.outputs.aws_secret_access_key }} | |
| aws_session_token: ${{ steps.aws_auth.outputs.aws_session_token }} | |
| steps: | |
| - name: AWS Auth | |
| id: aws_auth | |
| uses: CSVD/aws-auth@main | |
| with: | |
| ecs: true | |
| Plan: | |
| runs-on: ["229685449397"] | |
| needs: Auth | |
| outputs: | |
| commit_sha: ${{ steps.git_show.outputs.commit_sha }} | |
| cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }} | |
| github_token: ${{ steps.github_credentials.outputs.github_token }} | |
| pending_changes: ${{ steps.terraform_plan.outputs.pending_changes }} | |
| steps: | |
| - uses: CSVD/gh-actions-checkout@v4 | |
| id: checkout | |
| with: | |
| persist-credentials: false | |
| - name: git show | |
| id: git_show | |
| run: | | |
| echo "commit_sha=$(git show | grep commit | head -1 | awk '{ print $NF }')" >> $GITHUB_ENV | |
| echo "commit_sha=$(git show | grep commit | head -1 | awk '{ print $NF }')" >> $GITHUB_OUTPUT | |
| - name: Setup GITHUB Credentials | |
| id: github_credentials | |
| uses: CSVD/gh-auth@main | |
| with: | |
| github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} | |
| github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} | |
| github_base_url: "${{ github.server_url }}/" | |
| - name: Terraform Init | |
| uses: CSVD/terraform-init@main | |
| id: terraform_init | |
| with: | |
| commit_sha: ${{ env.commit_sha }} | |
| checkout: false | |
| terraform_version: ${{ vars.terraform_version }} | |
| workspace: dev | |
| backend_config: backend-configs/dev.tf | |
| setup_terraform: true | |
| terraform_init: true | |
| cache_bucket: image-pipeline-assets | |
| env: | |
| GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} | |
| AWS_ACCESS_KEY_ID: ${{ needs.Auth.outputs.aws_access_key_id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ needs.Auth.outputs.aws_secret_access_key }} | |
| AWS_SESSION_TOKEN: ${{ needs.Auth.outputs.aws_session_token }} | |
| - name: Terraform Plan | |
| id: terraform_plan | |
| uses: CSVD/terraform-plan@main | |
| with: | |
| terraform_version: ${{ vars.terraform_version }} | |
| workspace: dev | |
| commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} | |
| varfile: varfiles/dev.tfvars | |
| download_cache: true | |
| setup_terraform: false | |
| cache_bucket: image-pipeline-assets | |
| cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ needs.Auth.outputs.aws_access_key_id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ needs.Auth.outputs.aws_secret_access_key }} | |
| AWS_SESSION_TOKEN: ${{ needs.Auth.outputs.aws_session_token }} | |
| GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} | |
| GITHUB_OWNER: ${{ github.repository_owner }} | |
| GITHUB_BASE_URL: "${{ github.server_url }}/" | |
| HTTP_PROXY: ${{ vars.http_proxy }} | |
| HTTPS_PROXY: ${{ vars.https_proxy}} | |
| NO_PROXY: ${{ vars.no_proxy}} | |
| - name: cleanup s3 | |
| if: ${{ failure() }} | |
| id: s3_cleanup | |
| uses: CSVD/s3-cleanup@main | |
| with: | |
| cache_bucket: image-pipeline-assets | |
| cache_key: ${{ needs.Plan.outputs.cache_key }} | |
| Apply: | |
| # The type of runner that the job will run on | |
| runs-on: ["229685449397"] | |
| needs: [Plan, Auth] | |
| environment: dev | |
| steps: | |
| - name: AWS Auth | |
| id: aws_auth | |
| uses: CSVD/aws-auth@main | |
| with: | |
| ecs: true | |
| - name: Setup GITHUB Credentials | |
| id: github_credentials | |
| uses: CSVD/gh-auth@main | |
| with: | |
| github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} | |
| github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} | |
| github_base_url: "${{ github.server_url }}/" | |
| - name: Terraform Apply | |
| uses: CSVD/terraform-apply@main | |
| with: | |
| terraform_version: ${{ vars.terraform_version }} | |
| workspace: dev | |
| commit_sha: ${{ needs.Plan.outputs.commit_sha }} | |
| download_cache: true | |
| setup_terraform: true | |
| terraform_wrapper: false | |
| cache_bucket: image-pipeline-assets | |
| cache_key: ${{ needs.Plan.outputs.cache_key }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ needs.Auth.outputs.aws_access_key_id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ needs.Auth.outputs.aws_secret_access_key }} | |
| AWS_SESSION_TOKEN: ${{ needs.Auth.outputs.aws_session_token }} | |
| GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} | |
| GITHUB_OWNER: ${{ github.repository_owner }} | |
| GITHUB_BASE_URL: "${{ github.server_url }}/" | |
| HTTP_PROXY: ${{ vars.http_proxy }} | |
| HTTPS_PROXY: ${{ vars.https_proxy}} | |
| NO_PROXY: ${{ vars.no_proxy}} | |
| - name: cleanup s3 | |
| if: ${{ always() }} | |
| id: s3_cleanup | |
| uses: CSVD/s3-cleanup@main | |
| with: | |
| cache_bucket: image-pipeline-assets | |
| cache_key: ${{ needs.Plan.outputs.cache_key }} | |