From 1954e81b9adaab0ac2292218a33708abb718a91b Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 17 Dec 2024 15:16:12 -0800 Subject: [PATCH] Add .github/workflows/terraform-plan-dev.yml --- .github/workflows/terraform-plan-dev.yml | 104 +++++++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 .github/workflows/terraform-plan-dev.yml diff --git a/.github/workflows/terraform-plan-dev.yml b/.github/workflows/terraform-plan-dev.yml new file mode 100644 index 0000000..2a17f1b --- /dev/null +++ b/.github/workflows/terraform-plan-dev.yml @@ -0,0 +1,104 @@ +name: Dev - Terraform Plan + +on: + pull_request: + branches: + - main + workflow_dispatch: + +concurrency: + group: aws-image-pipeline-dev + cancel-in-progress: false + +permissions: write-all + +jobs: + Auth: + runs-on: ["self-hosted"] + + outputs: + aws_access_key_id: ${{ steps.aws_auth.outputs.aws_access_key_id }} + aws_secret_access_key: ${{ steps.aws_auth.outputs.aws_secret_access_key }} + aws_session_token: ${{ steps.aws_auth.outputs.aws_session_token }} + + steps: + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + Plan: + runs-on: ["229685449397"] + needs: Auth + steps: + - uses: CSVD/gh-actions-checkout@v4 + id: checkout + with: + persist-credentials: false + + - name: git show + run: echo "commit_sha=$(git show | grep commit | head -1 | awk '{ print $NF }')" >> $GITHUB_ENV + + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_base_url: "${{ github.server_url }}/" + + - name: Terraform Init + uses: CSVD/terraform-init@main + id: terraform_init + with: + commit_sha: ${{ env.commit_sha }} + checkout: false + terraform_version: ${{ vars.terraform_version }} + workspace: dev + setup_terraform: true + terraform_init: true + backend_config: backend-configs/dev.tf + cache_bucket: image-pipeline-assets + env: + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} + AWS_ACCESS_KEY_ID: ${{ needs.Auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: ${{ needs.Auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ needs.Auth.outputs.aws_session_token }} + + - name: Terraform Plan + uses: CSVD/terraform-plan@main + with: + terraform_version: ${{ vars.terraform_version }} + workspace: dev + commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} + varfile: varfiles/dev.tfvars + setup_terraform: false + download_cache: true + cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }} + cache_bucket: image-pipeline-assets + env: + AWS_ACCESS_KEY_ID: ${{ needs.Auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: ${{ needs.Auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ needs.Auth.outputs.aws_session_token }} + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} + GITHUB_OWNER: ${{ github.repository_owner }} + GITHUB_BASE_URL: "${{ github.server_url }}/" + HTTP_PROXY: ${{ vars.http_proxy }} + HTTPS_PROXY: ${{ vars.https_proxy}} + NO_PROXY: ${{ vars.no_proxy}} + + + + - name: cleanup s3 + if: ${{ always() }} + id: s3_cleanup + uses: CSVD/s3-cleanup@main + with: + cache_bucket: image-pipeline-assets + cache_key: ${{ needs.Plan.outputs.cache_key }}