From f6cfd9ca984487770bcbd7d5bd70a15dc94ade66 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 14 Aug 2024 15:19:53 -0700 Subject: [PATCH 1/7] migrating linux pipeline to s3 source (#7) * migrating linux pipeline to s3 source * terraform fmt --------- Co-authored-by: arnol377 --- linux.tf | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/linux.tf b/linux.tf index 68c49c7..a248f92 100644 --- a/linux.tf +++ b/linux.tf @@ -11,7 +11,6 @@ module "amazon_linux" { create_new_role = true create_vpc_endpoint = true ssh_user = "ec2-user" - playbook = "hello-world.yaml" terraform_version = "1.8.5" build_permissions_iam_doc = data.aws_iam_policy_document.s3_access build_environment_variables = [ @@ -27,8 +26,17 @@ module "amazon_linux" { name = aws_s3_bucket.assets_bucket.bucket key = "linux-image-pipeline.zip" } - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss + ansible_source_type = "S3" + ansible_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-ansible-playbooks.zip" + } + playbook = "hello-world.yaml" + goss_source_type = "S3" + goss_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "image-pipeline-goss-testing.zip" + } goss_profile = "base-test" state = local.state_config vpc_config = local.vpc_config From ff36a244cdd23133786f232be36b762a1bb044e3 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Wed, 14 Aug 2024 15:29:16 -0700 Subject: [PATCH 2/7] Delete terraform-apply.yml --- .github/workflows/terraform-apply.yml | 61 --------------------------- 1 file changed, 61 deletions(-) delete mode 100644 .github/workflows/terraform-apply.yml diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml deleted file mode 100644 index 8b2c3b1..0000000 --- a/.github/workflows/terraform-apply.yml +++ /dev/null @@ -1,61 +0,0 @@ -# This is a basic workflow to help you get started with Actions - -name: Terraform Apply - -# Controls when the workflow will run -on: - # Triggers the workflow on push or pull request events but only for the "main" branch - push: - branches: [ "main" ] - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: [ aws-image-pipeline ] - env: - AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" - AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" - - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 - - - - uses: CSVD/gh-actions-setup-node@v3 - with: - node-version: 16 - - - uses: CSVD/gh-actions-setup-terraform@v2 - with: - terraform_wrapper: false - terraform_version: "1.9.1" - - - name: Terraform Format - id: fmt - run: | - terraform fmt -check - - - name: Autoformat Halt - if: env.auto_format == 'true' - run: exit 1 - - - name: Terraform Init - id: init - run: terraform init -upgrade - - - name: Terraform Validate - id: validate - run: terraform validate - - - name: Terraform Apply - id: apply - run: terraform apply -auto-approve - continue-on-error: true - From c50a73a1ac4493ca738edee083c7a567c8cd96b7 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 15 Aug 2024 09:29:11 -0700 Subject: [PATCH 3/7] Add .github/workflows/terraform-apply.yaml --- .github/workflows/terraform-apply.yaml | 59 -------------------------- 1 file changed, 59 deletions(-) delete mode 100644 .github/workflows/terraform-apply.yaml diff --git a/.github/workflows/terraform-apply.yaml b/.github/workflows/terraform-apply.yaml deleted file mode 100644 index 73b670e..0000000 --- a/.github/workflows/terraform-apply.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# This is a basic workflow to help you get started with Actions -name: Terraform Apply - -# Controls when the workflow will run -on: - # Triggers the workflow on push or pull request events but only for the "main" branch - push: - branches: [ "main" ] - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: [ aws-image-pipeline ] - env: - AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" - AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" - - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 - - - - uses: CSVD/gh-actions-setup-node@v3 - with: - node-version: 16 - - - uses: CSVD/gh-actions-setup-terraform@v2 - with: - terraform_wrapper: false - terraform_version: ${{ vars.terraform_version }} - - - name: Terraform Format - id: fmt - run: | - terraform fmt -check - - - name: Autoformat Halt - if: env.auto_format == 'true' - run: exit 1 - - - name: Terraform Init - id: init - run: terraform init -upgrade - - - name: Terraform Validate - id: validate - run: terraform validate - - - name: Terraform Apply - id: apply - run: terraform apply -auto-approve - continue-on-error: true From 3400e35579bc9c8f0aaf3e496903186267062b10 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 15 Aug 2024 09:29:16 -0700 Subject: [PATCH 4/7] Add .github/workflows/terraform-plan.yaml --- .github/workflows/terraform-plan.yaml | 58 --------------------------- 1 file changed, 58 deletions(-) delete mode 100644 .github/workflows/terraform-plan.yaml diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml deleted file mode 100644 index d6b7387..0000000 --- a/.github/workflows/terraform-plan.yaml +++ /dev/null @@ -1,58 +0,0 @@ - -# This is a basic workflow to help you get started with Actions - -name: Terraform Plan - - -# Controls when the workflow will run -on: - pull_request: - -# A workflow run is made up of one or more jobs that can run sequentially or in parallel -jobs: - # This workflow contains a single job called "build" - build: - # The type of runner that the job will run on - runs-on: [ aws-image-pipeline ] - env: - AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" - AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" - - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 - - - - uses: CSVD/gh-actions-setup-node@v3 - with: - node-version: 16 - - - uses: CSVD/gh-actions-setup-terraform@v2 - with: - terraform_wrapper: false - terraform_version: ${{ vars.terraform_version }} - - - name: Terraform Format - id: fmt - run: | - terraform fmt -check - - - name: Autoformat Halt - if: env.auto_format == 'true' - run: exit 1 - - - name: Terraform Init - id: init - run: terraform init -upgrade - - - name: Terraform Validate - id: validate - run: terraform validate - - - name: Terraform Plan - id: plan - run: terraform plan - continue-on-error: true From bb2c94c9557ac67bd1d74a8b6a1b0e7b14eb7f55 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 15 Aug 2024 09:29:24 -0700 Subject: [PATCH 5/7] Add .github/workflows/terraform-apply.yaml --- .github/workflows/terraform-apply.yaml | 63 ++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/workflows/terraform-apply.yaml diff --git a/.github/workflows/terraform-apply.yaml b/.github/workflows/terraform-apply.yaml new file mode 100644 index 0000000..4ce33c8 --- /dev/null +++ b/.github/workflows/terraform-apply.yaml @@ -0,0 +1,63 @@ +# This is a basic workflow to help you get started with Actions +name: Terraform Apply + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + push: + branches: [ "main" ] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: [ aws-image-pipeline ] + env: + AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" + AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" + + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + + + - uses: CSVD/gh-actions-setup-node@v3 + with: + node-version: 16 + + - uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: ${{ vars.terraform_version }} + + - name: Terraform Format + id: fmt + + run: | + terraform fmt -check + + - name: Autoformat Halt + if: env.auto_format == 'true' + + run: exit 1 + + - name: Terraform Init + id: init + + run: terraform init -upgrade + + - name: Terraform Validate + id: validate + + run: terraform validate + + - name: Terraform Apply + id: apply + + run: terraform apply -auto-approve + continue-on-error: true From e4a079edc8bc560a6dc04975519121bdcbbcb6f0 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 15 Aug 2024 09:29:27 -0700 Subject: [PATCH 6/7] Add .github/workflows/terraform-plan.yaml --- .github/workflows/terraform-plan.yaml | 116 ++++++++++++++++++++++++++ 1 file changed, 116 insertions(+) create mode 100644 .github/workflows/terraform-plan.yaml diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml new file mode 100644 index 0000000..fe73ab4 --- /dev/null +++ b/.github/workflows/terraform-plan.yaml @@ -0,0 +1,116 @@ + +# This is a basic workflow to help you get started with Actions + +name: Terraform Plan + + +# Controls when the workflow will run +on: + pull_request: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: [ aws-image-pipeline ] + env: + AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" + AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" + + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + + + - uses: CSVD/gh-actions-setup-node@v3 + with: + node-version: 16 + + - uses: CSVD/gh-actions-setup-terraform@v2 + with: + terraform_version: ${{ vars.terraform_version }} + + - name: Terraform Format + id: fmt + continue-on-error: true + + run: | + terraform fmt -check + + - name: Terraform Init + id: init + + run: terraform init -upgrade + + - name: Terraform Validate + id: validate + + run: terraform validate + + - name: Terraform Plan + id: plan + + run: terraform plan + continue-on-error: true + + - uses: actions/github-script@v7 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GH_TOKEN }} + script: | + // 1. Retrieve existing bot comments for the PR + const { data: comments } = await github.rest.issues.listComments({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + }) + const botComment = comments.find(comment => { + return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style') + }) + + // 2. Prepare format of the comment + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` +
Validation Output + + \`\`\`\n + ${{ steps.validate.outputs.stdout }} + \`\`\` + +
+ + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + // 3. If we have a comment, update it, otherwise create a new one + if (botComment) { + github.rest.issues.updateComment({ + owner: context.repo.owner, + repo: context.repo.repo, + comment_id: botComment.id, + body: output + }) + } else { + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + } \ No newline at end of file From de6f1841cef6af720ca071002e238ef6e007b216 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Thu, 15 Aug 2024 13:04:24 -0700 Subject: [PATCH 7/7] Update .github/workflows/terraform-plan.yaml --- .github/workflows/terraform-plan.yaml | 81 +++++++++------------------ 1 file changed, 27 insertions(+), 54 deletions(-) diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml index fe73ab4..1e87682 100644 --- a/.github/workflows/terraform-plan.yaml +++ b/.github/workflows/terraform-plan.yaml @@ -24,7 +24,9 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v3 - + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.GH_TOKEN }} - uses: CSVD/gh-actions-setup-node@v3 with: @@ -33,13 +35,22 @@ jobs: - uses: CSVD/gh-actions-setup-terraform@v2 with: terraform_version: ${{ vars.terraform_version }} - + - name: Terraform Format id: fmt - continue-on-error: true - run: | - terraform fmt -check + terraform fmt + if ! git diff-index --quiet HEAD; then + git config --global user.name 'arnol377' + git config --global user.email 'david.j.arnold.jr@census.gov' + git commit -am "Autoformatting TF Code" + git push + echo "auto_format=true" >> $GITHUB_ENV + fi + + - name: Autoformat Halt + if: env.auto_format == 'true' + run: exit 0 - name: Terraform Init id: init @@ -57,60 +68,22 @@ jobs: run: terraform plan continue-on-error: true - - uses: actions/github-script@v7 + - name: Update Pull Request + uses: CSVD/gh-actions-github-script@v6 if: github.event_name == 'pull_request' - env: - PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" with: github-token: ${{ secrets.GH_TOKEN }} script: | - // 1. Retrieve existing bot comments for the PR - const { data: comments } = await github.rest.issues.listComments({ - owner: context.repo.owner, - repo: context.repo.repo, - issue_number: context.issue.number, - }) - const botComment = comments.find(comment => { - return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style') - }) - - // 2. Prepare format of the comment const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` -
Validation Output + #### Terraform Plan: + ${{ steps.plan.outcome }} + *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; - \`\`\`\n - ${{ steps.validate.outputs.stdout }} - \`\`\` - -
- - #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` - -
Show Plan - - \`\`\`\n - ${process.env.PLAN} - \`\`\` - -
- - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; - - // 3. If we have a comment, update it, otherwise create a new one - if (botComment) { - github.rest.issues.updateComment({ - owner: context.repo.owner, - repo: context.repo.repo, - comment_id: botComment.id, - body: output - }) - } else { - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) - } \ No newline at end of file + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + })