From caa911bc53777d50ca20f2c5156f936f72b06bfc Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Tue, 17 Dec 2024 16:13:36 -0800 Subject: [PATCH] Add .github/workflows/terraform-apply-csvd-dev-ew.yml --- .../workflows/terraform-apply-csvd-dev-ew.yml | 156 ++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 .github/workflows/terraform-apply-csvd-dev-ew.yml diff --git a/.github/workflows/terraform-apply-csvd-dev-ew.yml b/.github/workflows/terraform-apply-csvd-dev-ew.yml new file mode 100644 index 0000000..f3f1491 --- /dev/null +++ b/.github/workflows/terraform-apply-csvd-dev-ew.yml @@ -0,0 +1,156 @@ +name: Csvd-Dev-Ew - Terraform Apply + +on: + push: + branches: + - main + workflow_dispatch: + +concurrency: + group: aws-image-pipeline-csvd-dev-ew + cancel-in-progress: false + +permissions: write-all + +jobs: + Plan: + runs-on: ["iebcloud"] + + outputs: + commit_sha: ${{ steps.git_show.outputs.commit_sha }} + cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }} + github_token: ${{ steps.github_credentials.outputs.github_token }} + aws_access_key_id: ${{ steps.aws_auth.outputs.aws_access_key_id }} + aws_secret_access_key: ${{ steps.aws_auth.outputs.aws_secret_access_key }} + aws_session_token: ${{ steps.aws_auth.outputs.aws_session_token }} + pending_changes: ${{ steps.terraform_plan.outputs.pending_changes }} + + steps: + - uses: CSVD/gh-actions-checkout@v4 + id: checkout + with: + persist-credentials: false + + - name: git show + id: git_show + run: | + echo "commit_sha=$(git show | grep commit | head -1 | awk '{ print $NF }')" >> $GITHUB_ENV + echo "commit_sha=$(git show | grep commit | head -1 | awk '{ print $NF }')" >> $GITHUB_OUTPUT + + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_base_url: "${{ github.server_url }}/" + + - name: Terraform Init + uses: CSVD/terraform-init@main + id: terraform_init + with: + commit_sha: ${{ env.commit_sha }} + checkout: false + terraform_version: ${{ vars.terraform_version }} + workspace: csvd-dev-ew + backend_config: backend-configs/csvd-dev-ew.tf + setup_terraform: true + terraform_init: true + cache_bucket: image-pipeline-assets + env: + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + + - name: Terraform Plan + id: terraform_plan + uses: CSVD/terraform-plan@main + with: + terraform_version: ${{ vars.terraform_version }} + workspace: csvd-dev-ew + commit_sha: ${{ steps.terraform_init.outputs.commit_sha }} + varfile: varfiles/csvd-dev-ew.tfvars + download_cache: true + setup_terraform: false + cache_bucket: image-pipeline-assets + cache_key: ${{ steps.terraform_init.outputs.s3_upload_path }} + env: + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} + GITHUB_OWNER: ${{ github.repository_owner }} + GITHUB_BASE_URL: "${{ github.server_url }}/" + HTTP_PROXY: ${{ vars.http_proxy }} + HTTPS_PROXY: ${{ vars.https_proxy}} + NO_PROXY: ${{ vars.no_proxy}} + + + + - name: cleanup s3 + if: ${{ failure() }} + id: s3_cleanup + uses: CSVD/s3-cleanup@main + with: + cache_bucket: image-pipeline-assets + cache_key: ${{ needs.Plan.outputs.cache_key }} + + + Apply: + # The type of runner that the job will run on + runs-on: ["iebcloud"] + needs: Plan + environment: csvd-dev-ew + steps: + - name: AWS Auth + id: aws_auth + uses: CSVD/aws-auth@main + with: + ecs: true + + - name: Setup GITHUB Credentials + id: github_credentials + uses: CSVD/gh-auth@main + with: + github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }} + github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }} + github_base_url: "${{ github.server_url }}/" + + - name: Terraform Apply + uses: CSVD/terraform-apply@main + with: + terraform_version: ${{ vars.terraform_version }} + workspace: csvd-dev-ew + commit_sha: ${{ needs.Plan.outputs.commit_sha }} + download_cache: true + setup_terraform: true + terraform_wrapper: false + cache_bucket: image-pipeline-assets + cache_key: ${{ needs.Plan.outputs.cache_key }} + env: + AWS_ACCESS_KEY_ID: ${{ steps.aws_auth.outputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws_auth.outputs.aws_secret_access_key }} + AWS_SESSION_TOKEN: ${{ steps.aws_auth.outputs.aws_session_token }} + GITHUB_TOKEN: ${{ steps.github_credentials.outputs.github_token }} + GITHUB_OWNER: ${{ github.repository_owner }} + GITHUB_BASE_URL: "${{ github.server_url }}/" + HTTP_PROXY: ${{ vars.http_proxy }} + HTTPS_PROXY: ${{ vars.https_proxy}} + NO_PROXY: ${{ vars.no_proxy}} + + - name: cleanup s3 + if: ${{ always() }} + id: s3_cleanup + uses: CSVD/s3-cleanup@main + with: + cache_bucket: image-pipeline-assets + cache_key: ${{ needs.Plan.outputs.cache_key }} + +