From 1ac292f73b4bf58425aa2e941d9884ceeaaf2cf9 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Wed, 7 Aug 2024 13:52:27 -0400 Subject: [PATCH 1/7] working on migrating repos to s3 objects --- .terraform.lock.hcl | 32 ++++++++++++++++---------------- main.tf | 16 ++++++++++------ 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl index 1ccf9ff..dad4962 100644 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,25 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.58.0" + version = "5.61.0" constraints = ">= 4.20.1" hashes = [ - "h1:6vsFc7SmmlElqg3k0X6azrO0yarM7UPCUF4XsAYryjA=", - "zh:15e9be54a8febe8e560362b10967cb60b680ca3f78fe207d7209b76e076f59d3", - "zh:240f6899a2cec259aa2729ce031f6af2b453f90a8b59118bb2571c54acc65db8", - "zh:2b6e8e2ab1a3dce1001503dba6086a128bb2a71652b0d0b3b107db665b7d6881", - "zh:579b0ed95247a0bd8bfb3fac7fb767547dde76026c578f4f184b5743af5e32cc", - "zh:6adcd10fd12be0be9eb78a89e745a5b77ae0d8b3522cd782456a71178aad8ccb", - "zh:7f829cef82f0a02faa97d0fbe1417a40b73fc5142e883b12eebc5b71015efac9", - "zh:81977f001998c9096f7b59710996e159774a9313c1bc03db3beb81c3e016ebef", + "h1:VE5N7OZPW6/SRMTWX5JZ9XDMcwvs9GhUtSzhVG7DLIg=", + "zh:1a0a150b6adaeacc8f56763182e76c6219ac67de1217b269d24b770067b7bab0", + "zh:1d9c3a8ac3934a147569254d6e2e6ea5293974d0595c02c9e1aa31499a8f0042", + "zh:1f4d1d5e2e02fd5cccafa28dade8735a3059ed1ca3284fb40116cdb67d0e7ee4", + "zh:26be6f759bded469de477f54c7eb7a9ca9f137a3b52f9fd26cbd864f16973912", + "zh:276e308ae7aa281fe24f7275673aa05f00cb830b83c2b9797f9aa55f10769c52", + "zh:45c09beeadb4269d518de0bd341cbe9f061157ab54c543d39168ecefff40bbe2", + "zh:58fb5ef076dc63e284ce28b47b7cc35a17d2596f11e2373fe568c6140277e9d8", + "zh:64d51cc1ad412379f64b75883a881a5d682a8e9737ad14479f6a2d62e77f7dbe", + "zh:71e2e332317cf095288d65a801e95b65fd696204997b2db5250862d6c5669518", + "zh:9864014aa4716b5bfb3b27d009f158dd6a67c215fd0dfbe3a5d1a7cee72c5677", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a5d98ac6fab6e6c85164ca7dd38f94a1e44bd70c0e8354c61f7fbabf698957cd", - "zh:c27fa4fed50f6f83ca911bef04f05d635a7b7a01a89dc8fc5d66a277588f08df", - "zh:d4042bdf86ca6dc10e0cca91c4fcc592b12572d26185b3d37bbbb9e2026ac68b", - "zh:d536482cf4ace0d49a2a86c931150921649beae59337d0c02a785879fe943cf3", - "zh:e205f8243274a621fb9ef2b5e2c71e84c1670be1d23697739439f5a831fa620f", - "zh:eb76ce0c77fd76c47f57122c91c4fcf0f72c01423538ed7833eaa7eeaae2edf6", - "zh:ffe04e494af6cc7348ceb8d85f4c1d5a847a44510827b4496513c810a4d9196d", + "zh:d8bf9ba43bd938faab37d8fb515c32a905d6dace60f5ff2663b06ffdc89a62e9", + "zh:e654be9d3980e7cc70f9825fe0d0205e254edd87832f18b2d7f9c72b09b776cd", + "zh:ee5ce6fbe75be3e90cabba3fad76fcfde50ab795e523b4ee917cfe8ba8ad42fe", + "zh:ef12098e7b3ddf9ab286bb209de87dfa8e52106049ced0841e3e6487dbff3659", ] } diff --git a/main.tf b/main.tf index 0fceefc..cacf1f5 100644 --- a/main.tf +++ b/main.tf @@ -89,12 +89,17 @@ data "aws_codecommit_repository" "goss" { repository_name = "image-pipeline-goss-testing" } +data "aws_codecommit_repository" "windows" { + repository_name = "windows-image-pipeline" +} + +data "aws_codecommit_repository" "linux" { + repository_name = "linux-image-pipeline" +} module "main" { source = "HappyPathway/image-pipeline/aws" project_name = local.project_name - source_repo_name = local.source_repo - source_repo_branch = "main" builder_image = "aws/codebuild/standard:7.0" create_new_repo = false create_new_role = true @@ -111,6 +116,7 @@ module "main" { type = "PLAINTEXT" } ] + packer_repo = data.aws_codecommit_repository.linux ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss goss_profile = "base-test" @@ -123,8 +129,6 @@ module "main" { module "rhel" { source = "HappyPathway/image-pipeline/aws" project_name = "rhel-image-pipeline-demo" - source_repo_name = local.source_repo - source_repo_branch = "main" builder_image = "aws/codebuild/standard:7.0" create_new_repo = false create_new_role = true @@ -141,6 +145,7 @@ module "rhel" { type = "PLAINTEXT" } ] + packer_repo = data.aws_codecommit_repository.linux ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss goss_profile = "rhel-base-test" @@ -164,8 +169,6 @@ output "password" { module "windows" { source = "HappyPathway/image-pipeline/aws" project_name = "windows-image-pipeline-demo" - source_repo_name = "windows-image-pipeline" - source_repo_branch = "main" builder_image = "aws/codebuild/standard:7.0" create_new_repo = false create_new_role = true @@ -184,6 +187,7 @@ module "windows" { type = "PLAINTEXT" } ] + packer_repo = data.aws_codecommit_repository.windows ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss goss_profile = "windows-base-test" From c74f913f67030ffa286771ea943f05e329128f52 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Wed, 7 Aug 2024 12:01:47 -0700 Subject: [PATCH 2/7] Update code to migrate repositories to S3 objects --- data.tf | 15 +++++ linux.tf | 42 +++++++++++++ locals.tf | 36 +++++++++++ main.tf | 175 +---------------------------------------------------- rhel.tf | 42 +++++++++++++ windows.tf | 53 ++++++++++++++++ 6 files changed, 191 insertions(+), 172 deletions(-) create mode 100644 data.tf create mode 100644 linux.tf create mode 100644 locals.tf create mode 100644 rhel.tf create mode 100644 windows.tf diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..895f3b8 --- /dev/null +++ b/data.tf @@ -0,0 +1,15 @@ +data "aws_codecommit_repository" "ansible" { + repository_name = "image-pipeline-ansible-playbooks" +} + +data "aws_codecommit_repository" "goss" { + repository_name = "image-pipeline-goss-testing" +} + +data "aws_codecommit_repository" "windows" { + repository_name = "windows-image-pipeline" +} + +data "aws_codecommit_repository" "linux" { + repository_name = "linux-image-pipeline" +} \ No newline at end of file diff --git a/linux.tf b/linux.tf new file mode 100644 index 0000000..6cff4e7 --- /dev/null +++ b/linux.tf @@ -0,0 +1,42 @@ + +module "amazon_linux" { + source = "HappyPathway/image-pipeline/aws" + project_name = "linux-image-pipeline" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = true + ssh_user = "ec2-user" + playbook = "hello-world.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : + { + name = proxy_var, + value = lookup(local.proxy_env_vars, proxy_var), + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.linux + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" + instance_type = "t2.micro" +} + +output "linux_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "linux_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "linux_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..6c28027 --- /dev/null +++ b/locals.tf @@ -0,0 +1,36 @@ +locals { + proxy_env_vars = { + HTTP_PROXY = "http://proxy.tco.census.gov:3128" + NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" + HTTPS_PROXY = "http://proxy.tco.census.gov:3128" + } + source_repo = "linux-image-pipeline" + environment = "dev" + _vpc_config = { + vpc_id = "vpc-00576a396ec570b94" + region = "us-gov-west-1" + security_group_ids = [ + "sg-0d828d223df9834a6" + ] + subnets = [ + # "subnet-0b1992a84536c581b" + "subnet-062189d742937204e" + ] + } + vpc_config = merge( + local._vpc_config, + { + security_group_ids = concat( + local._vpc_config.security_group_ids, + [ + aws_security_group.allow_amznlinux_cdn.id + ]) + } + ) + state_config = { + bucket = aws_s3_bucket.state_bucket.bucket + key = "terraform.tfstate" + region = local.vpc_config.region + dynamodb_table = "tf_remote_state" + } +} \ No newline at end of file diff --git a/main.tf b/main.tf index cacf1f5..fac9b5d 100644 --- a/main.tf +++ b/main.tf @@ -1,41 +1,3 @@ -locals { - proxy_env_vars = { - HTTP_PROXY = "http://proxy.tco.census.gov:3128" - NO_PROXY = ".census.gov,169.254.169.254,148.129.*,10.*,172.18.*,172.22.*,172.23.*,172.24.*,172.25.*,.eks.amazonaws.com,.s3.amazonaws.com,.amazonaws.com,.gcr.io,.pkg.dev,${local._vpc_config.region}.compute.internal,.${local._vpc_config.region}.compute.internal" - HTTPS_PROXY = "http://proxy.tco.census.gov:3128" - } - source_repo = "linux-image-pipeline" - project_name = "linux-image-pipeline" - environment = "dev" - _vpc_config = { - vpc_id = "vpc-00576a396ec570b94" - region = "us-gov-west-1" - security_group_ids = [ - "sg-0d828d223df9834a6" - ] - subnets = [ - # "subnet-0b1992a84536c581b" - "subnet-062189d742937204e" - ] - } - vpc_config = merge( - local._vpc_config, - { - security_group_ids = concat( - local._vpc_config.security_group_ids, - [ - aws_security_group.allow_amznlinux_cdn.id - ]) - } - ) - state_config = { - bucket = aws_s3_bucket.state_bucket.bucket - key = "terraform.tfstate" - region = local.vpc_config.region - dynamodb_table = "tf_remote_state" - } -} - resource "random_uuid" "random" {} resource "aws_s3_bucket" "state_bucket" { @@ -76,138 +38,7 @@ resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" { } resource "aws_vpc_security_group_ingress_rule" "allow_all_between_self" { - security_group_id = aws_security_group.allow_amznlinux_cdn.id - ip_protocol = "-1" - referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id -} - -data "aws_codecommit_repository" "ansible" { - repository_name = "image-pipeline-ansible-playbooks" -} - -data "aws_codecommit_repository" "goss" { - repository_name = "image-pipeline-goss-testing" -} - -data "aws_codecommit_repository" "windows" { - repository_name = "windows-image-pipeline" -} - -data "aws_codecommit_repository" "linux" { - repository_name = "linux-image-pipeline" -} - -module "main" { - source = "HappyPathway/image-pipeline/aws" - project_name = local.project_name - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = true - ssh_user = "ec2-user" - playbook = "hello-world.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : - { - name=proxy_var, - value=lookup(local.proxy_env_vars, proxy_var), - type = "PLAINTEXT" - } - ] - packer_repo = data.aws_codecommit_repository.linux - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" - instance_type = "t2.micro" -} - -module "rhel" { - source = "HappyPathway/image-pipeline/aws" - project_name = "rhel-image-pipeline-demo" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - create_vpc_endpoint = false - ssh_user = "ec2-user" - playbook = "rhel-arm-baseline.yaml" - terraform_version = "1.8.5" - troubleshoot = true - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - packer_repo = data.aws_codecommit_repository.linux - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "rhel-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI - instance_type = "t3.micro" # x86_64 compatible instance type -} - -resource "random_password" "winrm" { - length = 24 - override_special = "$*!" - special = true -} - -output "password" { - value = nonsensitive(random_password.winrm.result) -} - - -module "windows" { - source = "HappyPathway/image-pipeline/aws" - project_name = "windows-image-pipeline-demo" - builder_image = "aws/codebuild/standard:7.0" - create_new_repo = false - create_new_role = true - playbook = "windows-baseline.yaml" - terraform_version = "1.8.5" - build_permissions_iam_doc = data.aws_iam_policy_document.s3_access - winrm_credentials = { - username = "Administrator" - password = random_password.winrm.result - } - userdata = "userdata/winrm.ps1" - build_environment_variables = [ - for proxy_var in keys(local.proxy_env_vars) : { - name = proxy_var - value = lookup(local.proxy_env_vars, proxy_var) - type = "PLAINTEXT" - } - ] - packer_repo = data.aws_codecommit_repository.windows - ansible_repo = data.aws_codecommit_repository.ansible - goss_repo = data.aws_codecommit_repository.goss - goss_profile = "windows-base-test" - state = local.state_config - vpc_config = local.vpc_config - source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI - instance_type = "t2.xlarge" # x86_64 compatible instance type -} - - - -output iam_arn { - value = module.main.iam_arn -} - -output codebuild_user { - value = module.main.build_user.name -} - -output parameters { - value = keys(module.main.parameters) - sensitive = true + security_group_id = aws_security_group.allow_amznlinux_cdn.id + ip_protocol = "-1" + referenced_security_group_id = aws_security_group.allow_amznlinux_cdn.id } diff --git a/rhel.tf b/rhel.tf new file mode 100644 index 0000000..3aba4c1 --- /dev/null +++ b/rhel.tf @@ -0,0 +1,42 @@ + +module "rhel" { + source = "HappyPathway/image-pipeline/aws" + project_name = "rhel-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + create_vpc_endpoint = false + ssh_user = "ec2-user" + playbook = "rhel-arm-baseline.yaml" + terraform_version = "1.8.5" + troubleshoot = true + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.linux + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "rhel-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-03fadeeea589a106b" # x86_64 compatible AMI + instance_type = "t3.micro" # x86_64 compatible instance type +} + +output "rhel_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "rhel_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "rhel_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file diff --git a/windows.tf b/windows.tf new file mode 100644 index 0000000..c7834d3 --- /dev/null +++ b/windows.tf @@ -0,0 +1,53 @@ +resource "random_password" "winrm" { + length = 24 + override_special = "$*!" + special = true +} + +module "windows" { + source = "HappyPathway/image-pipeline/aws" + project_name = "windows-image-pipeline-demo" + builder_image = "aws/codebuild/standard:7.0" + create_new_repo = false + create_new_role = true + playbook = "windows-baseline.yaml" + terraform_version = "1.8.5" + build_permissions_iam_doc = data.aws_iam_policy_document.s3_access + winrm_credentials = { + username = "Administrator" + password = random_password.winrm.result + } + userdata = "userdata/winrm.ps1" + build_environment_variables = [ + for proxy_var in keys(local.proxy_env_vars) : { + name = proxy_var + value = lookup(local.proxy_env_vars, proxy_var) + type = "PLAINTEXT" + } + ] + packer_repo = data.aws_codecommit_repository.windows + ansible_repo = data.aws_codecommit_repository.ansible + goss_repo = data.aws_codecommit_repository.goss + goss_profile = "windows-base-test" + state = local.state_config + vpc_config = local.vpc_config + source_ami = "ami-012fffaddacaa52ff" # x86_64 compatible AMI + instance_type = "t2.xlarge" # x86_64 compatible instance type +} + +output "winrm_password" { + value = nonsensitive(random_password.winrm.result) +} + +output "windows_iam_arn" { + value = module.amazon_linux.iam_arn +} + +output "windows_codebuild_user" { + value = module.amazon_linux.build_user.name +} + +output "windows_parameters" { + value = keys(module.amazon_linux.parameters) + sensitive = true +} \ No newline at end of file From 9cc519f75d82cb4304c584ec40ca3044f1391530 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 8 Aug 2024 19:40:41 -0400 Subject: [PATCH 3/7] updating --- linux.tf | 21 +++++++++++++++------ main.tf | 17 ++++++++++++++--- rhel.tf | 6 +----- windows.tf | 6 +----- 4 files changed, 31 insertions(+), 19 deletions(-) diff --git a/linux.tf b/linux.tf index 6cff4e7..9c5edaa 100644 --- a/linux.tf +++ b/linux.tf @@ -1,3 +1,7 @@ +moved { + from = module.main + to = module.amazon_linux +} module "amazon_linux" { source = "HappyPathway/image-pipeline/aws" @@ -18,7 +22,12 @@ module "amazon_linux" { type = "PLAINTEXT" } ] - packer_repo = data.aws_codecommit_repository.linux + packer_source_type = "S3" + packer_bucket = { + name = aws_s3_bucket.assets_bucket.bucket + key = "linux-image-pipeline.zip" + } + # packer_repo = data.aws_codecommit_repository.linux ansible_repo = data.aws_codecommit_repository.ansible goss_repo = data.aws_codecommit_repository.goss goss_profile = "base-test" @@ -32,11 +41,11 @@ output "linux_iam_arn" { value = module.amazon_linux.iam_arn } -output "linux_codebuild_user" { - value = module.amazon_linux.build_user.name -} - output "linux_parameters" { value = keys(module.amazon_linux.parameters) sensitive = true -} \ No newline at end of file +} + +output linux_bucket { + value = module.amazon_linux.s3_bucket +} diff --git a/main.tf b/main.tf index fac9b5d..715c85e 100644 --- a/main.tf +++ b/main.tf @@ -4,9 +4,17 @@ resource "aws_s3_bucket" "state_bucket" { bucket = "inf-test-${random_uuid.random.result}" } -resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" { - bucket = aws_s3_bucket.state_bucket.bucket +resource "aws_s3_bucket" "assets_bucket" { + bucket = "image-pipeline-assets" +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "state_bucket_encryption" { + for_each = tomap({ + state_bucket = aws_s3_bucket.state_bucket.bucket + assets_bucket = aws_s3_bucket.assets_bucket.bucket + }) + bucket = each.value rule { apply_server_side_encryption_by_default { sse_algorithm = "aws:kms" @@ -18,7 +26,10 @@ data "aws_iam_policy_document" "s3_access" { statement { effect = "Allow" actions = ["s3:*"] - resources = ["*"] + resources = [ + aws_s3_bucket.state_bucket.arn, + aws_s3_bucket.assets_bucket.arn + ] } } diff --git a/rhel.tf b/rhel.tf index 3aba4c1..5f7479f 100644 --- a/rhel.tf +++ b/rhel.tf @@ -32,11 +32,7 @@ output "rhel_iam_arn" { value = module.amazon_linux.iam_arn } -output "rhel_codebuild_user" { - value = module.amazon_linux.build_user.name -} - output "rhel_parameters" { value = keys(module.amazon_linux.parameters) sensitive = true -} \ No newline at end of file +} diff --git a/windows.tf b/windows.tf index c7834d3..b88b8f1 100644 --- a/windows.tf +++ b/windows.tf @@ -43,11 +43,7 @@ output "windows_iam_arn" { value = module.amazon_linux.iam_arn } -output "windows_codebuild_user" { - value = module.amazon_linux.build_user.name -} - output "windows_parameters" { value = keys(module.amazon_linux.parameters) sensitive = true -} \ No newline at end of file +} From b5577e8b49ee6f86f7423e66ff219834e8b00f1c Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Thu, 8 Aug 2024 20:02:48 -0400 Subject: [PATCH 4/7] adding ghe-runner configuration --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 2faf43d..d3e557e 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ override.tf.json # Ignore CLI configuration files .terraformrc terraform.rc +ghe-runner From f2a1b6ebe71a1a7fef63114a3bbd752ff2bc69f9 Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Fri, 9 Aug 2024 15:02:56 -0400 Subject: [PATCH 5/7] triaging --- .github/workflows/terraform-plan.yaml | 45 +++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 .github/workflows/terraform-plan.yaml diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml new file mode 100644 index 0000000..6f651f1 --- /dev/null +++ b/.github/workflows/terraform-plan.yaml @@ -0,0 +1,45 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "main" branch + pull_request: + branches: [ "main" ] + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: [ aws-image-pipeline ] + env: + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }} + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v3 + +# - uses: CSVD/gh-actions-setup-node@v3 +# with: +# node-version: 16 + +# - uses: CSVD/gh-actions-setup-terraform@v2 +# with: +# terraform_wrapper: false + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + env: + AWS_SECRET_ACCESS_KEY: "wqpZLFlqar+aghonhyAIR6vTBSpHQTquus8hhmw9" + AWS_ACCESS_KEY_ID: "ASIATK6SR2K2ZKK54P7T" + AWS_SESSION_TOKEN: "IQoJb3JpZ2luX2VjECkaDXVzLWdvdi1lYXN0LTEiRzBFAiEA1AF7X7KwAwiEIWX0tdgZ0Dj7WwyJY12CxpRMt0nTqD4CIEp/8teAzKXZ2Ubv0WlxyMAguYMeqcQEkl2C4n9PrVtdKpcDCEYQABoMMjI5Njg1NDQ5Mzk3IgymBfPpRUAHOBE8k9Qq9ALnD8WNSq9b/fsTxgm61jmZIrjBm2SBSzHhciEGKcrJZdKTN43jPQLaVgOtZkG1D3wpr16RjEU2YzwarNMvJqasUWf4UH/oa+qztms/IKD9fSDeODkaYWVRZ0q9fS7i7dM57MNTFnCDB8T+cFurRTGNQFtT/ZY8S1Mdr4NASuturYpIDwpkDgB8nG2nvECQvR/u93Ut4Fz0FPoWmNXn/ibG9bbLHd1IMek2H+so97MppHlT6svSvInZEtvV4cSa2YQrTzLDeFn04vUNjEfjI68H+zXxTojt61ZTbUvTvo/ZH9siVDjXmx+sQceam1KDVl9k+cyoN7rzPhRoRVHf/vcm94hk58l0Vla+ndMJn5OTBmXueeWmplr8JM28v6MnqhEjn1l6uuZoiwEcv5O0DssfnC6IX57RSEQC7n0YCk0pzdMrSHMfQF0tUJIJJFMXOeM2RXmXYRofbMH+kmKtaapkGDa+C9Mx4WXBmd9O8IIcl0Ed5Rwwh/PYtQY6pgEjhf9jUxJfyKVM+qo6y1CYGNgAf4tGJJ4FiTns6KPFT8xLdot74AoTT9vg7mXdFRYGZetQAQxDS4/MqPKdejqkOANgdVtspQujDqsSTh+9PmIYjya4DFzTvar3/qVGrc0imgrZdbSFDNWjFNptblBgNnYW545HpQ+NnREHb9AmHoAVQ5k5uWFAhKmaS7d9ceNo5VDR59CU1v5jqO8EWQ0Nme1wOIef" + + run: | + terraform init -upgrade + terraform plan From 20b2f8de585536c5802d0a7c6a0188ae0c4ed76c Mon Sep 17 00:00:00 2001 From: Dave Arnold Date: Fri, 9 Aug 2024 15:07:48 -0400 Subject: [PATCH 6/7] fixing creds --- .github/workflows/terraform-plan.yaml | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml index 6f651f1..8c12ced 100644 --- a/.github/workflows/terraform-plan.yaml +++ b/.github/workflows/terraform-plan.yaml @@ -25,20 +25,11 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v3 -# - uses: CSVD/gh-actions-setup-node@v3 -# with: -# node-version: 16 - -# - uses: CSVD/gh-actions-setup-terraform@v2 -# with: -# terraform_wrapper: false - # Runs a set of commands using the runners shell - name: Run a multi-line script env: - AWS_SECRET_ACCESS_KEY: "wqpZLFlqar+aghonhyAIR6vTBSpHQTquus8hhmw9" - AWS_ACCESS_KEY_ID: "ASIATK6SR2K2ZKK54P7T" - AWS_SESSION_TOKEN: "IQoJb3JpZ2luX2VjECkaDXVzLWdvdi1lYXN0LTEiRzBFAiEA1AF7X7KwAwiEIWX0tdgZ0Dj7WwyJY12CxpRMt0nTqD4CIEp/8teAzKXZ2Ubv0WlxyMAguYMeqcQEkl2C4n9PrVtdKpcDCEYQABoMMjI5Njg1NDQ5Mzk3IgymBfPpRUAHOBE8k9Qq9ALnD8WNSq9b/fsTxgm61jmZIrjBm2SBSzHhciEGKcrJZdKTN43jPQLaVgOtZkG1D3wpr16RjEU2YzwarNMvJqasUWf4UH/oa+qztms/IKD9fSDeODkaYWVRZ0q9fS7i7dM57MNTFnCDB8T+cFurRTGNQFtT/ZY8S1Mdr4NASuturYpIDwpkDgB8nG2nvECQvR/u93Ut4Fz0FPoWmNXn/ibG9bbLHd1IMek2H+so97MppHlT6svSvInZEtvV4cSa2YQrTzLDeFn04vUNjEfjI68H+zXxTojt61ZTbUvTvo/ZH9siVDjXmx+sQceam1KDVl9k+cyoN7rzPhRoRVHf/vcm94hk58l0Vla+ndMJn5OTBmXueeWmplr8JM28v6MnqhEjn1l6uuZoiwEcv5O0DssfnC6IX57RSEQC7n0YCk0pzdMrSHMfQF0tUJIJJFMXOeM2RXmXYRofbMH+kmKtaapkGDa+C9Mx4WXBmd9O8IIcl0Ed5Rwwh/PYtQY6pgEjhf9jUxJfyKVM+qo6y1CYGNgAf4tGJJ4FiTns6KPFT8xLdot74AoTT9vg7mXdFRYGZetQAQxDS4/MqPKdejqkOANgdVtspQujDqsSTh+9PmIYjya4DFzTvar3/qVGrc0imgrZdbSFDNWjFNptblBgNnYW545HpQ+NnREHb9AmHoAVQ5k5uWFAhKmaS7d9ceNo5VDR59CU1v5jqO8EWQ0Nme1wOIef" + AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" + AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" run: | terraform init -upgrade From ea4026c6733691fabf022a4d4f448ac1b56eba11 Mon Sep 17 00:00:00 2001 From: David John Arnold Jr Date: Fri, 9 Aug 2024 13:00:31 -0700 Subject: [PATCH 7/7] Update terraform-plan.yaml --- .github/workflows/terraform-plan.yaml | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/.github/workflows/terraform-plan.yaml b/.github/workflows/terraform-plan.yaml index dbe55c8..0c5a1a8 100644 --- a/.github/workflows/terraform-plan.yaml +++ b/.github/workflows/terraform-plan.yaml @@ -5,11 +5,7 @@ name: Terraform Plan # Controls when the workflow will run on: - # Triggers the workflow on push or pull request events but only for the "main" branch pull_request: - branches: [ "main" ] - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -17,9 +13,6 @@ jobs: build: # The type of runner that the job will run on runs-on: [ aws-image-pipeline ] - env: - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }} # Steps represent a sequence of tasks that will be executed as part of the job steps: @@ -30,8 +23,8 @@ jobs: - name: Run a multi-line script env: AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" - AWS_ACCESS_KEY_ID: "${{ vars.AWS_ACCESS_KEY_ID }}" - + AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" + AWS_SESSION_TOKEN: "${{ secrets.AWS_SESSION_TOKEN }}" run: | terraform init -upgrade - terraform plan \ No newline at end of file + terraform plan