diff --git a/.github/runner-config.yml b/.github/runner-config.yml new file mode 100644 index 0000000..365cb02 --- /dev/null +++ b/.github/runner-config.yml @@ -0,0 +1,7 @@ +# Runner configuration for different AWS accounts +# Format: environment_name: aws_account_id + +dev: dev-account-runner +staging: staging-account-runner +prod: prod-account-runner +lab: lab-account-runner diff --git a/.github/workflows/init-cluster-pr.yml b/.github/workflows/init-cluster-pr.yml new file mode 100644 index 0000000..76246e4 --- /dev/null +++ b/.github/workflows/init-cluster-pr.yml @@ -0,0 +1,108 @@ +name: Initialize Cluster Configuration + +on: + pull_request: + branches: [ main ] + types: [ opened, synchronize, reopened ] + +jobs: + determine-environment: + runs-on: ubuntu-latest + if: github.head_ref == 'init-cluster' + outputs: + aws_account: ${{ steps.get-account.outputs.aws_account }} + environment: ${{ steps.get-account.outputs.environment }} + + steps: + - uses: actions/checkout@v4 + + - name: Get AWS account from config + id: get-account + run: | + AWS_ACCOUNT=$(jq -r '.aws_account' config.json) + ENVIRONMENT=$(jq -r '.environment' config.json) + echo "aws_account=${AWS_ACCOUNT}" >> $GITHUB_OUTPUT + echo "environment=${ENVIRONMENT}" >> $GITHUB_OUTPUT + + expand-config: + needs: determine-environment + runs-on: [ "${{ needs.determine-environment.outputs.aws_account }}" ] + + steps: + - uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: '3.11' + + - name: Install Ansible + run: | + python -m pip install --upgrade pip + pip install ansible jinja2 + + - name: Run HCL Generator + run: | + cd ansible + ansible-playbook generate_hcl_files.yml + + - name: Commit HCL Files + run: | + git config --global user.name "GitHub Actions Bot" + git config --global user.email "actions@github.com" + git add environment/ + git commit -m "Generate HCL files from config" || echo "No changes to commit" + git push origin HEAD:${{ github.head_ref }} + + terraform-plan: + needs: [ determine-environment, expand-config ] + runs-on: [ "${{ needs.determine-environment.outputs.aws_account }}" ] + + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3.1.2 + with: + terraform_version: 1.9.1 + terraform_wrapper: false + + - name: Setup Terragrunt + run: | + wget -O terragrunt https://github.com/gruntwork-io/terragrunt/releases/download/v0.45.0/terragrunt_linux_amd64 + chmod +x terragrunt + sudo mv terragrunt /usr/local/bin/ + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::${{ needs.determine-environment.outputs.aws_account }}:role/GitHubActionsRole + aws-region: us-east-1 + + - name: Terragrunt Plan + working-directory: environment/region/vpc/cluster + run: | + terragrunt init + terragrunt plan -no-color -out=tfplan 2>&1 | tee plan.txt + + - name: Comment Plan on PR + uses: actions/github-script@v7 + if: github.event_name == 'pull_request' + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const fs = require('fs'); + const plan = fs.readFileSync('environment/region/vpc/cluster/plan.txt', 'utf8'); + const comment = `### Terraform Plan Results + \`\`\` + ${plan} + \`\`\` + `; + github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number, + body: comment + });