diff --git a/.github/workflows/terraform-release.yaml b/.github/workflows/terraform-release.yaml
new file mode 100644
index 0000000..90910bc
--- /dev/null
+++ b/.github/workflows/terraform-release.yaml
@@ -0,0 +1,73 @@
+name: Terraform CI/CD
+on:
+ workflow_dispatch:
+ pull_request:
+ types: [closed]
+ branches:
+ - main
+jobs:
+ terraform-ci-cd:
+ runs-on: 229685449397
+ permissions:
+ contents: write
+
+ steps:
+ - name: Checkout code
+ uses: CSVD/gh-actions-checkout@v4
+
+ - name: Setup Terraform
+ uses: CSVD/gh-actions-setup-terraform@v3
+ with:
+ terraform_version: "1.9.1"
+
+ - name: Setup GITHUB Credentials
+ id: github_credentials
+ uses: CSVD/gh-auth@main
+ with:
+ github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+ github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+ github_app_id: ${{ vars.GH_APP_ID }}
+
+
+ - name: Debug Authentication
+ run: |
+ # Print the GitHub server URL
+ echo "GitHub Server URL: ${{ github.server_url }}"
+
+ # Extract the host from the URL
+ HOST="${{ github.server_url }}"
+ HOST="${HOST#*//}"
+ HOST="${HOST%%/*}"
+ echo "GitHub Host: $HOST"
+
+ # Check if token exists
+ if [[ -n "${{ steps.github_credentials.outputs.github_token }}" ]]; then
+ echo "Token generated successfully"
+ # Test the token with a simple GitHub API call (without exposing the token)
+ STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ steps.github_credentials.outputs.github_token }}" "${{ github.server_url }}/api/v3/user")
+ echo "API Test Status Code: $STATUS"
+ else
+ echo "No token was generated!"
+ fi
+
+ - name: Setup GitHub CLI
+ run: |
+ # Force manual authentication since setup-git might not work with GitHub Enterprise
+ echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt
+ gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt
+ rm /tmp/token.txt
+
+ # Test GitHub CLI auth status
+ gh auth status || echo "GitHub CLI authentication failed"
+
+ - name: AWS Auth
+ id: aws_auth
+ uses: CSVD/aws-auth@main
+ with:
+ ecs: true
+
+ - name: Run Terraform Module Release Action
+ uses: CSVD/terraform-module-release@main
+ with:
+ github-token: ${{ steps.github_credentials.outputs.github_token }}
+ working-directory: '.'
diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
new file mode 100644
index 0000000..72829d8
--- /dev/null
+++ b/.github/workflows/terraform-validate.yaml
@@ -0,0 +1,42 @@
+name: Terraform Validate
+on:
+ pull_request:
+ workflow_dispatch:
+
+jobs:
+
+ terraform-validate:
+ runs-on: "229685449397"
+ permissions:
+ contents: write
+ steps:
+ - name: Checkout code
+ uses: CSVD/gh-actions-checkout@v4
+
+ - name: Setup Terraform
+ uses: CSVD/gh-actions-setup-terraform@v2
+ with:
+ terraform_version: '1.7.3'
+
+ - name: Validate Terraform Configuration
+ id: validate
+ uses: CSVD/terraform-validate@main
+
+ - name: Check Validation/Test Results
+ if: always()
+ run: |
+ # Set default values if outputs are empty
+ IS_VALID="${{ steps.validate.outputs.is_valid }}"
+ TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}"
+
+ # If outputs are empty, set them to false
+ [ -z "$IS_VALID" ] && IS_VALID="false"
+ [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false"
+
+ if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then
+ echo "Validation or test errors found:"
+ echo "${{ steps.validate.outputs.stderr }}"
+ exit 1
+ else
+ echo "All validations and tests passed successfully!"
+ fi
diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml
deleted file mode 100644
index a78523e..0000000
--- a/.github/workflows/terragrunt-cicd.yml
+++ /dev/null
@@ -1,101 +0,0 @@
-name: 'Terraform Module CI'
-
-on:
- push:
- branches:
- - main
- paths:
- - '**/*.hcl'
- - '**/*.tf'
- pull_request:
- branches:
- - main
- paths:
- - '**/*.hcl'
- - '**/*.tf'
-
-permissions:
- contents: read
- pull-requests: write
-
-jobs:
- validate:
- name: 'Validate Module'
- runs-on: self-hosted
-
- steps:
- - name: Checkout
- uses: actions/checkout@v3
-
- - name: Setup Terraform
- uses: hashicorp/setup-terraform@v2
- with:
- terraform_version: 1.5.0
-
- - name: Terraform Init
- run: |
- terraform init -backend=false
-
- - name: Terraform Format
- run: |
- terraform fmt -check
-
- - name: Terraform Validate
- run: |
- terraform validate
-
- - name: Run tflint
- uses: terraform-linters/setup-tflint@v3
- if: github.event_name == 'pull_request'
-
- - name: Lint Terraform
- if: github.event_name == 'pull_request'
- run: |
- tflint --format compact
-
- release:
- name: 'Create Release'
- needs: validate
- if: github.ref == 'refs/heads/main' && github.event_name == 'push'
- runs-on: self-hosted
- permissions:
- contents: write
-
- steps:
- - name: Checkout
- uses: actions/checkout@v3
- with:
- fetch-depth: 0
- token: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Setup Python
- uses: actions/setup-python@v4
- with:
- python-version: '3.9'
-
- - name: Install Commitizen
- run: |
- pip install commitizen
-
- - name: Configure Git
- run: |
- git config --local user.email "action@github.com"
- git config --local user.name "GitHub Action"
-
- - name: Bump Version and Generate Changelog
- id: cz
- run: |
- cz bump --yes
- echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT
- echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT
-
- - name: Create Release
- uses: actions/create-release@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- tag_name: v${{ steps.cz.outputs.new_version }}
- release_name: Release v${{ steps.cz.outputs.new_version }}
- draft: false
- prerelease: false
- body: ${{ steps.cz.outputs.changelog }}
diff --git a/README.md b/README.md
index 4050d3e..d3905fc 100644
--- a/README.md
+++ b/README.md
@@ -144,6 +144,7 @@ efs-csi-controller 0 5m
|------|-------------|------|---------|:--------:|
| [access\_entries](#input\_access\_entries) | Map of access entries to add to the cluster | `any` | `{}` | no |
| [census\_private\_cidr](#input\_census\_private\_cidr) | Census Private CIR Blocks | `list(string)` | [
"148.129.0.0/16",
"172.16.0.0/12",
"192.168.0.0/16",
"10.0.0.0/16"
]
| no |
+| [cloudwatch\_retention\_days](#input\_cloudwatch\_retention\_days) | number of days to retain logs in cloudwatch | `string` | `"14"` | no |
| [cluster\_endpoint\_private\_access](#input\_cluster\_endpoint\_private\_access) | Whether the EKS cluster API server endpoint is privately accessible | `bool` | `true` | no |
| [cluster\_endpoint\_public\_access](#input\_cluster\_endpoint\_public\_access) | Whether the EKS cluster API server endpoint is publicly accessible | `bool` | `true` | no |
| [cluster\_name](#input\_cluster\_name) | EKS cluster name name component used through out the EKS cluster describing its purpose (ex: dice-dev) | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index 66ed764..786d79f 100644
--- a/main.tf
+++ b/main.tf
@@ -29,7 +29,7 @@ module "cluster" {
source = "git@github.e.it.census.gov:SCT-Engineering/terraform-aws-eks.git?ref=v20.34.0"
access_entries = local.access_entries
- cloudwatch_log_group_retention_in_days = "14"
+ cloudwatch_log_group_retention_in_days = var.cloudwatch_retention_days
cluster_endpoint_private_access = var.cluster_endpoint_private_access
cluster_endpoint_public_access = var.cluster_endpoint_public_access
cluster_name = var.cluster_name
diff --git a/variables.tf b/variables.tf
index 2b73269..8a9fb29 100644
--- a/variables.tf
+++ b/variables.tf
@@ -155,3 +155,9 @@ variable "tags" {
error_message = "Tag keys must be <= 128 chars, values <= 256 chars, and both can only contain alphanumeric characters, spaces, and '.+-=@:_'."
}
}
+
+variable "cloudwatch_retention_days" {
+ description = "number of days to retain logs in cloudwatch"
+ type = string
+ default = "14"
+}