revert

SCT-Engineering · Apr 15, 2025 · 15b96ba · 15b96ba
1 parent 783fba2
commit 15b96ba
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 43 deletions.
diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
@@ -1,42 +1,40 @@
-name: Terraform Validate
+name: Terraform CI/CD
 on:
-  pull_request:
   workflow_dispatch:
-
+  pull_request:
+    types: [closed]
+    branches:
+      - main
 jobs:
-
-  terraform-validate:
-    runs-on: "229685449397"
+  terraform-ci-cd:
+    runs-on: 229685449397
     permissions:
       contents: write
+
     steps:
       - name: Checkout code
         uses: CSVD/gh-actions-checkout@v4
 
-      - name: Setup Terraform
-        uses: CSVD/gh-actions-setup-terraform@v2
+      - name: Setup GITHUB Credentials
+        id: github_credentials
+        uses: CSVD/gh-auth@main
         with:
-          terraform_version: '1.7.3'
-
-      - name: Validate Terraform Configuration
-        id: validate
-        uses: CSVD/terraform-validate@main
+          github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+          github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+          github_app_id: ${{ vars.GH_APP_ID }}
 
-      - name: Check Validation/Test Results
-        if: always()
+      - name: Setup GitHub CLI
         run: |
-          # Set default values if outputs are empty
-          IS_VALID="${{ steps.validate.outputs.is_valid }}"
-          TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}"
+          # Force manual authentication since setup-git might not work with GitHub Enterprise
+          echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt
+          gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt
+          rm /tmp/token.txt
 
-          # If outputs are empty, set them to false
-          [ -z "$IS_VALID" ] && IS_VALID="false"
-          [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false"
+          # Test GitHub CLI auth status
+          gh auth status || echo "GitHub CLI authentication failed"
 
-          if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then
-            echo "Validation or test errors found:"
-            echo "${{ steps.validate.outputs.stderr }}"
-            exit 1
-          else
-            echo "All validations and tests passed successfully!"
-          fi
+      - name: Run Release Action
+        uses: CSVD/releaser@main
+        with:
+          github-token: ${{ steps.github_credentials.outputs.github_token }}
+          working-directory: '.'
diff --git a/README.md b/README.md
@@ -32,6 +32,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no |
 | <a name="input_cluster_domain"></a> [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
 | <a name="input_grafana_internal_url"></a> [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
@@ -43,6 +44,7 @@
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"namespace"` | no |
 | <a name="input_profile"></a> [profile](#input\_profile) | The AWS\_PROFILE to use while running the scripts. | `string` | `""` | no |
 | <a name="input_prometheus_internal_url"></a> [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | region name | `string` | `"us-gov-east-1"` | no |
 | <a name="input_service_name"></a> [service\_name](#input\_service\_name) | The name of the service for Kiali. | `string` | `"kiali"` | no |
 
 ## Outputs

diff --git a/copy_images.tf b/copy_images.tf
@@ -1,25 +1,25 @@
 locals {
   kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
   kiali_server_key   = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
-  ent_ecr_source     = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
+  # ent_ecr_source     = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
 
   image_config = [
     ## Images for Kiali
     {
       enabled         = true
       dest_path       = null
       name            = "istio-tools/kiali-operator"
-      source_image    = "opensource/kiali/kiali-operator"
-      source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
+      source_image    = "kiali/kiali-operator"
+      source_registry = "quay.io"
       source_tag      = var.kiali_application_version
       tag             = var.kiali_application_version
     },
     {
       enabled         = true
       dest_path       = null
       name            = "istio-tools/kiali"
-      source_image    = "opensource/kiali/kiali"
-      source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
+      source_image    = "kiali/kiali"
+      source_registry = "quay.io"
       source_tag      = var.kiali_application_version
       tag             = var.kiali_application_version
     },
@@ -39,17 +39,17 @@ module "images" {
   force_delete                = true
   lifecycle_policy_keep_count = 5
 
-  source_username = data.aws_ecr_authorization_token.ecr_token.user_name
-  source_password = data.aws_ecr_authorization_token.ecr_token.password
+  # source_username = data.aws_ecr_authorization_token.ecr_token.user_name
+  # source_password = data.aws_ecr_authorization_token.ecr_token.password
 
-  destination_username = data.aws_ecr_authorization_token.token.user_name
-  destination_password = data.aws_ecr_authorization_token.token.password
+  # destination_username = data.aws_ecr_authorization_token.token.user_name
+  # destination_password = data.aws_ecr_authorization_token.token.password
 }
 
-data "aws_ecr_authorization_token" "ecr_token" {
-  registry_id = var.account_id
-}
+# data "aws_ecr_authorization_token" "ecr_token" {
+#   registry_id = var.account_id
+# }
 
-data "aws_ecr_authorization_token" "token" {
-  registry_id = var.account_id
-}
+# data "aws_ecr_authorization_token" "token" {
+#   registry_id = var.account_id
+# }
diff --git a/variables.tf b/variables.tf
@@ -79,12 +79,14 @@ variable "service_name" {
   default     = "kiali"
 }
 
+# tflint-ignore: terraform_unused_declarations
 variable "account_id" {
   description = "aws account number"
   type        = string
   default     = ""
 }
 
+# tflint-ignore: terraform_unused_declarations
 variable "region" {
   description = "region name"
   type        = string