diff --git a/.github/workflows/terraform-validate.yaml b/.github/workflows/terraform-validate.yaml
index 72829d8..04b96db 100644
--- a/.github/workflows/terraform-validate.yaml
+++ b/.github/workflows/terraform-validate.yaml
@@ -1,42 +1,40 @@
-name: Terraform Validate
+name: Terraform CI/CD
on:
- pull_request:
workflow_dispatch:
-
+ pull_request:
+ types: [closed]
+ branches:
+ - main
jobs:
-
- terraform-validate:
- runs-on: "229685449397"
+ terraform-ci-cd:
+ runs-on: 229685449397
permissions:
contents: write
+
steps:
- name: Checkout code
uses: CSVD/gh-actions-checkout@v4
- - name: Setup Terraform
- uses: CSVD/gh-actions-setup-terraform@v2
+ - name: Setup GITHUB Credentials
+ id: github_credentials
+ uses: CSVD/gh-auth@main
with:
- terraform_version: '1.7.3'
-
- - name: Validate Terraform Configuration
- id: validate
- uses: CSVD/terraform-validate@main
+ github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
+ github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
+ github_app_id: ${{ vars.GH_APP_ID }}
- - name: Check Validation/Test Results
- if: always()
+ - name: Setup GitHub CLI
run: |
- # Set default values if outputs are empty
- IS_VALID="${{ steps.validate.outputs.is_valid }}"
- TESTS_PASSED="${{ steps.validate.outputs.tests_passed }}"
+ # Force manual authentication since setup-git might not work with GitHub Enterprise
+ echo "${{ steps.github_credentials.outputs.github_token }}" > /tmp/token.txt
+ gh auth login --with-token --hostname "github.e.it.census.gov" < /tmp/token.txt
+ rm /tmp/token.txt
- # If outputs are empty, set them to false
- [ -z "$IS_VALID" ] && IS_VALID="false"
- [ -z "$TESTS_PASSED" ] && TESTS_PASSED="false"
+ # Test GitHub CLI auth status
+ gh auth status || echo "GitHub CLI authentication failed"
- if [[ "$IS_VALID" != "true" || "$TESTS_PASSED" != "true" ]]; then
- echo "Validation or test errors found:"
- echo "${{ steps.validate.outputs.stderr }}"
- exit 1
- else
- echo "All validations and tests passed successfully!"
- fi
+ - name: Run Release Action
+ uses: CSVD/releaser@main
+ with:
+ github-token: ${{ steps.github_credentials.outputs.github_token }}
+ working-directory: '.'
diff --git a/README.md b/README.md
index d64fc99..ca37962 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [account\_id](#input\_account\_id) | aws account number | `string` | `""` | no |
| [cluster\_domain](#input\_cluster\_domain) | The domain name used to reference ingresses for the cluster | `string` | n/a | yes |
| [cluster\_name](#input\_cluster\_name) | The name of the cluster into which the tools are deployed. | `string` | n/a | yes |
| [grafana\_internal\_url](#input\_grafana\_internal\_url) | The url within the cluster to use to access grafana. | `string` | n/a | yes |
@@ -43,6 +44,7 @@
| [namespace](#input\_namespace) | The namespace to create and into which the tools are deployed. | `string` | `"namespace"` | no |
| [profile](#input\_profile) | The AWS\_PROFILE to use while running the scripts. | `string` | `""` | no |
| [prometheus\_internal\_url](#input\_prometheus\_internal\_url) | The url within the cluster to use to query the prometheus server. | `string` | n/a | yes |
+| [region](#input\_region) | region name | `string` | `"us-gov-east-1"` | no |
| [service\_name](#input\_service\_name) | The name of the service for Kiali. | `string` | `"kiali"` | no |
## Outputs
diff --git a/copy_images.tf b/copy_images.tf
index d6e0405..82edd1e 100644
--- a/copy_images.tf
+++ b/copy_images.tf
@@ -1,7 +1,7 @@
locals {
kiali_operator_key = format("%v#%v", "istio-tools/kiali-operator", var.kiali_application_version)
kiali_server_key = format("%v#%v", "istio-tools/kiali", var.kiali_application_version)
- ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
+ # ent_ecr_source = format("%v.%v.%v.%v", var.account_id, "dkr.ecr", var.region, "amazonaws.com/ent-images")
image_config = [
## Images for Kiali
@@ -9,8 +9,8 @@ locals {
enabled = true
dest_path = null
name = "istio-tools/kiali-operator"
- source_image = "opensource/kiali/kiali-operator"
- source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
+ source_image = "kiali/kiali-operator"
+ source_registry = "quay.io"
source_tag = var.kiali_application_version
tag = var.kiali_application_version
},
@@ -18,8 +18,8 @@ locals {
enabled = true
dest_path = null
name = "istio-tools/kiali"
- source_image = "opensource/kiali/kiali"
- source_registry = format("%v/%v", local.ent_ecr_source, "ironbank")
+ source_image = "kiali/kiali"
+ source_registry = "quay.io"
source_tag = var.kiali_application_version
tag = var.kiali_application_version
},
@@ -39,17 +39,17 @@ module "images" {
force_delete = true
lifecycle_policy_keep_count = 5
- source_username = data.aws_ecr_authorization_token.ecr_token.user_name
- source_password = data.aws_ecr_authorization_token.ecr_token.password
+ # source_username = data.aws_ecr_authorization_token.ecr_token.user_name
+ # source_password = data.aws_ecr_authorization_token.ecr_token.password
- destination_username = data.aws_ecr_authorization_token.token.user_name
- destination_password = data.aws_ecr_authorization_token.token.password
+ # destination_username = data.aws_ecr_authorization_token.token.user_name
+ # destination_password = data.aws_ecr_authorization_token.token.password
}
-data "aws_ecr_authorization_token" "ecr_token" {
- registry_id = var.account_id
-}
+# data "aws_ecr_authorization_token" "ecr_token" {
+# registry_id = var.account_id
+# }
-data "aws_ecr_authorization_token" "token" {
- registry_id = var.account_id
-}
+# data "aws_ecr_authorization_token" "token" {
+# registry_id = var.account_id
+# }
diff --git a/variables.tf b/variables.tf
index 56ace1e..535a002 100644
--- a/variables.tf
+++ b/variables.tf
@@ -79,12 +79,14 @@ variable "service_name" {
default = "kiali"
}
+# tflint-ignore: terraform_unused_declarations
variable "account_id" {
description = "aws account number"
type = string
default = ""
}
+# tflint-ignore: terraform_unused_declarations
variable "region" {
description = "region name"
type = string