Skip to content

Commit

Permalink
update actions
Browse files Browse the repository at this point in the history
  • Loading branch information
juttayaya committed Oct 9, 2023
1 parent ca05054 commit 2483d67
Show file tree
Hide file tree
Showing 8 changed files with 350 additions and 67 deletions.
54 changes: 54 additions & 0 deletions .github/actions/app-tf-apply/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
name: Application AWS Terraform Apply
description: Terraform apply for App AWS infra

inputs:
aws-access-key-id:
description: >-
AWS Access Key ID. This input is required if running in the GitHub hosted environment.
required: true
aws-secret-access-key:
description: >-
AWS Secret Access Key. This input is required if running in the GitHub hosted environment.
required: true
aws-region:
description: 'AWS Region, e.g. us-east-2'
required: true
terraform-version:
description: Terraform version to use
required: false
default: 1.4.6
terraform-directory:
description: Directory where Terraform config is located
required: false
default: '.'
envname:
description: The Cloud Environment to run
required: true
github-org:
description: GitHub Organization
required: true
github-token:
description: GitHub Token
required: true

runs:
using: composite
steps:
-
name: Application Terraform Plan
uses: ./.github/actions/app-tf-plan
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}
terraform-version: ${{ inputs.terraform-version }}
terraform-directory: ${{ inputs.terraform-directory }}
envname: ${{ inputs.envname }}
github-org: ${{ inputs.github-org }}
github-token: ${{ inputs.github-token }}

-
name: Application Terraform Apply
working-directory: ${{ inputs.terraform-directory }}
shell: bash
run: terraform apply -no-color -auto-approve github-actions.tfplan
64 changes: 64 additions & 0 deletions .github/actions/app-tf-plan/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
name: Application AWS Terraform Plan
description: Terraform plan for App AWS infra

inputs:
aws-access-key-id:
description: >-
AWS Access Key ID. This input is required if running in the GitHub hosted environment.
required: true
aws-secret-access-key:
description: >-
AWS Secret Access Key. This input is required if running in the GitHub hosted environment.
required: true
aws-region:
description: 'AWS Region, e.g. us-east-2'
required: true
terraform-version:
description: Terraform version to use
required: false
default: 1.4.6
terraform-directory:
description: Directory where Terraform config is located
required: false
default: '.'
envname:
description: The Cloud Environment to run
required: true
github-org:
description: GitHub Organization
required: true
github-token:
description: GitHub Token
required: true

runs:
using: composite
steps:
-
name: AWS Login
uses: ./.github/actions/aws-login
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}

-
name: GitHub Login
uses: ./.github/actions/github-login
with:
github-org: ${{ inputs.github-org }}
github-token: ${{ inputs.github-token }}

-
name: Initialize Terraform
uses: ./.github/actions/terraform-init
with:
terraform-version: ${{ inputs.terraform-version }}
terraform-directory: ${{ inputs.terraform-directory }}

- name: Terraform plan
uses: ./.github/actions/terraform-plan
with:
envname: ${{ inputs.envname }}
github-token: ${{ inputs.github-token }}
terraform-directory: ${{ inputs.terraform-directory }}
31 changes: 31 additions & 0 deletions .github/actions/aws-login/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
name: AWS Login
description: Login to AWS

inputs:
aws-access-key-id:
description: >-
AWS Access Key ID. This input is required if running in the GitHub hosted environment.
required: true
aws-secret-access-key:
description: >-
AWS Secret Access Key. This input is required if running in the GitHub hosted environment.
required: true
aws-region:
description: 'AWS Region, e.g. us-east-2'
required: true

runs:
using: composite
steps:
-
name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}

# -
# name: Display AWS auth ID
# run: aws sts get-caller-identity
# shell: bash
17 changes: 17 additions & 0 deletions .github/actions/github-login/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: 'GitHub Login'
description: 'Gives this job access to private terraform modules.'
inputs:
github-org:
description: 'The GitHub org that access is for'
required: true
github-token:
description: 'GitHub token with access to private repos'
required: true
runs:
using: 'composite'
steps:
- name: Setup private repo credentials for private modules
shell: bash
run: |
git config --global url.'https://git:${{ inputs.github-token }}@github.com/${{ inputs.github-org }}'.insteadOf 'https://github.com/${{ inputs.github-org }}'
git config --global url.'https://${{ inputs.github-token }}:[email protected]/${{ inputs.github-org }}'.insteadOf ssh://[email protected]/${{ inputs.github-org }}
23 changes: 2 additions & 21 deletions .github/actions/terraform-init/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,6 @@ author: Jirawat Uttayaya (juttayaya)
description: Initialize and Authorize Terraform

inputs:
aws-access-key-id:
description: >-
AWS Access Key ID. This input is required if running in the GitHub hosted environment.
required: true
aws-secret-access-key:
description: >-
AWS Secret Access Key. This input is required if running in the GitHub hosted environment.
required: true
aws-region:
description: 'AWS Region, e.g. us-east-2'
required: true
terraform-version:
description: Terraform version to use
required: false
Expand All @@ -26,21 +15,13 @@ inputs:
runs:
using: composite
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ inputs.aws-access-key-id }}
aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
aws-region: ${{ inputs.aws-region }}
- name: Display AWS auth ID
run: aws sts get-caller-identity
shell: bash
- name: Setup Terraform
# Installs a specific version of Terraform
# https://github.com/marketplace/actions/hashicorp-setup-terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ inputs.terraform-version }}
terraform_wrapper: true
- name: Configure Terraform plugin cache
# Using bash $HOME var because ~ is inconsistent in GitHub Actions and Terraform
# For more info on .terraformrc and plugin_cache_dir
Expand All @@ -62,7 +43,7 @@ runs:
# this step allows the provider plugins step to fail file cache so we can
# update the providers lock explicitly in the next step
run: |
terraform init -backend-config=./environments/${{ inputs.envname }}/s3.tfbackend
terraform init
shell: bash
continue-on-error: true
- name: Terraform init
Expand Down
57 changes: 11 additions & 46 deletions .github/actions/terraform-plan/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,56 +32,21 @@ runs:
terraform plan -no-color -out=${{ inputs.terraform-plan-output }} > /dev/null
terraform show -no-color ${{ inputs.terraform-plan-output }}
shell: bash
continue-on-error: true
- name: Display Terraform plan on summary
working-directory: ${{ inputs.terraform-directory }}
if: steps.tfplan.outputs.exitcode == 0
run: |
echo "### Terraform Plan on ${{ inputs.envname }} from $GITHUB_REF_NAME :rocket:" >> $GITHUB_STEP_SUMMARY
echo '~~~' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.tfplan.outputs.stdout }}" >> $GITHUB_STEP_SUMMARY
echo '~~~' >> $GITHUB_STEP_SUMMARY
shell: bash
- name: Terraform PR
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
with:
github-token: ${{ inputs.github-token }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Plan')
})
// 2. Prepare format of the comment
const output = `#### Terraform Plan 📖\`${{ steps.tfplan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${{ steps.tfplan.outputs.stdout }}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`;
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
});
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
});
}
- name: Display Terraform Error on summary
if: steps.tfplan.outputs.exitcode != 0
run: |
echo "### Terraform ERROR on ${{ inputs.envname }} from $GITHUB_REF_NAME :rocket:" >> $GITHUB_STEP_SUMMARY
echo '~~~' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.tfplan.outputs.stderr }}" >> $GITHUB_STEP_SUMMARY
echo '~~~' >> $GITHUB_STEP_SUMMARY
exit ${{ steps.tfplan.outputs.exitcode }}
shell: bash
110 changes: 110 additions & 0 deletions .github/workflows/terraform-plan-parallel.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: Terraform - Plan
on:
push:
branches-ignore:
- 'main'
# paths:
# - 'envs/**'
# - 'modules/**'
workflow_dispatch:
permissions:
id-token: write
pull-requests: write
contents: read # This is required for actions/checkout
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: false
defaults:
run:
shell: bash
env:
terraform-version: 1.4.6
aws-region: eu-central-1
github-org: 'Merit-Circle'

run-name: ${{ github.workflow }} by @${{ github.actor }} from ${{ github.ref_name }}

jobs:
testeu-terraform-plan:
name: testeu TF Plan
runs-on: ubuntu-latest
steps:
-
name: Checkout GitHub Repo
uses: actions/checkout@v3

-
name: Application Terraform Plan
uses: ./.github/actions/app-tf-plan
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.aws-region }}
terraform-version: ${{ env.terraform-version }}
terraform-directory: "envs/test-eu"
envname: "testeu"
github-org: ${{ env.github-org }}
github-token: ${{ secrets.GITHUB_TOKEN }}

acceu-terraform-plan:
name: acceu TF Plan
runs-on: ubuntu-latest
steps:
-
name: Checkout GitHub Repo
uses: actions/checkout@v3

-
name: Application Terraform Plan
uses: ./.github/actions/app-tf-plan
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.aws-region }}
terraform-version: ${{ env.terraform-version }}
terraform-directory: "envs/acc-eu"
envname: "acceu"
github-org: ${{ env.github-org }}
github-token: ${{ secrets.GITHUB_TOKEN }}

prdeutestnet-terraform-plan:
name: prdeutestnet TF Plan
runs-on: ubuntu-latest
steps:
-
name: Checkout GitHub Repo
uses: actions/checkout@v3

-
name: Application Terraform Plan
uses: ./.github/actions/app-tf-plan
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.aws-region }}
terraform-version: ${{ env.terraform-version }}
terraform-directory: "envs/prd-testnet"
envname: "prdeutestnet"
github-org: ${{ env.github-org }}
github-token: ${{ secrets.GITHUB_TOKEN }}

prdeu-terraform-plan:
name: prdeu TF Plan
runs-on: ubuntu-latest
steps:
-
name: Checkout GitHub Repo
uses: actions/checkout@v3

-
name: Application Terraform Plan
uses: ./.github/actions/app-tf-plan
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.aws-region }}
terraform-version: ${{ env.terraform-version }}
terraform-directory: "envs/prd-eu"
envname: "prdeu"
github-org: ${{ env.github-org }}
github-token: ${{ secrets.GITHUB_TOKEN }}
Loading

0 comments on commit 2483d67

Please sign in to comment.