Skip to content

Github IAAC

Github IAAC #3

Workflow file for this run

name : Github IAAC
on: # events when the actions will trigger
push:
branches:
- main
- stage
paths:
- transform/**
# only for tech lead/arch, in cases where, the dev tested the code in stagging branch and then dev will request pull_request to approve the changes and merge to main branch, only some people like TL will have access to perfom any tasks on pull_request.
pull_request:
branches:
- main
paths:
- terraform/**
- .github/workflows/terraform.yml
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
tags:
description: 'Test scenario tags'
env:
# AWS Credentials for deployment to AWS for Terraform
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESSS_KEY: ${{secrets.AWS_SECRET_ACCESSS_KEY}}
# S3 bucket for the Terraform State
BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }}
AWS_REGION: us-east-1
EKS_CLUSTER: github-practice-eks
GITHUB_TOKEN: ${{secrets.GIT_ACTION_TOKEN}}
jobs: # jobs are steps to excute in the pipeline
terraform:
name: "Apply terraform code changes"
runs-on: ubuntu-latest #container with ubuntu image, runs below cmds/steps
defaults:
run: |
echo "Log level: ${{ github.event.inputs.logLevel }}"
echo "Tags: ${{ github.event.inputs.tags }}"
shell: bash
working-directory: ./terraform #action will cd into this dir
steps:
- name: "checkout the source code"
uses: actions/checkout@v4 #pre-defined actions in guthub marketplace
with:
token: env.GIT_ACTION_TOKEN
- name: Setup Terraform with specified version on the runner/container
uses: hashicorp/setup-terraform@v3
- name: Terraform init
id: init #refer in the next step
run: terraform init -backend-config="bucket=$BUCKET_TF_STATE"
- name: Terraform fmt
id: fmt
run: terraform fmt -check # -check optiin will enable returning 0 if the fmt cmd fails
- name: Terraform validate
id: validate
run: terraform validate
- name: Terraform Plang
id: plan
run: terraform plan -no-clor -input=false -out planfile # to see the -out to generate planfile for troublshooting to see details of the terraform genrated plan
continue-on-error: true #continue to the next step if terraform plan cmd fials
- name: Terraform plan status
if: steps.plan.outcome == 'failure'
run: exit 1 #the shell session gets exited, so this workflow session exits, by exiting or killing the ubuntu container