forked from hkhcoder/iac-vprofile
-
Notifications
You must be signed in to change notification settings - Fork 0
97 lines (79 loc) · 3.35 KB
/
terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name : Github IAAC
run-name: This workflow has been triggered by ${{ github.actor}}
on: # events when the actions will trigger
[push]
# branches:
# - 'main'
# - 'stage'
# paths:
# - 'transform/**'
# # only for tech lead/arch, in cases where, the dev tested the code in stagging branch and then dev will request pull_request to approve the changes and merge to main branch, only some people like TL will have access to perfom any tasks on pull_request.
# pull_request:
# branches:
# - main
# paths:
# - terraform/**
# workflow_dispatch:
# inputs:
# logLevel:
# description: 'Log level'
# required: true
# default: 'warning'
# tags:
# description: 'Test scenario tags'
env:
# AWS Credentials for deployment to AWS for Terraform
AWS_ACCESS_KEY_ID: ${{secrets.AWS_ACCESS_KEY_ID}}
AWS_SECRET_ACCESSS_KEY: ${{secrets.AWS_SECRET_ACCESSS_KEY}}
# S3 bucket for the Terraform State
BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE }}
AWS_REGION: us-east-1
EKS_CLUSTER: github-practice-eks
GITHUB_TOKEN: ${{secrets.GIT_ACTION_TOKEN}}
jobs: # jobs are steps to excute in the pipeline
terraform:
name: "Apply terraform code changes"
runs-on: ubuntu-latest #container with ubuntu image, runs below cmds/steps
defaults:
run:
shell: bash
working-directory: ./terraform #action will cd into this dir
steps:
- name: "checkout the source code"
uses: actions/checkout@v4 #pre-defined actions in guthub marketplace
with:
token: ${{secrets.GIT_ACTION_TOKEN}}
fetch-depth: 0
ref: 'stage'
- name: check environment vars
run: |
if [ -n "${{ secrets.AWS_ACCESS_KEY_ID }}"]; then echo "valid aws access key"
if [ -n "${{ secrets.AWS_SECRET_ACCESS_KEY }}"]; then echo "valid aws secret key"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Setup Terraform with specified version on the runner/container
uses: hashicorp/setup-terraform@v3
- name: Terraform init
id: init #refer in the next step
run: terraform init -backend-config="bucket=$BUCKET_TF_STATE"
- name: Terraform fmt
id: fmt
run: terraform fmt -check # -check optiin will enable returning 0 if the fmt cmd fails
- name: Terraform validate
id: validate
run: terraform validate
- name: Terraform Plang
id: plan
run: terraform plan -no-clor -input=false -out planfile # to see the -out to generate planfile for troublshooting to see details of the terraform genrated plan
continue-on-error: true #continue to the next step if terraform plan cmd fials
- name: Terraform plan status
if: steps.plan.outcome == 'failure'
run: exit 1 #the shell session gets exited, so this workflow session exits, by exiting or killing the ubuntu container
# for workfow_dispatch logs in steps
# run: |
# echo "Log level: ${{ github.event.inputs.logLevel }}"
# echo "Tags: ${{ github.event.inputs.tags }}"