-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into OPS-967/task-1806
- Loading branch information
Showing
57 changed files
with
1,688 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,121 @@ | ||
| name: 'Terraform setup and apply' | ||
| description: 'Setup Terraform and applies Terraform config' | ||
| inputs: | ||
| terraform_directory: | ||
| description: 'Directory that holds Terraform code' | ||
| required: true | ||
| azure_client_id: | ||
| description: 'Azure client id' | ||
| required: true | ||
| azure_client_secret: | ||
| description: 'Azure client secret' | ||
| required: true | ||
| azure_subscription_id: | ||
| description: 'Azure subscription id' | ||
| required: true | ||
| azure_tenant_id: | ||
| description: 'Azure tenant id' | ||
| required: true | ||
| terraform_version: | ||
| description: 'Terraform Version' | ||
| required: true | ||
| default: 1.5.7 | ||
| github_token: | ||
| description: 'GitHub token for auth' | ||
| required: true | ||
| pr_id: | ||
| description: 'Pull request ID' | ||
| required: false | ||
| tf_vars: | ||
| description: 'A map of variable inputs for Terraform' | ||
| required: false | ||
| plan_workflow_file: | ||
| description: 'Filename of workflow containing the tf plan artifact.' | ||
| required: false | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: Get last directory name | ||
| id: get-tf-dir | ||
| run: | | ||
| tf_dir=$(echo ${{ inputs.terraform_directory }} | rev | cut -d'/' -f1 | rev) | ||
| echo "tf_dir=$tf_dir" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
|
|
||
| - name: Set Terraform Variables | ||
| run: | | ||
| if [[ -n "${INPUT_TF_VARS}" ]]; then | ||
| for key in $(echo "${INPUT_TF_VARS}" | jq -r 'keys[]'); do | ||
| value=$(echo "${INPUT_TF_VARS}" | jq -r ".$key") | ||
| echo "TF_VAR_${key// /}=${value}" >> $GITHUB_ENV | ||
| # Print debug statement | ||
| echo "Exported TF_VAR_${key// /}=${value}" | ||
| done | ||
| fi | ||
| shell: bash | ||
| env: | ||
| INPUT_TF_VARS: ${{ inputs.tf_vars }} | ||
|
|
||
| - name: Setup Terraform | ||
| uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 #v3.0.0 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform_version }} | ||
| terraform_wrapper: false | ||
|
|
||
| - name: Terraform Init | ||
| id: init | ||
| working-directory: ${{ inputs.terraform_directory }} | ||
| shell: bash | ||
| env: | ||
| ARM_CLIENT_ID: ${{ inputs.azure_client_id }} | ||
| ARM_CLIENT_SECRET: ${{ inputs.azure_client_secret }} | ||
| ARM_SUBSCRIPTION_ID: ${{ inputs.azure_subscription_id }} | ||
| ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} | ||
| run: | | ||
| terraform init | ||
| - name: Download Plan | ||
| id: download-plan | ||
| if: ${{ inputs.plan_workflow_file != '' }} | ||
| uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d #v3.0.0 | ||
| with: | ||
| github_token: ${{ inputs.github_token }} | ||
| workflow: ${{ inputs.plan_workflow_file }} | ||
| pr: ${{ inputs.pr_id }} | ||
| name: ${{ inputs.pr_id }}-${{ steps.get-tf-dir.outputs.tf_dir }}-tf-plan | ||
| path: ${{ inputs.terraform_directory }} | ||
|
|
||
| - name: Terraform Apply | ||
| id: apply | ||
| working-directory: ${{ inputs.terraform_directory }} | ||
| shell: bash | ||
| env: | ||
| ARM_CLIENT_ID: ${{ inputs.azure_client_id }} | ||
| ARM_CLIENT_SECRET: ${{ inputs.azure_client_secret }} | ||
| ARM_SUBSCRIPTION_ID: ${{ inputs.azure_subscription_id }} | ||
| ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} | ||
| run: | | ||
| echo 'apply<<EOF' >> $GITHUB_OUTPUT | ||
| if [ -f "tfplan" ]; then | ||
| terraform apply -input=false -no-color tfplan >> $GITHUB_OUTPUT | ||
| else | ||
| terraform apply -auto-approve -input=false -no-color >> $GITHUB_OUTPUT | ||
| fi | ||
| echo 'EOF' >> $GITHUB_OUTPUT | ||
| - name: Comment Apply | ||
| id: comment-apply | ||
| if: ${{ inputs.pr_id != '' }} | ||
| uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 #v3.1.0 | ||
| with: | ||
| token: ${{ inputs.github_token }} | ||
| issue-number: ${{ inputs.pr_id }} | ||
| body: | | ||
| Terraform Apply for for ${{ inputs.terraform_directory }}: | ||
| ``` | ||
| ${{ steps.apply.outputs.apply }} | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| name: 'Terraform setup and plan' | ||
| description: 'Setup Terraform and creates plan' | ||
| inputs: | ||
| terraform_directory: | ||
| description: 'Directory that holds Terraform code' | ||
| required: true | ||
| azure_client_id: | ||
| description: 'Azure client id' | ||
| required: true | ||
| azure_client_secret: | ||
| description: 'Azure client secret' | ||
| required: true | ||
| azure_subscription_id: | ||
| description: 'Azure subscription id' | ||
| required: true | ||
| azure_tenant_id: | ||
| description: 'Azure tenant id' | ||
| required: true | ||
| terraform_version: | ||
| description: 'Terraform Version' | ||
| required: true | ||
| default: 1.5.7 | ||
| github_token: | ||
| description: 'GitHub token for auth' | ||
| required: true | ||
| pr_id: | ||
| description: 'Pull request ID' | ||
| required: true | ||
| tf_vars: | ||
| description: 'A map of variable inputs for Terraform' | ||
| required: false | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: Get last directory name | ||
| id: get-tf-dir | ||
| run: | | ||
| tf_dir=$(echo ${{ inputs.terraform_directory }} | rev | cut -d'/' -f1 | rev) | ||
| echo "tf_dir=$tf_dir" >> $GITHUB_OUTPUT | ||
| shell: bash | ||
|
|
||
| - name: Set Terraform Variables | ||
| run: | | ||
| if [[ -n "${INPUT_TF_VARS}" ]]; then | ||
| for key in $(echo "${INPUT_TF_VARS}" | jq -r 'keys[]'); do | ||
| value=$(echo "${INPUT_TF_VARS}" | jq -r ".$key") | ||
| echo "TF_VAR_${key// /}=${value}" >> $GITHUB_ENV | ||
| # Print debug statement | ||
| echo "Exported TF_VAR_${key// /}=${value}" | ||
| done | ||
| fi | ||
| shell: bash | ||
| env: | ||
| INPUT_TF_VARS: ${{ inputs.tf_vars }} | ||
|
|
||
| - name: Setup Terraform | ||
| uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 #v3.0.0 | ||
| with: | ||
| terraform_version: ${{ inputs.terraform_version }} | ||
| terraform_wrapper: false | ||
|
|
||
| - name: Terraform Init | ||
| id: init | ||
| working-directory: ${{ inputs.terraform_directory }} | ||
| shell: bash | ||
| env: | ||
| ARM_CLIENT_ID: ${{ inputs.azure_client_id }} | ||
| ARM_CLIENT_SECRET: ${{ inputs.azure_client_secret }} | ||
| ARM_SUBSCRIPTION_ID: ${{ inputs.azure_subscription_id }} | ||
| ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} | ||
| run: | | ||
| terraform init | ||
| - name: Terraform Plan | ||
| id: plan | ||
| working-directory: ${{ inputs.terraform_directory }} | ||
| shell: bash | ||
| env: | ||
| ARM_CLIENT_ID: ${{ inputs.azure_client_id }} | ||
| ARM_CLIENT_SECRET: ${{ inputs.azure_client_secret }} | ||
| ARM_SUBSCRIPTION_ID: ${{ inputs.azure_subscription_id }} | ||
| ARM_TENANT_ID: ${{ inputs.azure_tenant_id }} | ||
| run: | | ||
| echo 'plan<<EOF' >> $GITHUB_OUTPUT | ||
| terraform plan -no-color -out=tfplan >> $GITHUB_OUTPUT | ||
| echo 'EOF' >> $GITHUB_OUTPUT | ||
| - name: Save Artifact | ||
| id: save-artifact | ||
| uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 #v4.0.0 | ||
| with: | ||
| name: ${{ inputs.pr_id }}-${{ steps.get-tf-dir.outputs.tf_dir }}-tf-plan | ||
| path: ${{ inputs.terraform_directory }}/tfplan | ||
|
|
||
| - name: Comment Plan | ||
| id: comment-plan | ||
| uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 #v3.1.0 | ||
| with: | ||
| token: ${{ inputs.github_token }} | ||
| issue-number: ${{ inputs.pr_id }} | ||
| body: | | ||
| Terraform Plan for ${{ inputs.terraform_directory }}: | ||
| ``` | ||
| ${{ steps.plan.outputs.plan }} | ||
| ``` | ||
| Plan saved to GH artifacts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| name: Dev BE Pull Request | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| pull_request: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - backend/models/** | ||
| - backend/ops_api/** | ||
| - backend/Dockerfile.ops-api | ||
|
|
||
| env: | ||
| TERRAFORM_VERSION: "1.5.7" | ||
| TF_IN_AUTOMATION: "True" | ||
| ENVIRONMENT: "dev" | ||
| WORKING_DIR: "backend" | ||
| DOCKER_FILE: "Dockerfile.ops-api" | ||
|
|
||
| jobs: | ||
| build: | ||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | ||
|
|
||
| - name: Build and publish the Docker image for ${{ github.repository }} | ||
| uses: macbre/push-to-ghcr@0f6c180522d02d9e608096c4dcf3b691193b4d44 #v13 | ||
| with: | ||
| image_name: ${{ github.repository }}/ops-${{ env.WORKING_DIR }} # it will be lowercased internally | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| context: ${{ github.workspace }}/${{ env.WORKING_DIR }} | ||
| dockerfile: ${{ github.workspace }}/${{ env.WORKING_DIR }}/${{ env.DOCKER_FILE }} | ||
| image_tag: ${{ github.sha }} | ||
|
|
||
| plan-backend-deploy: | ||
| needs: build | ||
| permissions: | ||
| pull-requests: write | ||
|
|
||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | ||
|
|
||
| - name: Terraform Plan | ||
| uses: ./.github/actions/tf-plan | ||
| with: | ||
| terraform_directory: "terraform/eus/${{ env.ENVIRONMENT }}/${{ env.WORKING_DIR }}" | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| azure_client_id: ${{ secrets.ARM_CLIENT_ID }} | ||
| azure_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} | ||
| azure_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} | ||
| azure_tenant_id: ${{ secrets.ARM_TENANT_ID }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| pr_id: ${{ github.event.pull_request.number }} | ||
| tf_vars: | | ||
| { | ||
| "environment": "${{ env.ENVIRONMENT }}", | ||
| "container_tag": "${{ github.sha }}" | ||
| } | ||
| plan-backend-asa-deploy: | ||
| needs: build | ||
| permissions: | ||
| pull-requests: write | ||
|
|
||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | ||
|
|
||
| - name: Terraform Plan | ||
| uses: ./.github/actions/tf-plan | ||
| with: | ||
| terraform_directory: "terraform/eus/${{ env.ENVIRONMENT }}/${{ env.WORKING_DIR }}_asa" | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| azure_client_id: ${{ secrets.ARM_CLIENT_ID }} | ||
| azure_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} | ||
| azure_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} | ||
| azure_tenant_id: ${{ secrets.ARM_TENANT_ID }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| pr_id: ${{ github.event.pull_request.number }} | ||
| tf_vars: | | ||
| { | ||
| "environment": "${{ env.ENVIRONMENT }}", | ||
| "container_tag": "${{ github.sha }}" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| name: Dev BE Pull Request Merged | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| pull_request: | ||
| types: | ||
| - closed | ||
| branches: | ||
| - main | ||
| paths: | ||
| - backend/models/** | ||
| - backend/ops_api/** | ||
| - backend/Dockerfile.ops-api | ||
|
|
||
| env: | ||
| TERRAFORM_VERSION: "1.5.7" | ||
| TF_IN_AUTOMATION: "True" | ||
| ENVIRONMENT: "dev" | ||
| WORKING_DIR: "backend" | ||
|
|
||
| jobs: | ||
| apply-deploy: | ||
| permissions: | ||
| pull-requests: write | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.event.pull_request.merged }} | ||
| steps: | ||
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | ||
|
|
||
| - name: Terraform Apply | ||
| uses: ./.github/actions/tf-apply | ||
| with: | ||
| terraform_directory: "terraform/eus/${{ env.ENVIRONMENT }}/${{ env.WORKING_DIR }}" | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| azure_client_id: ${{ secrets.ARM_CLIENT_ID }} | ||
| azure_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} | ||
| azure_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} | ||
| azure_tenant_id: ${{ secrets.ARM_TENANT_ID }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| pr_id: ${{ github.event.pull_request.number }} | ||
| plan_workflow_file: ${{ env.ENVIRONMENT }}_${{ env.WORKING_DIR }}_pr.yml | ||
|
|
||
| apply-asa-deploy: | ||
| permissions: | ||
| pull-requests: write | ||
| runs-on: ubuntu-latest | ||
| if: ${{ github.event.pull_request.merged }} | ||
| steps: | ||
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1 | ||
|
|
||
| - name: Terraform Apply | ||
| uses: ./.github/actions/tf-apply | ||
| with: | ||
| terraform_directory: "terraform/eus/${{ env.ENVIRONMENT }}/${{ env.WORKING_DIR }}_asa" | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| azure_client_id: ${{ secrets.ARM_CLIENT_ID }} | ||
| azure_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} | ||
| azure_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} | ||
| azure_tenant_id: ${{ secrets.ARM_TENANT_ID }} | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| pr_id: ${{ github.event.pull_request.number }} | ||
| plan_workflow_file: ${{ env.ENVIRONMENT }}_${{ env.WORKING_DIR }}_pr.yml |
Oops, something went wrong.