camunda · leiicamundi · Sep 18, 2024 · Sep 11, 2024 · Sep 11, 2024 · Sep 11, 2024
diff --git a/.github/actions/aurora-manage-cluster/README.md b/.github/actions/aurora-manage-cluster/README.md
@@ -0,0 +1,151 @@
+# Deploy RDS Aurora Cluster
+
+## Description
+
+This GitHub Action automates the deployment of an RDS Aurora cluster using Terraform.
+This action will also install Terraform and awscli. It will output the Aurora cluster endpoint.
+
+
+## Inputs
+
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `cluster-name` | <p>Name of the RDS Aurora cluster to deploy</p> | `true` | `""` |
+| `username` | <p>Username for the PostgreSQL admin user</p> | `true` | `""` |
+| `password` | <p>Password for the PostgreSQL admin user</p> | `true` | `""` |
+| `vpc-id` | <p>VPC ID to create the cluster in</p> | `true` | `""` |
+| `subnet-ids` | <p>List of subnet IDs to create the cluster in</p> | `true` | `""` |
+| `cidr-blocks` | <p>CIDR blocks to allow access from and to</p> | `true` | `""` |
+| `availability-zones` | <p>Array of availability zones to use for the Aurora cluster</p> | `true` | `""` |
+| `additional-terraform-vars` | <p>JSON object containing additional Terraform variables</p> | `false` | `{}` |
+| `s3-backend-bucket` | <p>Name of the S3 bucket to store Terraform state</p> | `true` | `""` |
+| `s3-bucket-region` | <p>Region of the bucket containing the resources states</p> | `false` | `""` |
+| `tf-modules-revision` | <p>Git revision of the tf modules to use</p> | `false` | `main` |
+| `tf-modules-path` | <p>Path where the tf Aurora modules will be cloned</p> | `false` | `./.action-tf-modules/aurora/` |
+| `tf-cli-config-credentials-hostname` | <p>The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to <code>app.terraform.io</code>.</p> | `false` | `app.terraform.io` |
+| `tf-cli-config-credentials-token` | <p>The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.</p> | `false` | `""` |
+| `tf-terraform-version` | <p>The version of Terraform CLI to install. Defaults to <code>latest</code>.</p> | `false` | `latest` |
+| `tf-terraform-wrapper` | <p>Whether or not to install a wrapper to wrap subsequent calls of the <code>terraform</code> binary and expose its STDOUT, STDERR, and exit code as outputs named <code>stdout</code>, <code>stderr</code>, and <code>exitcode</code> respectively. Defaults to <code>true</code>.</p> | `false` | `true` |
+| `awscli-version` | <p>Version of the aws cli to use</p> | `false` | `2.15.52` |
+
+
+## Outputs
+
+| name | description |
+| --- | --- |
+| `aurora-endpoint` | <p>The endpoint of the deployed Aurora cluster</p> |
+| `terraform-state-url` | <p>URL of the Terraform state file in the S3 bucket</p> |
+| `all-terraform-outputs` | <p>All outputs from Terraform</p> |
+
+
+## Runs
+
+This action is a `composite` action.
+
+## Usage
+
+```yaml
+- uses: camunda/camunda-tf-eks-module/aurora-manage-cluster@main
+  with:
+    cluster-name:
+    # Name of the RDS Aurora cluster to deploy
+    #
+    # Required: true
+    # Default: ""
+
+    username:
+    # Username for the PostgreSQL admin user
+    #
+    # Required: true
+    # Default: ""
+
+    password:
+    # Password for the PostgreSQL admin user
+    #
+    # Required: true
+    # Default: ""
+
+    vpc-id:
+    # VPC ID to create the cluster in
+    #
+    # Required: true
+    # Default: ""
+
+    subnet-ids:
+    # List of subnet IDs to create the cluster in
+    #
+    # Required: true
+    # Default: ""
+
+    cidr-blocks:
+    # CIDR blocks to allow access from and to
+    #
+    # Required: true
+    # Default: ""
+
+    availability-zones:
+    # Array of availability zones to use for the Aurora cluster
+    #
+    # Required: true
+    # Default: ""
+
+    additional-terraform-vars:
+    # JSON object containing additional Terraform variables
+    #
+    # Required: false
+    # Default: {}
+
+    s3-backend-bucket:
+    # Name of the S3 bucket to store Terraform state
+    #
+    # Required: true
+    # Default: ""
+
+    s3-bucket-region:
+    # Region of the bucket containing the resources states
+    #
+    # Required: false
+    # Default: ""
+
+    tf-modules-revision:
+    # Git revision of the tf modules to use
+    #
+    # Required: false
+    # Default: main
+
+    tf-modules-path:
+    # Path where the tf Aurora modules will be cloned
+    #
+    # Required: false
+    # Default: ./.action-tf-modules/aurora/
+
+    tf-cli-config-credentials-hostname:
+    # The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.
+    #
+    # Required: false
+    # Default: app.terraform.io
+
+    tf-cli-config-credentials-token:
+    # The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.
+    #
+    # Required: false
+    # Default: ""
+
+    tf-terraform-version:
+    # The version of Terraform CLI to install. Defaults to `latest`.
+    #
+    # Required: false
+    # Default: latest
+
+    tf-terraform-wrapper:
+    # Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
+    #
+    # Required: false
+    # Default: true
+
+    awscli-version:
+    # Version of the aws cli to use
+    #
+    # Required: false
+    # Default: 2.15.52
+```
diff --git a/.github/actions/aurora-manage-cluster/action.yml b/.github/actions/aurora-manage-cluster/action.yml
@@ -0,0 +1,170 @@
+---
+name: Deploy RDS Aurora Cluster
+
+description: |
+    This GitHub Action automates the deployment of an RDS Aurora cluster using Terraform.
+    This action will also install Terraform and awscli. It will output the Aurora cluster endpoint.
+
+inputs:
+    cluster-name:
+        description: Name of the RDS Aurora cluster to deploy
+        required: true
+
+    username:
+        description: Username for the PostgreSQL admin user
+        required: true
+
+    password:
+        description: Password for the PostgreSQL admin user
+        required: true
+
+    vpc-id:
+        description: VPC ID to create the cluster in
+        required: true
+
+    subnet-ids:
+        description: List of subnet IDs to create the cluster in
+        required: true
+
+    cidr-blocks:
+        description: CIDR blocks to allow access from and to
+        required: true
+
+    availability-zones:
+        description: Array of availability zones to use for the Aurora cluster
+        required: true
+
+    additional-terraform-vars:
+        description: JSON object containing additional Terraform variables
+        required: false
+        default: '{}'
+
+    s3-backend-bucket:
+        description: Name of the S3 bucket to store Terraform state
+        required: true
+
+    s3-bucket-region:
+        description: Region of the bucket containing the resources states
+        required: false
+
+    tf-modules-revision:
+        description: Git revision of the tf modules to use
+        default: main
+
+    tf-modules-path:
+        description: Path where the tf Aurora modules will be cloned
+        default: ./.action-tf-modules/aurora/
+
+    # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml
+    tf-cli-config-credentials-hostname:
+        description: The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+            file. Defaults to `app.terraform.io`.
+        default: app.terraform.io
+
+    tf-cli-config-credentials-token:
+        description: The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+            file.
+        required: false
+
+    tf-terraform-version:
+        description: The version of Terraform CLI to install. Defaults to `latest`.
+        default: latest
+
+    tf-terraform-wrapper:
+        description: Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code
+            as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
+        default: 'true'
+
+    awscli-version:
+        description: Version of the aws cli to use
+        # renovate: datasource=github-releases depName=aws/aws-cli
+        default: 2.15.52
+
+outputs:
+    aurora-endpoint:
+        description: The endpoint of the deployed Aurora cluster
+        value: ${{ steps.apply.outputs.aurora_endpoint }}
+
+    terraform-state-url:
+        description: URL of the Terraform state file in the S3 bucket
+        value: ${{ steps.utility.outputs.terraform-state-url }}
+
+    # Add all terraform outputs dynamically
+    all-terraform-outputs:
+        description: All outputs from Terraform
+        value: ${{ steps.fetch_outputs.outputs.all_terraform_outputs }}
+
+runs:
+    using: composite
+    steps:
+        - name: Use Utility Actions
+          id: utility
+          # see https://github.com/orgs/community/discussions/41927 it's not possible to optimize this yet
+          # steps.uses  cannot access the github context.
+          # uses: ${{ github.action_repository }}/utility-action@${{ github.action_ref }}
+          # TODO: hard pin this one once it's merged
+          #uses: "camunda/camunda-tf-eks-module/utility-action@main"
+          uses: ./.github/actions/utility-action
+          with:
+              awscli-version: ${{ inputs.awscli-version }}
+              terraform-version: ${{ inputs.terraform-version }}
+
+              s3-backend-bucket: ${{ inputs.s3-backend-bucket }}
+              s3-bucket-region: ${{ inputs.s3-bucket-region }}
+
+              tf-state-key: terraform/${{ inputs.cluster-name }}/gha/aurora/terraform.tfstate
+
+              tf-cli-config-credentials-hostname: ${{ inputs.tf-cli-config-credentials-hostname }}
+              tf-cli-config-credentials-token: ${{ inputs.tf-cli-config-credentials-token }}
+              tf-terraform-wrapper: ${{ inputs.tf-terraform-wrapper }}
+
+        - name: Checkout Repository Aurora modules
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+          with:
+              repository: camunda/camunda-tf-eks-module
+              ref: ${{ inputs.tf-modules-revision }}
+              path: ${{ inputs.tf-modules-path }}
+              fetch-depth: 0
+
+        - name: Terraform Init
+          shell: bash
+          id: init
+          working-directory: ${{ inputs.tf-modules-path }}/modules/aurora/
+          run: |
+              cp ../fixtures/backend.tf ./
+              terraform version
+              terraform init -backend-config="bucket=${{ steps.utility.outputs.TFSTATE_BUCKET }}" -backend-config="key=${{ steps.utility.outputs.TFSTATE_KEY }}" -backend-config="region=${{ steps.utility.outputs.TFSTATE_REGION }}"
+              terraform validate -no-color
+
+        - name: Terraform Plan
+          shell: bash
+          id: plan
+          working-directory: ${{ inputs.tf-modules-path }}/modules/aurora/
+          run: |
+              echo '${{ inputs.additional-terraform-vars }}' > /tmp/var.tfvars.json
+              terraform plan -no-color -out aurora.plan \
+                -var-file=/tmp/var.tfvars.json \
+                -var "cluster_name=${{ inputs.cluster-name }}" \
+                -var "username=${{ inputs.username }}" \
+                -var "password=${{ inputs.password }}" \
+                -var 'availability_zones=${{ inputs.availability-zones }}' \
+                -var "vpc_id=${{ inputs.vpc-id }}" \
+                -var 'subnet_ids=${{ inputs.subnet-ids }}' \
+                -var 'cidr_blocks=${{ inputs.cidr-blocks }}'
+
+        - name: Terraform Apply
+          shell: bash
+          id: apply
+          working-directory: ${{ inputs.tf-modules-path }}/modules/aurora/
+          run: |
+              terraform apply -no-color aurora.plan
+              export aurora_endpoint="$(terraform output -raw aurora_endpoint)"
+              echo "aurora_endpoint=$aurora_endpoint" >> "$GITHUB_OUTPUT"
+
+        - name: Fetch Terraform Outputs
+          shell: bash
+          id: fetch_outputs
+          working-directory: ${{ inputs.tf-modules-path }}/modules/aurora/
+          run: |
+              all_outputs=$(terraform output -json | jq -c .)
+              echo "all_terraform_outputs=$all_outputs" | tee -a "$GITHUB_OUTPUT"
diff --git a/.github/actions/eks-cleanup-resources/README.md b/.github/actions/eks-cleanup-resources/README.md
@@ -0,0 +1,57 @@
+# Delete EKS resources
+
+## Description
+
+This GitHub Action automates the deletion of EKS resources using a shell script.
+
+
+## Inputs
+
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `tf-bucket` | <p>Bucket containing the resources states</p> | `true` | `""` |
+| `tf-bucket-region` | <p>Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION</p> | `false` | `""` |
+| `max-age-hours` | <p>Maximum age of resources in hours</p> | `false` | `20` |
+| `target` | <p>Specify an ID to destroy specific resources or "all" to destroy all resources</p> | `false` | `all` |
+| `temp-dir` | <p>Temporary directory prefix used for storing resource data during processing</p> | `false` | `./tmp/eks-cleanup/` |
+
+
+## Runs
+
+This action is a `composite` action.
+
+## Usage
+
+```yaml
+- uses: camunda/camunda-tf-eks-module/eks-cleanup-resources@main
+  with:
+    tf-bucket:
+    # Bucket containing the resources states
+    #
+    # Required: true
+    # Default: ""
+
+    tf-bucket-region:
+    # Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION
+    #
+    # Required: false
+    # Default: ""
+
+    max-age-hours:
+    # Maximum age of resources in hours
+    #
+    # Required: false
+    # Default: 20
+
+    target:
+    # Specify an ID to destroy specific resources or "all" to destroy all resources
+    #
+    # Required: false
+    # Default: all
+
+    temp-dir:
+    # Temporary directory prefix used for storing resource data during processing
+    #
+    # Required: false
+    # Default: ./tmp/eks-cleanup/
+```