liatrio · andrewhaller · Dec 1, 2022 · Dec 1, 2022 · Dec 1, 2022 · Dec 1, 2022
diff --git a/aws-account-number/action.yml b/aws-account-number/action.yml
@@ -0,0 +1,31 @@
+name: AWS Account Number
+description: Retrieves an aws account number from a json file
+inputs:
+  accounts-file:
+    description: A json file with the aws accounts
+    required: true
+  account-name:
+    description: The name of the specific account to use
+    required: true
+  account-name-label:
+    description: "The key name for the account name"
+    required: false
+    default: name
+  account-id-label:
+    description: "The key name for the account id"
+    required: false
+    default: account
+outputs:
+  environments-to-run:
+    description: A list of environments that will have plan / apply executed on. This will be a JSON formatted array.
+    value: ${{ steps.account-number.outputs.number }}
+runs:
+  using: composite
+  steps:
+    - name: Get AWS Account Number
+      shell: bash
+      id: account-number
+      run: |
+        output="$(cat ${{ inputs.accounts-file }} | jq -rc '.[] | select(.${{ inputs.account-name-label }} == "${{ inputs.account-name }}") | .${{ inputs.account-id-label }}')"
+        echo "number=$output"
+        echo "number=$output" >> $GITHUB_OUTPUT
diff --git a/discover-changed/action.yml b/discover-changed/action.yml
@@ -0,0 +1,38 @@
+name: Discover Changed Targets
+description: Discovers a list of targets to execute plan/apply on
+inputs:
+  targets:
+    description: A list of target folders to check when determining what to run plan/apply on. This should be a newline-delimited string of targets.
+    required: true
+outputs:
+  changed-targets:
+    description: A list of targets that will have plan / apply executed on. This will be a JSON formatted array.
+    value: ${{ steps.set-matrix.outputs.matrix }}
+runs:
+  using: composite
+  steps:
+    - name: Get Changed Files
+      id: files
+      uses: tj-actions/changed-files@v34
+      with:
+        files: ${{ inputs.targets }}
+
+    # given a list of files, output all of the targets that we need to plan against as JSON
+    # example output: ["liatrio-sandbox", "liatrio-non-prod"]
+    - name: List Changed Files
+      id: set-matrix
+      shell: bash
+      run: |
+        envs=()
+
+        files="${{ steps.files.outputs.all_modified_files }}"
+
+        if [ ! -z "$files" ]; then
+          for file in $files[@]; do
+            envs+=($(echo $file | cut -d'/' -f2))
+          done
+        fi
+
+        output="$(echo "${envs[@]}" | tr ' ' '\n' | sort -u | xargs echo -n | jq -R -s -c 'split(" ")')"
+        echo "matrix=${output}"        
+        echo "matrix=${output}" >> $GITHUB_OUTPUT
diff --git a/github-download-release/action.yml b/github-download-release/action.yml
@@ -0,0 +1,62 @@
+name: Github Download Release
+description: Downloads the specified release using gh client
+inputs:
+  token:
+    description: The authorization token for the target repo
+    required: true
+  github-version:
+    description: Github version
+    required: false
+    default: 'v2.0.0'
+  owner:
+    description: The repo owner
+    required: true
+  repo:
+    description: The repo name
+    required: true
+  release:
+    description: The release tag or number
+    required: true
+  format-ext:
+    description: The type of archive
+    required: false
+    default: linux_amd64.tar.gz
+outputs:
+  filename:
+    description: The name of the downloaded tarball
+    value: ${{ steps.download-tarball.outputs.filename }}
+runs:
+  using: composite
+  steps:
+    - name: Download github cli
+      shell: bash
+      env:
+        GH_VERSION: ${{ inputs.github-version }}
+        DOWNLOAD_FORMAT_EXT: ${{ inputs.format-ext }}
+      run: |
+        export GH_TAG=$(echo "${GH_VERSION}" | sed s/^v//g)
+        export DOWNLOAD_URL="https://github.com/cli/cli/releases/download/${GH_VERSION}/gh_${GH_TAG}_${DOWNLOAD_FORMAT_EXT}"
+        printf "Downloading '%s' ...\n" "${DOWNLOAD_URL}"
+        curl -LO "${DOWNLOAD_URL}"
+        export FILENAME="gh_${GH_TAG}_${DOWNLOAD_FORMAT_EXT}"
+        printf "Extracting '%s' ...\n" "${FILENAME}"
+        tar -xzvf "${FILENAME}"
+        export ARCH=$(echo $DOWNLOAD_FORMAT_EXT | awk -F'.' '{ print $1 }')
+        mv gh_${GH_TAG}_${ARCH}/bin/gh ./
+
+    - name: Download Tarball
+      shell: bash
+      id: download-tarball
+      env:
+        GITHUB_TOKEN: ${{ inputs.token }}
+        GITHUB_REPO: ${{ inputs.repo }}
+        GITHUB_REPO_OWNER: ${{ inputs.owner }}
+        RELEASE_NAME: ${{ inputs.release }}
+        DOWNLOAD_FORMAT_EXT: ${{ inputs.format-ext }}
+      run: |
+        export RELEASE_TAG=$(echo "${RELEASE_NAME}" | sed s/^v//g)
+        printf "Downloading release '%s' from repo '%s' ...\n" "${RELEASE_NAME}" "${GITHUB_REPO_OWNER}/${GITHUB_REPO}"
+        ./gh release download --repo "${GITHUB_REPO_OWNER}/${GITHUB_REPO}" "${RELEASE_NAME}" -p "${GITHUB_REPO}_${RELEASE_TAG}_${DOWNLOAD_FORMAT_EXT}"
+
+        output="${GITHUB_REPO}_${RELEASE_TAG}_${DOWNLOAD_FORMAT_EXT}"
+        echo "filename=${output}" >> $GITHUB_OUTPUT
diff --git a/terraform-compliance-aws/action.yml b/terraform-compliance-aws/action.yml
@@ -0,0 +1,56 @@
+name: AWS Terraform Compliance
+description: Checks terraform complicance with aws
+inputs:
+  target-folder:
+    description: The target folder
+    required: true
+  subfolders:
+    description: A space delimited list of sub-folders with terragrunt.hcl files
+    required: true
+  iam-role:
+    description: The iam role to assume
+    required: true
+runs:
+  using: composite
+  steps:
+    - name: List Compliance folder
+      shell: bash
+      run: |
+        ls -la
+
+    - name: Terraform Compliance setup
+      shell: bash
+      env:
+        TARGET_FOLDER: ${{ inputs.target-folder }}
+        SUBFOLDERS: ${{ inputs.subfolders }}
+        TERRAGRUNT_IAM_ROLE: ${{ inputs.iam-role }}
+      run: |
+        cd $TARGET_FOLDER
+        for i in $SUBFOLDERS
+        do
+          cd $i/
+          terragrunt plan -lock=false --out plan.out
+          terragrunt show -json plan.out > plan.out.json
+          cd ..
+        done
+
+    - name: Terraform Compliance
+      shell: bash
+      env:
+        TARGET_FOLDER: ${{ inputs.target-folder }}
+        SUBFOLDERS: ${{ inputs.subfolders }}
+      run: |
+        cd $TARGET_FOLDER
+        for i in $SUBFOLDERS
+        do
+          ii="${TARGET_FOLDER}/${i}"
+          echo "##################################################################################################################"
+          echo "TERRAFORM COMPLIANCE PATH ${ii}"
+          echo "##################################################################################################################"
+          cd $i/
+          terraform-compliance -n -p plan.out.json -f git:https://github.com/terraform-compliance/user-friendly-features.git
+          echo "##################################################################################################################"
+          echo "\n"
+          rm plan.out.json
+          cd ..
+        done
diff --git a/terragrunt-run-all/action.yml b/terragrunt-run-all/action.yml
@@ -0,0 +1,34 @@
+name: Terragrunt Run All
+description: Terragrunt run-all
+inputs:
+  folder:
+    description: The target folder
+    required: true
+  iam-role:
+    description: The iam role to assume
+    required: true
+  bin-name:
+    description: The name of the executable
+    required: false
+    default: terragrunt
+  bin-path:
+    description: The bin location
+    required: false
+    default: /usr/local/bin
+  run-all-action:
+    description: The terragrunt command args
+    required: true
+  additional-options-args:
+    description: Additional terragrunt option args
+    required: false
+
+runs:
+  using: composite
+  steps:
+
+    - name: Terrgrunt Apply
+      shell: bash
+      env:
+        TERRAGRUNT_IAM_ROLE: ${{ inputs.iam-role }}
+      run: |
+        ${{ inputs.bin-path }}/${{ inputs.bin-name }} run-all ${{ inputs.run-all-action }} --terragrunt-non-interactive --terragrunt-working-dir ${{ inputs.folder }} ${{ inputs.additional-options-args }}
diff --git a/terragrunt-setup/action.yml b/terragrunt-setup/action.yml
@@ -0,0 +1,34 @@
+name: Terragrunt Setup
+description: Checks terraform complicance with aws
+inputs:
+  terragrunt-version:
+    description: The terragrunt version to use
+    required: false
+    default: 'v0.31.1'
+  bin-name:
+    description: The name of the executable
+    required: false
+    default: terragrunt
+  bin-dir:
+    description: The bin location
+    required: false
+    default: /usr/local/bin
+  format-ext:
+    description: The type of archive
+    required: false
+    default: linux_amd64
+runs:
+  using: composite
+  steps:
+
+    - name: Terrgrunt Setup
+      shell: bash
+      env:
+        TERRAGRUNT_VERSION: ${{ inputs.terragrunt-version }}
+        DOWNLOAD_FORMAT_EXT: ${{ inputs.format-ext }}
+      run: |
+        export DOWNLOAD_URL="https://github.com/gruntwork-io/terragrunt/releases/download/${TERRAGRUNT_VERSION}/terragrunt_${DOWNLOAD_FORMAT_EXT}"
+        printf "Downloading '%s' ...\n" "${DOWNLOAD_URL}"
+        curl -f -Lo ${{ inputs.bin-name }} "${DOWNLOAD_URL}"
+        chmod +x ${{ inputs.bin-name }}
+        mv ${{ inputs.bin-name }} ${{ inputs.bin-path }}/${{ inputs.bin-name }}