Skip to content

Terraform Plan

Terraform Plan #3

name: Terraform Plan
on:
workflow_dispatch:
inputs:
environment:
type: string
description: 'The environment to run terraform plan against:'
required: true
# workflow_call:
# inputs:
# environment:
# type: string
# required: true
env:
DOTNET_VERSION: ${{ vars.DOTNET_VERSION }}
ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
AZ_KEYVAULT_NAME: ${{ secrets.AZ_KEYVAULT_TF }}
TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }}
TF_BACKEND_CONTAINER_NAME: ${{ secrets.TF_BACKEND_CONTAINER_NAME }}
TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
TF_BACKEND_RESOURCE_GROUP: ${{ secrets.TF_BACKEND_RESOURCE_GROUP }}
TF_VAR_tf_state_storage_account : ${{ secrets.tf_state_storage_account }}
TF_VAR_tfstate_storage_container_name : ${{secrets.tfstate_storage_container_name}}
#TF_VAR_project_name: ${{ secrets.DFE_PROJECT_NAME }}
#TF_VAR_environment: ${{ secrets.AZ_ENVIRONMENT }}
#TF_VAR_azure_location: ${{ vars.AZ_LOCATION }}
#TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }}
#TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }}
#TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }}
#TF_VAR_az_sql_azuread_admin_username: ${{ secrets.AZ_SERVICE_PRINCIPAL }}
#TF_VAR_az_sql_admin_password: ${{secrets.AZ_SQL_ADMIN_PASSWORD}}
#TF_VAR_az_sql_azuread_admin_objectid: ${{ secrets.AZ_CLIENT_ID }}
#TF_VAR_cdn_frontdoor_origin_host_header_override: ${{secrets.AZ_CDN_FRONTDOOR_ORIGIN_HOST_HEADER_OVERRIDE}}
#TF_VAR_az_sql_admin_userid_postfix: ${{secrets.AZ_SQL_ADMIN_USERID_POSTFIX}}
#TF_VAR_registry_server: "ghcr.io"
#TF_VAR_registry_username: ${{ github.repository_owner }}
#TF_VAR_registry_custom_image_url: "ghcr.io/dfe-digital/plan-technology-for-your-school:latest"
#TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }}
TF_WORKING_DIRECTORY: terraform
jobs:
terraform-plan:
name: Terraform plan
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ${{env.TF_WORKING_DIRECTORY}}
environment: ${{ inputs.environment }}
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.2
- name: Get GitHub Runner IP
id: whats-my-ip
uses: ./.github/actions/whats-my-ip-address
- name: Set GitHub Runner IP to TF Var
shell: bash
run: |
echo "TF_VAR_github_ip=${{ steps.whats-my-ip.outputs.ip}}" >> $GITHUB_ENV
- name: Login with AZ
uses: ./.github/actions/azure-login
with:
az_tenant_id: ${{ secrets.AZ_TENANT_ID }}
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
az_client_id: ${{ secrets.AZ_CLIENT_ID }}
az_client_secret: ${{ secrets.AZ_CLIENT_SECRET }}
- name: Add Runner to KV whitelist
uses: azure/CLI@v1
with:
azcliversion: 2.45.0
inlineScript: |
az keyvault network-rule add --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null
- name: Terraform init
id: init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TF_BACKEND_RESOURCE_GROUP }}" \
-backend-config="storage_account_name=${{ env.TF_BACKEND_STORAGE_ACCOUNT_NAME }}" \
-backend-config="container_name=${{ env.TF_BACKEND_CONTAINER_NAME }}" \
-backend-config="key=${{ env.TF_BACKEND_KEY }}"
- name: Plan Terraform changes
id: plan
run: terraform plan
- name: Remove Runner to KV whitelist
uses: azure/CLI@v1
if: always()
with:
azcliversion: 2.45.0
inlineScript: |
az keyvault network-rule remove --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null