Skip to content

Terraform Plan

Terraform Plan #56

name: Terraform Plan
on:
workflow_dispatch:
inputs:
environment:
type: string
description: 'The environment to run terraform plan against:'
required: true
# workflow_call:
# inputs:
# environment:
# type: string
# required: true
env:
DOTNET_VERSION: ${{ vars.DOTNET_VERSION }}
ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
AZ_KEYVAULT_NAME: ${{ secrets.AZ_KEYVAULT_TF }}
TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }}
TF_BACKEND_CONTAINER_NAME: ${{ secrets.TF_BACKEND_CONTAINER_NAME }}
TF_BACKEND_KEY: ${{ secrets.TF_BACKEND_KEY }}
TF_BACKEND_RESOURCE_GROUP: ${{ secrets.TF_BACKEND_RESOURCE_GROUP }}
TF_VAR_az_app_kestrel_endpoint: ${{ vars.KESTRELENDPOINT }}
TF_VAR_container_app_image_name : ${{ vars.container_app_image_name }}
TF_VAR_project_name: ${{ vars.DFE_PROJECT_NAME }}
TF_VAR_environment: ${{ vars.AZ_ENVIRONMENT }}
TF_VAR_tf_state_storage_account : ${{ secrets.tf_state_storage_account }}
TF_VAR_tfstate_storage_container_name : ${{secrets.tfstate_storage_container_name}}
TF_VAR_resource_group_name : ${{secrets.resource_group_name}}
TF_VAR_azure_location: ${{ vars.AZ_LOCATION }}
TF_VAR_az_tag_environment: ${{ vars.AZ_TAG_ENVIRONMENT }}
TF_VAR_az_tag_product: ${{ vars.AZ_TAG_PRODUCT }}
TF_VAR_registry_server: "ghcr.io"
TF_VAR_registry_username: ${{ github.repository_owner }}
TF_VAR_registry_custom_image_url: "ghcr.io/dfe-digital/sts-knowledgebase:v0.0.1-development.0"
TF_VAR_registry_password: ${{ secrets.GITHUB_TOKEN }}
TF_VAR_serviceprinciple_identity : ${{ secrets.serviceprinciple }}
TF_WORKING_DIRECTORY: terraform
jobs:
terraform-plan:
name: Terraform plan
runs-on: ubuntu-22.04
defaults:
run:
working-directory: ${{env.TF_WORKING_DIRECTORY}}
environment: ${{ inputs.environment }}
steps:
- name: Clone repo
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.2
- name: Get GitHub Runner IP
id: whats-my-ip
uses: ./.github/actions/whats-my-ip-address
- name: Set GitHub Runner IP to TF Var
shell: bash
run: |
echo "TF_VAR_github_ip=${{ steps.whats-my-ip.outputs.ip}}" >> $GITHUB_ENV
- name: Login with AZ
uses: ./.github/actions/azure-login
with:
az_tenant_id: ${{ secrets.AZ_TENANT_ID }}
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
az_client_id: ${{ secrets.AZ_CLIENT_ID }}
az_client_secret: ${{ secrets.AZ_CLIENT_SECRET }}
- name: Add Runner to KV whitelist
uses: azure/CLI@v1
with:
azcliversion: 2.45.0
inlineScript: |
az keyvault network-rule add --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null
- name: Terraform init
id: init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TF_BACKEND_RESOURCE_GROUP }}" \
-backend-config="storage_account_name=${{ env.TF_BACKEND_STORAGE_ACCOUNT_NAME }}" \
-backend-config="container_name=${{ env.TF_BACKEND_CONTAINER_NAME }}" \
-backend-config="key=${{ env.TF_BACKEND_KEY }}"
- name: Plan Terraform changes
id: plan
run: terraform plan
#- uses: trstringer/manual-approval@v1
# with:
# secret: ${{ github.TOKEN }}
# approvers: sathishmani219
# minimum-approvals: 1
# issue-title: "Check and approve"
# issue-body: "Review the terraform plan, then approve."
# exclude-workflow-initiator-as-approver: false
#- name: Apply Terraform changes
# id: apply
# run: terraform apply -auto-approve
- name: Remove Runner to KV whitelist
uses: azure/CLI@v1
if: always()
with:
azcliversion: 2.45.0
inlineScript: |
az keyvault network-rule remove --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null