generated from EGI-Federation/repository-template
-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (126 loc) · 4.4 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: "Deploy"
on:
push:
branches:
- main
pull_request:
paths:
- "deployment/**"
permissions:
pull-requests: write
jobs:
terraform:
name: "Terraform"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install environment
env:
MYTOKEN: ${{ secrets.MYTOKEN }}
run: |
curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 > jq
chmod +x jq
pip install yq ansible git+https://github.com/tdviet/fedcloudclient.git
curl -L https://github.com/oidc-mytoken/client/releases/download/v0.5.2/mytoken_0.5.2_linux_64-bit.tar.gz \
| tar -xzf -
mkdir ~/.mytoken
curl https://raw.githubusercontent.com/oidc-mytoken/client/master/config/example-config.yaml \
| sed 's/default_provider:/default_provider: "egi"/g' \
> ~/.mytoken/config.yaml
# add PWD to the PATH
echo "$PWD" >> "$GITHUB_PATH"
# add OIDC access token to ENV
OIDC_TOKEN=$(./mytoken AT --MT-env MYTOKEN)
echo "::add-mask::$OIDC_TOKEN"
echo "OIDC_TOKEN=$OIDC_TOKEN" >> "$GITHUB_ENV"
- name: Configure providers access
run: |
cd deployment
./site-config.sh
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.2.9
- name: Terraform Format
id: fmt
run: |
cd deployment
terraform fmt -check
- name: Terraform init
id: init
run: |
cd deployment
terraform init
- name: terraform plan
id: plan
if: github.event_name == 'pull_request'
run: |
cd deployment
terraform plan -no-color -var-file=deploy.tfvars
continue-on-error: true
- name: Update Pull Request
uses: actions/github-script@v7
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: |
cd deployment
terraform apply -auto-approve -var-file=deploy.tfvars
- name: Get IP
id: public_ip
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: |
cd deployment
terraform output -raw public_ip
- name: Update IP in DNS
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
env:
NSUPDATE_SECRET: ${{ secrets.NSUPDATE_SECRET }}
run: |
curl -u "horizon.vm.fedcloud.eu:$NSUPDATE_SECRET" \
"https://nsupdate.fedcloud.eu/nic/update?myip=${{ steps.public_ip.outputs.stdout }}"
- name: Configure with ansible
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
uses: dawidd6/action-ansible-playbook@v2
with:
playbook: playbook.yaml
directory: ./deployment
key: ${{ secrets.SSH_KEY }}
inventory: |
[all]
${{ steps.public_ip.outputs.stdout }}
requirements: galaxy-requirements.yaml
options: |
--extra-vars ACCESS_TOKEN=${{ env.OIDC_TOKEN }}
--extra-vars git_ref=${{ github.sha }}
--ssh-common-args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
-u egi