Skip to content

Commit

Permalink
feat/private modules (#43)
Browse files Browse the repository at this point in the history 
* feat: updating the workflows to support private module access
---------

Co-authored-by: Rimoldeen Francis <[email protected]>
  • Loading branch information
@gambol99
gambol99 and Rimoldeen Francis authored Nov 22, 2024
1 parent 2cbb839 commit ed63a12
Show file tree
Hide file tree
Showing 3 changed files with 220 additions and 6 deletions.
46 changes: 46 additions & 0 deletions .github/workflows/terraform-destroy.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
name: Terraform Destroy
on:
workflow_call:
secrets:
appvia-actions-secret:
description: "Appvia App secret for GH"
required: false
appvia-actions-id:
description: "Appvia App ID for GH"
required: false

inputs:
confirmation:
description: Expects the name of the repository to be confirmed
Expand Down Expand Up @@ -63,6 +71,18 @@ on:
required: false
type: string

enable-private-access:
description: Optional flag to state if terraform requires pulling private modules
required: false
default: false
type: boolean

organization-name:
default: "appvia"
description: "The name of the GitHub organization"
required: false
type: string

use-env-as-suffix:
default: false
description: "Whether to use the environment as a suffix for the state file and iam roles"
Expand Down Expand Up @@ -190,6 +210,19 @@ jobs:
echo "name=${{ github.event.repository.name }}.tfstate" >> $GITHUB_OUTPUT
fi
fi
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
Expand Down Expand Up @@ -291,6 +324,19 @@ jobs:
echo "name=${{ github.event.repository.name }}.tfstate" >> $GITHUB_OUTPUT
fi
fi
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
Expand Down
98 changes: 98 additions & 0 deletions .github/workflows/terraform-module-validation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ on:
infracost-api-key:
description: "The API key for infracost"
required: false
appvia-actions-secret:
description: "Appvia App secret for GH"
required: false
appvia-actions-id:
description: "Appvia App ID for GH"
required: false

inputs:
cicd-repository:
default: "appvia/appvia-cicd-workflows"
Expand All @@ -31,12 +38,24 @@ on:
required: false
type: boolean

enable-private-access:
description: Optional flag to state if terraform requires pulling private modules
required: false
default: false
type: boolean

enable-terraform-tests:
default: true
description: "Whether to run terraform test"
required: false
type: boolean

organization-name:
default: "appvia"
description: "The name of the GitHub organization"
required: false
type: string

terraform-dir:
default: "."
description: "The directory to validate"
Expand Down Expand Up @@ -68,6 +87,7 @@ on:
type: string

env:
## Location of the AWS Web Identity Token file
AWS_WEB_IDENTITY_TOKEN_FILE: /tmp/web_identity_token_file

permissions:
Expand Down Expand Up @@ -134,6 +154,19 @@ jobs:
uses: actions/checkout@v4
- name: Setup Linter
uses: terraform-linters/setup-tflint@v4
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend=false
- name: Setup Linter
Expand All @@ -160,6 +193,19 @@ jobs:
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform-version }}
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
run: terraform -chdir=${{ inputs.terraform-tests-dir }} init -backend=false
- name: Run Tests
Expand All @@ -185,6 +231,19 @@ jobs:
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform-version }}
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init
Expand All @@ -208,6 +267,19 @@ jobs:
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform-version }}
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init
Expand All @@ -233,6 +305,19 @@ jobs:
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform-version }}
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{secrets.appvia-actions-id}}
application_private_key: ${{secrets.appvia-actions-secret}}
organization: appvia
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend=false
Expand Down Expand Up @@ -261,6 +346,19 @@ jobs:
uses: actions/setup-node@v4
with:
node-version: 16
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
Expand Down
82 changes: 76 additions & 6 deletions .github/workflows/terraform-plan-and-apply-aws.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ on:
infracost-api-key:
description: "The API key for infracost"
required: false
appvia-actions-id:
description: "Appvia App ID for GH"
required: false
appvia-actions-secret:
description: "Appvia App secret for GH"
required: false

inputs:
additional-dir:
Expand Down Expand Up @@ -76,18 +82,24 @@ on:
required: false
type: boolean

enable-private-access:
description: Optional flag to state if terraform requires pulling private modules
required: false
default: false
type: boolean

organization-name:
description: "The name of the Github organization"
required: false
type: string
default: "appvia"

environment:
default: "production"
description: "The environment to deploy to"
required: false
type: string

use-env-as-suffix:
default: false
description: "Whether to use the environment as a suffix for the state file and iam roles"
required: false
type: boolean

runs-on:
default: "ubuntu-latest"
description: "Single label value for the GitHub runner to use (custom value only applies to Terraform Plan and Apply steps)"
Expand Down Expand Up @@ -142,6 +154,12 @@ on:
required: false
type: string

use-env-as-suffix:
default: false
description: "Whether to use the environment as a suffix for the state file and iam roles"
required: false
type: boolean

env:
AWS_ROLE: ${{ inputs.aws-role }}
AWS_READONLY_OVERRIDE_ROLE: ${{ inputs.aws-read-role-name }}
Expand Down Expand Up @@ -215,6 +233,19 @@ jobs:
uses: actions/checkout@v4
- name: Setup Linter
uses: terraform-linters/setup-tflint@v4
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend=false
- name: Setup Linter
Expand Down Expand Up @@ -334,6 +365,19 @@ jobs:
echo "name=${{ github.event.repository.name }}.tfstate" >> $GITHUB_OUTPUT
fi
fi
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
Expand Down Expand Up @@ -403,6 +447,19 @@ jobs:
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ inputs.terraform-version }}
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend=false
Expand Down Expand Up @@ -575,6 +632,19 @@ jobs:
echo "name=${{ github.event.repository.name }}.tfstate" >> $GITHUB_OUTPUT
fi
fi
- name: Enable Private Modules
id: get_workflow_token
if: inputs.enable-private-access
uses: peter-murray/workflow-application-token-action@v4
with:
application_id: ${{ secrets.appvia-actions-id }}
application_private_key: ${{ secrets.appvia-actions-secret }}
organization: ${{ inputs.organization-name }}
revoke_token: true
- name: Setup Credentials
if: inputs.enable-private-access
run: |
git config --global url."https://x-access-token:${{steps.get_workflow_token.outputs.token}}@github.com/".insteadOf "https://github.com/"
- name: Terraform Init
id: init
run: terraform -chdir=${{ inputs.terraform-dir }} init -backend-config="bucket=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tfstate" -backend-config="key=${{ steps.state-key.outputs.name }}" -backend-config="encrypt=true" -backend-config="dynamodb_table=${{ inputs.aws-account-id }}-${{ inputs.aws-region }}-tflock" -backend-config="region=${{ inputs.aws-region }}"
Expand Down

0 comments on commit ed63a12

Please sign in to comment.