Terraform common resources #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check Terraform infrastructure | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| subscription: | |
| description: 'Subscription' | |
| type: choice | |
| required: true | |
| options: | |
| - 's941' | |
| default: 's941' | |
| terraformapply: | |
| description: 'Terraform apply' | |
| type: boolean | |
| required: true | |
| default: false | |
| # secrets: | |
| # AZURE_CLIENT_ID: | |
| # description: The client ID of the Azure AD service principal to use for authenticating to Azure. | |
| # required: true | |
| # AZURE_SUBSCRIPTION_ID: | |
| # description: The ID of the Azure subscription to create the resources in. | |
| # required: true | |
| # AZURE_TENANT_ID: | |
| # description: The ID of the Azure tenant to create the resources in. | |
| # required: true | |
| jobs: | |
| Terraform: | |
| name: Check infrastructure consistency | |
| runs-on: ubuntu-latest | |
| environment: s941 | |
| env: | |
| enviroment: dev | |
| terraform_version: ~1.3.0 | |
| ARM_USE_OIDC: true | |
| ARM_USE_AZUREAD: true | |
| ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
| resource_group_name: s941-tfstate | |
| storage_account_name: ${{ inputs.subscription }}radixinfra | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 #Clone Repo | |
| - name: 'Az login' | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| - name: Get GitHub Public IP | |
| id: github_public_ip | |
| uses: haythem/[email protected] | |
| - name: Add GitHub IP to StorageAccount | |
| run: | | |
| az storage account network-rule add \ | |
| --resource-group "s941-tfstate" \ | |
| --account-name "s941radixinfra" \ | |
| --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null | |
| - name: Lets sleep for 30 seconds for FW rule to complete | |
| run: sleep 30s | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: ${{ env.terraform_version }} | |
| - name: Check terrorm in {{ env.enviroment }} | |
| working-directory: terraform/subscriptions/s941 | |
| run: ./summary-dev.sh | |
| - name: Revoke GitHub IP on StorageAccount | |
| run: | | |
| az storage account network-rule remove \ | |
| --resource-group "s941-tfstate" \ | |
| --account-name "s941radixinfra" \ | |
| --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null |