diff --git a/.github/workflows/azureAuditlog.yml b/.github/workflows/azureAuditlog.yml deleted file mode 100644 index 009ecc79..00000000 --- a/.github/workflows/azureAuditlog.yml +++ /dev/null @@ -1,246 +0,0 @@ -name: AzureAuditLogs - -on: [workflow_dispatch] -# on: -# push: -# branches: -# - master -# paths: -# - '.github/workflows/azureAuditlog.yml' -# - 'arm-templates/azureAuditLogStorageAccount.json' - -# pull_request: -# branches: -# - master -# paths: -# - '.github/workflows/azureAuditlog.yml' -# - 'arm-templates/azureAuditLogStorageAccount.json' - -env: - # Prod - prodSubscriptionId: 'ded7ca41-37c8-4085-862f-b11d21ab341a' - - # Dev - devSubscriptionId: '16ede44b-1f74-40a5-b428-46cca9a5741b' - - # Shared - settingName: azureauditlog - auditLogStorageName: radixazauditlogs - -jobs: -############## DEV STAGE ############## - - dev: - runs-on: ubuntu-latest - env: - envName: dev - devRgName: rg-radix-shared-dev - steps: - - # Checks-out your repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v4 - - # Set dynamic variables for the job - - name: Set job variables - shell: pwsh - run: | - - # Set timestamp variable for jobs - $currentTime = (get-date).ToString("dd-MM-yyyyThhMMZ") - echo "timestamp=$currentTime" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append - - # Install powershell modules - - name: Install powershell modules - shell: pwsh - run: | - - Install-Module az.resources -force - Install-Module az.storage -force - - # Azure login for powershell - - name: Azure login - shell: pwsh - run: | - $azureAplicationId = "${{ secrets.DEV_AZURE_CREDENTIALS_CLIENT_ID }}" - $azureTenantId = "${{ secrets.AZURE_TENANT_ID }}" - $azurePassword = ConvertTo-SecureString "${{ secrets.DEV_AZURE_CREDENTIALS_CLIENT_SECRET }}" -AsPlainText -Force - $psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword) - Add-azAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal - - - # Set subsctiption to develop and verify - - name: Set Azure subscription - shell: pwsh - run: | - - Set-AzContext -SubscriptionId "${{ env.devSubscriptionId }}" - - $subscription = (Get-AzContext) - if ($subscription.Subscription.Id -eq "${{ env.devSubscriptionId }}") { - Write-Output "Using subscription $($subscription.subscription.Name)" - exit 0 - - } - else { - Write-Output "Subscription does not match. Terminating script" - exit 1 - } - - # Create storage account for Azure audit logs - - name: Storage Account for Azure Subscription Audit logs - shell: pwsh - run: | - - # Set task variables - $rg = "${{ env.devRgName }}" - $templateFile = "$env:GITHUB_WORKSPACE/arm-templates/azureAuditLogStorageAccount.json" - $storeAccountName = "${{ env.auditLogStorageName }}${{ env.envName }}" - - # Deploy Storage Account for Audit logs - New-AzResourceGroupDeployment ` - -Name "sql-log-${{ env.timestamp }}" ` - -ResourceGroupName $rg ` - -TemplateFile $templateFile ` - -storageAccountName $storeAccountName ` - -accountType Standard_LRS ` - -kind StorageV2 ` - -accessTier cool - - - # Enable auditlog for dev subsciption - - name: Enable auditlog for dev subsciption - shell: pwsh - run: | - - # Set variables - $rg = "${{ env.devRgName }}" - $templateFile = "$env:GITHUB_WORKSPACE/arm-templates/auditlogs.json" - $storeAccountName = "${{ env.auditLogStorageName }}${{ env.envName }}" - $storageAccountId = (Get-AzStorageAccount -ResourceGroupName $rg -StorageAccountName $storeAccountName).Id - - # Deploy the ARM template - New-AzDeployment ` - -Name "auditlog-${{ env.timestamp }}" ` - -Location "norwayeast" ` - -TemplateFile $templateFile ` - -settingName ${{ env.settingName }} ` - -storageAccountId "$storageAccountId" - - # Azure logout - - name: logout - shell: pwsh - run: | - Logout-azAccount | Out-Null - - -############## PROD STAGE ############## - - prod: - needs: dev - if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - env: - envName: prod - prodRgName: rg-radix-shared-prod - steps: - - # Checks-out your repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v4 - - # Set dynamic variables for the job - - name: Set job variables - shell: pwsh - run: | - - # Set timestamp variable for jobs - $currentTime = (get-date).ToString("dd-MM-yyyyThhMMZ") - Write-Output "::set-env name=timestamp::$currentTime" - - # Install powershell modules - - name: Install powershell modules - shell: pwsh - run: | - - Install-Module az.resources -force - Install-Module az.storage -force - - # Azure login for powershell - - name: Azure login - shell: pwsh - run: | - $azureAplicationId = "${{ secrets.PROD_AZURE_CREDENTIALS_CLIENT_ID }}" - $azureTenantId = "${{ secrets.AZURE_TENANT_ID }}" - $azurePassword = ConvertTo-SecureString "${{ secrets.PROD_AZURE_CREDENTIALS_CLIENT_SECRET }}" -AsPlainText -Force - $psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword) - Add-azAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal - - # Set subsctiption to develop and verify - - name: Set Azure subscription - shell: pwsh - run: | - - Set-AzContext -SubscriptionId "${{ env.prodSubscriptionId }}" - - $subscription = (Get-AzContext) - if ($subscription.Subscription.Id -eq "${{ env.prodSubscriptionId }}") { - Write-Output "Using subscription $($subscription.subscription.Name)" - exit 0 - - } - else { - Write-Output "Subscription does not match. Terminating script" - exit 1 - } - - - # Create storage account for Azure audit logs - - name: Storage Account for Azure Subscription Audit logs - shell: pwsh - run: | - - # Set task variables - $rg = "${{ env.prodRgName }}" - $templateFile = "$env:GITHUB_WORKSPACE/arm-templates/azureAuditLogStorageAccount.json" - $storeAccountName = "${{ env.auditLogStorageName }}${{ env.envName }}" - - # Deploy Storage Account for Audit logs - New-AzResourceGroupDeployment ` - -Name "sql-log-${{ env.timestamp }}" ` - -ResourceGroupName $rg ` - -TemplateFile $templateFile ` - -storageAccountName $storeAccountName ` - -accountType Standard_LRS ` - -kind StorageV2 ` - -accessTier cool - - - # Enable auditlog for prod subsciption - - name: Enable auditlog for prod subsciption - shell: pwsh - run: | - - Set-AzContext -SubscriptionId "${{ env.prodSubscriptionId }}" - - $subscription = (Get-AzContext) - if ($subscription.Subscription.Id -eq "${{ env.prodSubscriptionId }}") { - Write-Output "Using subscription $($subscription.subscription.Name)" - exit 0 - - } - else { - Write-Output "Subscription does not match. Terminating script" - exit 1 - } - - - # Create storage account and SQL logs - - name: Storage Account for SQL logs - shell: pwsh - run: | - - - # Azure logout - - name: logout - shell: pwsh - run: | - Logout-azAccount | Out-Null \ No newline at end of file diff --git a/.github/workflows/sqlLogStorageAccounts.yml b/.github/workflows/sqlLogStorageAccounts.yml deleted file mode 100644 index 66cf637a..00000000 --- a/.github/workflows/sqlLogStorageAccounts.yml +++ /dev/null @@ -1,235 +0,0 @@ -name: AzureSqlLogStorageAccounts - -on: [workflow_dispatch] - -# on: -# push: -# branches: -# - master -# paths: -# - '.github/workflows/sqlLogStorageAccounts.yml' -# pull_request: -# branches: -# - master -# paths: -# - '.github/workflows/sqlLogStorageAccounts.yml' - -env: - # Prod - prodRgName: rg-radix-shared-prod - prodSubscriptionId: 'ded7ca41-37c8-4085-862f-b11d21ab341a' - - # Dev - devRgName: rg-radix-shared-dev - devSubscriptionId: '16ede44b-1f74-40a5-b428-46cca9a5741b' - - # Shared - sqlLogStorageName: radixsqllogs #Also suffix with environment - auditLogStorageName: radixauditlogs - -jobs: -############## DEV STAGE ############## - - dev: - runs-on: ubuntu-latest - env: - envName: dev - steps: - - # Checks-out your repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v4 - - # Set dynamic variables for the job - - name: Set job variables - shell: pwsh - run: | - - # Set timestamp variable for jobs - $currentTime = (get-date).ToString("dd-MM-yyyyThhMMZ") - echo "timestamp=$currentTime" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append - - # Install powershell modules - - name: Install powershell modules - shell: pwsh - run: | - - Install-Module az.resources -force - Install-Module az.storage -force - - # Azure login for powershell - - name: Azure login - shell: pwsh - run: | - $azureAplicationId = "${{ secrets.DEV_AZURE_CREDENTIALS_CLIENT_ID }}" - $azureTenantId = "${{ secrets.AZURE_TENANT_ID }}" - $azurePassword = ConvertTo-SecureString "${{ secrets.DEV_AZURE_CREDENTIALS_CLIENT_SECRET }}" -AsPlainText -Force - $psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword) - Add-azAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal - - - # Set subsctiption to develop and verify - - name: Set Azure subscription - shell: pwsh - run: | - - Set-AzContext -SubscriptionId "${{ env.devSubscriptionId }}" - - $subscription = (Get-AzContext) - if ($subscription.Subscription.Id -eq "${{ env.devSubscriptionId }}") { - Write-Output "Using subscription $($subscription.subscription.Name)" - exit 0 - - } - else { - Write-Output "Subscription does not match. Terminating script" - exit 1 - } - - - # Create storage account for SQL logs - - name: Storage Account for SQL logs - shell: pwsh - run: | - - # Set task variables - $rg = "${{ env.devRgName }}" - $templateFile = "$env:GITHUB_WORKSPACE/arm-templates/storageAccount.json" - $storeAccountName = "${{ env.sqlLogStorageName }}${{ env.envName }}" - - # Deploy shared Storage Account for SQL Logging in dev - New-AzResourceGroupDeployment ` - -Name "sql-log-${{ env.timestamp }}" ` - -ResourceGroupName $rg ` - -TemplateFile $templateFile ` - -storageAccountName $storeAccountName ` - -accountType Standard_LRS ` - -kind StorageV2 ` - -accessTier hot - - # Set soft delete protection on Storage Account - $storageAcoount = Get-AzStorageAccount | where-object{$_.StorageAccountName -match "$storeAccountName"} - $storageAcoount | Enable-AzStorageDeleteRetentionPolicy -RetentionDays 30 - - # Azure logout - - name: logout - shell: pwsh - run: | - Logout-azAccount | Out-Null - - -############## PROD STAGE ############## - - prod: - needs: dev - if: github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - env: - envName: prod - steps: - - # Checks-out your repository under $GITHUB_WORKSPACE - - uses: actions/checkout@v4 - - # Set dynamic variables for the job - - name: Set job variables - shell: pwsh - run: | - - # Set timestamp variable for jobs - $currentTime = (get-date).ToString("dd-MM-yyyyThhMMZ") - Write-Output "::set-env name=timestamp::$currentTime" - - # Install powershell modules - - name: Install powershell modules - shell: pwsh - run: | - - Install-Module az.resources -force - Install-Module az.storage -force - - # Azure login for powershell - - name: Azure login - shell: pwsh - run: | - $azureAplicationId = "${{ secrets.PROD_AZURE_CREDENTIALS_CLIENT_ID }}" - $azureTenantId = "${{ secrets.AZURE_TENANT_ID }}" - $azurePassword = ConvertTo-SecureString "${{ secrets.PROD_AZURE_CREDENTIALS_CLIENT_SECRET }}" -AsPlainText -Force - $psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword) - Add-azAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal - - - # Set subsctiption to prouction and verify - - name: Set Azure subscription - shell: pwsh - run: | - - Set-AzContext -SubscriptionId "${{ env.prodSubscriptionId }}" - - $subscription = (Get-AzContext) - if ($subscription.Subscription.Id -eq "${{ env.prodSubscriptionId }}") { - Write-Output "Using subscription $($subscription.subscription.Name)" - exit 0 - - } - else { - Write-Output "Subscription does not match. Terminating script" - exit 1 - } - - - # Create storage account for SQL logs - - name: Storage Account for SQL logs - shell: pwsh - run: | - - # Set task variables - $rg = "${{ env.prodRgName }}" - $templateFile = "$env:GITHUB_WORKSPACE/arm-templates/storageAccount.json" - $storeAccountName = "${{ env.sqlLogStorageName }}${{ env.envName }}" - - # Deploy shared Storage Account for SQL Logging in prod - New-AzResourceGroupDeployment ` - -Name "sql-log-${{ env.timestamp }}" ` - -ResourceGroupName $rg ` - -TemplateFile $templateFile ` - -storageAccountName $storeAccountName ` - -accountType Standard_LRS ` - -kind StorageV2 ` - -accessTier hot - - # Set soft delete protection on Storage Account - $storageAcoount = Get-AzStorageAccount | where-object{$_.StorageAccountName -match "$storeAccountName"} - $storageAcoount | Enable-AzStorageDeleteRetentionPolicy -RetentionDays 30 - - - # Create storage account for Azure audit logs - - name: Storage Account for Audit logs - shell: pwsh - run: | - - # Set task variables - $rg = "${{ env.prodRgName }}" - $templateFile = "$env:GITHUB_WORKSPACE/arm-templates/storageAccount.json" - $storeAccountName = "${{ env.auditLogStorageName }}${{ env.envName }}"" - - # Deploy Storage Account for Audit logs - New-AzResourceGroupDeployment ` - -Name "sql-log-${{ env.timestamp }}" ` - -ResourceGroupName $rg ` - -TemplateFile $templateFile ` - -storageAccountName $storeAccountName ` - -accountType Standard_LRS ` - -kind StorageV2 ` - -accessTier cool - - # Set soft delete protection on Storage Account - $storageAcoount = Get-AzStorageAccount | where-object{$_.StorageAccountName -match "$storeAccountName"} - $storageAcoount | Enable-AzStorageDeleteRetentionPolicy -RetentionDays 30 - - - - # Azure logout - - name: logout - shell: pwsh - run: | - Logout-azAccount | Out-Null \ No newline at end of file diff --git a/.github/workflows/storageaccounts.yml b/.github/workflows/storageaccounts.yml deleted file mode 100644 index 84207262..00000000 --- a/.github/workflows/storageaccounts.yml +++ /dev/null @@ -1,144 +0,0 @@ -name: Storage Accounts -on: - workflow_dispatch: - inputs: - subscription: - description: 'Subscription' - type: choice - required: true - options: - - 's940' - - 's941' - default: 's941' - - terraformapply: - description: 'Terraform apply' - type: boolean - required: true - default: false - - secrets: - AZURE_CLIENT_ID: - description: The client ID of the Azure AD service principal to use for authenticating to Azure. - required: true - - AZURE_SUBSCRIPTION_ID: - description: The ID of the Azure subscription to create the resources in. - required: true - - AZURE_TENANT_ID: - description: The ID of the Azure tenant to create the resources in. - required: true - -env: - container_name: infrastructure - -jobs: - GetEnvironment: - name: GetEnvironments - runs-on: ubuntu-latest - - outputs: - radix_environment: ${{ steps.set-matrix.outputs.radix_environment }} - - steps: - - uses: actions/checkout@v4 - - id: set-matrix - name: Get radix environment - run: echo "radix_environment=$(ls ./terraform/${{ env.container_name }}/${{ inputs.subscription }} | jq -R -s -c 'split("\n")[:-1]')" >> $GITHUB_OUTPUT - - StorageAccounts: - needs: GetEnvironment - name: StorageAccounts - runs-on: ubuntu-latest - environment: ${{ inputs.subscription }} - strategy: - matrix: - radix_environment: ${{ fromJson(needs.GetEnvironment.outputs.radix_environment) }} - - # Set permissions required to login to Azure using OIDC. - permissions: - id-token: write - contents: read - - defaults: - run: - shell: bash - working-directory: ./terraform/${{ env.container_name }}/${{ inputs.subscription }}/${{ matrix.radix_environment }}/${{ env.path }} - - # Configure OIDC authentication to Azure using environment variables. - # Required by the AzureRM backend and provider. - env: - terraform_version: ~1.3.0 - ARM_USE_OIDC: true - ARM_USE_AZUREAD: true - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - resource_group_name: ${{ inputs.subscription }}-tfstate - storage_account_name: ${{ inputs.subscription }}radixinfra - path: storageaccounts - key: terraform.tfstate - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: 'Az login' - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Get GitHub Public IP - id: github_public_ip - run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT - - - name: Add GitHub IP to StorageAccount - run: | - az storage account network-rule add \ - --resource-group "${{ env.resource_group_name }}" \ - --account-name "${{ env.storage_account_name }}" \ - --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null - - - name: Lets sleep for 30 seconds for FW rule to complete - run: sleep 30s - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ env.terraform_version }} - - - name: Terraform Init - run: | - terraform init \ - -backend-config='container_name=${{ env.container_name }}' \ - -backend-config='key=${{ env.path }}/${{ env.key }}' \ - -backend-config='resource_group_name=${{ env.resource_group_name }}' \ - -backend-config='storage_account_name=${{ env.storage_account_name }}' - - - name: Terraform Validate - run: terraform validate - - - name: Terraform Plan - if: inputs.terraformapply == false - run: | - terraform plan \ - --var-file=../../../../radix-zone/radix_zone_${{ matrix.radix_environment }}.tfvars \ - -lock=false - - - name: Terraform Apply - if: (inputs.terraformapply && github.ref == 'refs/heads/master') - run: | - terraform apply \ - --var-file=../../../../radix-zone/radix_zone_${{ matrix.radix_environment }}.tfvars \ - -auto-approve \ - -lock=false - - - name: Revoke GitHub IP on StorageAccount - run: | - az storage account network-rule remove \ - --resource-group "${{ env.resource_group_name }}" \ - --account-name "${{ env.storage_account_name }}" \ - --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 49607138..00000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,238 +0,0 @@ -# Install Terraform, configure OpenID Connect (OIDC) authentication to Azure, create a Terraform plan, and apply the plan on push to branch 'master'. - -on: - workflow_call: - inputs: - cluster_name: - description: Name of the cluster - type: string - required: true - - environment: - description: The environment that the job references. - type: string - required: true - - radix_environment: - description: The radix_environment that the job references. - type: string - required: true - - subscription: - description: The subscription to deploy in - type: string - required: true - - terraform_version: - description: The version of Terraform to install. - type: string - required: false - default: latest - - working_directory: - description: The working directory to run the Terraform commands in. - type: string - required: false - default: '.' - - secrets: - AZURE_CLIENT_ID: - description: The client ID of the Azure AD service principal to use for authenticating to Azure. - required: true - - AZURE_SUBSCRIPTION_ID: - description: The ID of the Azure subscription to create the resources in. - required: true - - AZURE_TENANT_ID: - description: The ID of the Azure tenant to create the resources in. - required: true - -jobs: - Terraform: - name: Terraform - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - - # Queue jobs that target the same Terraform configuration. - concurrency: - group: terraform @ ${{ inputs.working_directory }} - cancel-in-progress: false - - # Set permissions required to login to Azure using OIDC. - permissions: - id-token: write - contents: read - - defaults: - run: - shell: bash - working-directory: ${{ inputs.working_directory }} - - # Configure OIDC authentication to Azure using environment variables. - # Required by the AzureRM backend and provider. - env: - root_src: '../../../../../..' - ARM_USE_OIDC: true - ARM_USE_AZUREAD: true - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - container_name: clusters - key: ${{ inputs.radix_environment }}.${{ inputs.cluster_name }}.terraform.tfstate - resource_group_name: ${{ inputs.subscription }}-tfstate - storage_account_name: ${{ inputs.subscription }}radixinfra - - outputs: - tf-fmt: ${{ steps.fmt.outcome }} - tf-init: ${{ steps.init.outcome }} - tf-validate: ${{ steps.validate.outcome }} - tf-plan: ${{ steps.plan.outcome }} - plan: ${{ steps.get_content.outputs.plan }} - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Az CLI login - uses: azure/login@v2 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - - - name: Get GitHub Public IP - id: github_public_ip - run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT - - - name: Add GitHub IP to StorageAccount - run: | - az storage account network-rule add \ - --resource-group "${{ env.resource_group_name }}" \ - --account-name "${{ env.storage_account_name }}" \ - --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null - - - name: Lets sleep for 30 seconds for FW rule to complete - run: sleep 30s - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: ${{ inputs.terraform_version }} - terraform_wrapper: false - - - name: Terraform Format - id: fmt - run: terraform fmt -check - - - name: Terraform Init - id: init - run: | - terraform init \ - -backend-config='container_name=${{ env.container_name }}' \ - -backend-config='key=${{ env.key }}' \ - -backend-config='resource_group_name=${{ env.resource_group_name }}' \ - -backend-config='storage_account_name=${{ env.storage_account_name }}' - - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - - name: Terraform Plan - id: plan - if: github.event_name == 'pull_request' - run: | - terraform plan \ - --var-file=${{ env.root_src }}/terraform/radix-zone/radix_zone_dev.tfvars \ - -no-color \ - -out tf.plan - continue-on-error: true - - - name: Terraform Show - id: show - if: github.event_name == 'pull_request' - run: terraform show -no-color tf.plan 2>&1 > /tmp/plan.txt - - - name: Get content - id: get_content - if: github.event_name == 'pull_request' - run: | - plan=$(cat /tmp/plan.txt) - - create="" - createOut="" - destroy="" - destroyOut="" - update="" - updateOut="" - changesOut="" - - while read -r line; do - if [[ "$line" == *"will be created"* ]]; then - create+="${line//"# "/"+ "}
" - elif [[ "$line" == *"will be destroyed"* ]]; then - destroy+="${line//"# "/"- "}
" - elif [[ "$line" == *"will be updated in-place"* ]]; then - update+="${line//"# "/"~ "}
" - fi - done < <(echo "${plan}") - - numberOfChanges=$((${#create} + ${#destroy} + ${#update})) - - if [ ${#create} -gt 0 ]; then - createOut+="The following resources will be created
${create}" - fi - - if [ ${#destroy} -gt 0 ]; then - destroyOut+="The following resources will be destroyed
${destroy}" - fi - - if [ ${#update} -gt 0 ]; then - updateOut+="The following resources will be updated
${update}" - fi - - if [ ${numberOfChanges} -eq 0 ]; then - changesOut+="No changes. Your infrastructure matches the configuration.
" - fi - - out="$createOut $destroyOut $updateOut $changesOut" - - echo "plan=$(echo ${out})" >> $GITHUB_OUTPUT - - - name: Terraform Apply - if: (github.event_name == 'push' && github.ref == 'refs/heads/master') || github.event_name == 'schedule' - run: terraform apply --var-file=../../../../../radix-zone/radix_zone_${{ inputs.radix_environment }}.tfvars -auto-approve - - - name: Revoke GitHub IP on StorageAccount - run: | - az storage account network-rule remove \ - --resource-group "${{ env.resource_group_name }}" \ - --account-name "${{ env.storage_account_name }}" \ - --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} >/dev/null - - Create_comment: - if: github.event_name == 'pull_request' - needs: [Terraform] - name: Create comment - runs-on: ubuntu-latest - steps: - - name: Create comment - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - github.rest.issues.createComment({ - owner: context.repo.owner, - issue_number: github.event.pull_request.number, - repo: context.repo.repo, - body: | - #### Directory: ${{ inputs.working_directory }} - #### Terraform Format and Style 🖌 ${{ needs.Terraform.outputs.tf-fmt }} - #### Terraform Initialization ⚙️ ${{ needs.Terraform.outputs.tf-init }} - #### Terraform Validation 🤖 ${{ needs.Terraform.outputs.tf-validate }} - #### Terraform Plan 📖 ${{ needs.Terraform.outputs.tf-plan }} - -
Show Plan - ${{ needs.Terraform.outputs.plan }} -
- })