-
Notifications
You must be signed in to change notification settings - Fork 62
154 lines (142 loc) · 5.74 KB
/
tf_apply_server.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
### Reusable workflow to download terraform artifact built by `az_tf_plan` and apply the artifact/plan ###
name: "Apply_TF_Plan"
on:
workflow_call:
inputs:
path:
description: "Specifies the path of the root terraform module."
required: true
type: string
tf_version:
description: "Specifies version of Terraform to use. e.g: 1.1.0 Default=latest."
required: false
type: string
default: latest
gh_environment:
description: "Specifies the GitHub deployment environment."
required: false
type: string
default: null
tf_vars_file:
description: "Specifies the Terraform TFVARS file."
required: true
type: string
task_container_version:
description: "Specifies the version of the container to deploy."
required: true
type: string
task_container_registry:
description: "Task Container Registry"
required: true
type: string
task_container_name:
description: "Task Container Name"
required: true
type: string
secrets:
cli_config_credentials_token:
description: "CLI configuration credentials token"
required: true
azure_acr_username:
description: "Azure ACR (Azure Container Registry) username"
required: true
azure_acr_password:
description: "Azure ACR (Azure Container Registry) password"
required: true
azure_tenant_id:
description: "Azure Tenant ID for the subscription"
required: true
azure_subscription_id:
description: "Azure subscription ID"
required: true
azure_client_id:
description: "Azure Client ID"
required: true
azure_client_secret:
description: "Azure Client Secret"
required: true
github_personal_access_token:
description: "GitHub Personal Access Token"
required: true
github_ssh_private_key:
description: "GitHub SSH Key"
required: true
jobs:
build-plan:
runs-on: ubuntu-latest
timeout-minutes: 20
environment: ${{ inputs.gh_environment }}
defaults:
run:
shell: bash
working-directory: ${{ inputs.path }}
steps:
- name: Checkout
uses: actions/[email protected]
- name: Download file
uses: actions/download-artifact@v2
with:
name: my-artifact
path: ${{ github.workspace }}/${{ inputs.path }}
- name: Display .auto.tfvars file content
run: |
cat ${{ github.workspace }}/${{ inputs.path }}/${{ inputs.gh_environment }}.auto.tfvars
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_version: ${{ inputs.tf_version }}
cli_config_credentials_token: ${{ secrets.cli_config_credentials_token }}
- name: Terraform Init
env:
# GITHUB_TOKEN: ${{ secrets.github_personal_access_token }}
TF_WORKSPACE: ${{ inputs.gh_environment }}
run: |
eval `ssh-agent -s`
ssh-add - <<< '${{ secrets.github_ssh_private_key }}'
terraform init
# - name: Terraform Workspace Creation
# run: terraform workspace new ${{ inputs.task_container_name }}-${{ inputs.gh_environment }} || true
# - name: Terraform Workspace Selection
# run: terraform workspace select ${{ inputs.task_container_name }}-${{ inputs.gh_environment }}
- name: Terraform Validate
id: validate
run: terraform validate
- name: Terraform Plan
id: plan
env:
TF_VAR_region: "us-west-1" #replace with your variable and value
TF_VAR_azure_client_id: ${{ secrets.azure_client_id }}
TF_VAR_azure_client_secret: ${{ secrets.azure_client_secret }}
TF_VAR_subscription_id: ${{ secrets.azure_subscription_id }}
TF_VAR_tenant_id: ${{ secrets.azure_tenant_id }}
TF_VAR_task_container_registry: ${{ inputs.task_container_registry }}
TF_VAR_task_container_name: ${{ inputs.task_container_name }}
TF_VAR_task_container_version: ${{ inputs.task_container_version }}
TF_VAR_azure_acr_username: ${{ secrets.azure_acr_username }}
TF_VAR_azure_acr_password: ${{ secrets.azure_acr_password }}
TF_VAR_github_personal_access_token: ${{ secrets.github_personal_access_token }}
TF_VAR_environment: ${{ inputs.gh_environment }}
TF_WORKSPACE: ${{ inputs.gh_environment }}
TF_environment: ${{ inputs.gh_environment }}
run: terraform plan
continue-on-error: true
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
run: terraform apply -auto-approve
env:
TF_VAR_region: "us-west-1" #replace with your variable and value
TF_VAR_azure_client_id: ${{ secrets.azure_client_id }}
TF_VAR_azure_client_secret: ${{ secrets.azure_client_secret }}
TF_VAR_subscription_id: ${{ secrets.azure_subscription_id }}
TF_VAR_tenant_id: ${{ secrets.azure_tenant_id }}
TF_VAR_task_container_registry: ${{ inputs.task_container_registry }}
TF_VAR_task_container_name: ${{ inputs.task_container_name }}
TF_VAR_task_container_version: ${{ inputs.task_container_version }}
TF_VAR_azure_acr_username: ${{ secrets.azure_acr_username }}
TF_VAR_azure_acr_password: ${{ secrets.azure_acr_password }}
TF_VAR_github_personal_access_token: ${{ secrets.github_personal_access_token }}
TF_VAR_environment: ${{ inputs.gh_environment }}
TF_WORKSPACE: ${{ inputs.gh_environment }}
TF_environment: ${{ inputs.gh_environment }}