generated from libre-devops/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (135 loc) · 5.24 KB
/
tf-plan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: 'Terraform Plan'
# Allow run manually
on:
workflow_dispatch:
inputs:
terraform_code_location:
type: string
description: What working directory should be passed to the script
default: "examples/module-development"
run_trivy:
type: boolean
description: 'Whether trivy should be ran'
default: true
run_checkov:
type: boolean
description: 'Whether checkov should be ran'
default: false
run_terraform_compliance:
type: boolean
description: 'Whether terraform-compliance should be ran'
default: false
terraform_compliance_policy_files:
type: string
description: 'The location of terraform-compliance files if used'
default: "git:https://github.com/libre-devops/azure-naming-convention.git//?ref=main"
enable_debug_mode:
type: boolean
description: 'Whether debug mode should be enable for within the script'
default: false
delete_plan_files:
type: boolean
description: 'Whether the tfplan files should be auto deleted'
default: true
terraform_version:
type: string
description: 'What version should tenv attempt to use?'
default: latest
terraform_state_name:
type: string
description: 'Name of the Terraform state file'
default: 'lbd-uks-prd-test-build.terraform.tfstate'
jobs:
run-script:
name: 'Run Script'
runs-on: ubuntu-latest
defaults:
run:
shell: pwsh
steps:
- uses: actions/checkout@v3
- name: Set up Homebrew
id: set-up-homebrew
uses: Homebrew/actions/setup-homebrew@master
- uses: actions/setup-python@v5
with:
python-version: '3.11'
- name: Install tenv
id: install-tenv
shell: pwsh
run: |
$tfenvUri = "https://api.github.com/repos/tofuutils/tenv/releases/latest"
$tenvLatestVersion = (Invoke-RestMethod -Uri $tfenvUri).tag_name
$tenvDownloadUrl = "https://github.com/tofuutils/tenv/releases/latest/download/tenv_${tenvLatestVersion}_amd64.deb"
$tenvFilePath = "./tenv_${tenvLatestVersion}_amd64.deb"
Invoke-WebRequest -Uri $tenvDownloadUrl -OutFile $tenvFilePath
sudo dpkg -i $tenvFilePath
- name: Install trivy
id: install-trivy
shell: pwsh
run: |
brew install trivy
- name: Install checkov
id: install-checkov
shell: pwsh
run: |
pip3 install checkov
- name: Install terraform-compliance
id: install-terraform-compliance
shell: pwsh
run: |
pip3 install terraform-compliance
- name: Install PowerShell modules
id: install-powershell-modules
shell: pwsh
run: |
pwsh -Command Set-PSRepository -Name "PSGallery" -InstallationPolicy Trusted ; `
pwsh -Command Install-Module -Name Az.Accounts -Force -AllowClobber -Scope CurrentUser -Repository PSGallery ; `
pwsh -Command Install-Module -Name Az.Storage -Force -AllowClobber -Scope CurrentUser -Repository PSGallery
- name: Build
id: run-script
shell: pwsh
run: |
function Convert-ToBoolean($value)
{
$valueLower = $value.ToLower()
if ($valueLower -eq "true")
{
return $true
}
elseif ($valueLower -eq "false")
{
return $false
}
else
{
throw "[$( $MyInvocation.MyCommand.Name )] Error: Invalid value - $value. Exiting."
exit 1
}
}
$DebugMode = Convert-ToBoolean ${{ inputs.enable_debug_mode }}
.\Run-AzTerraform.ps1 `
-TerraformCodeLocation ${{ inputs.terraform_code_location }} `
-RunTerraformInit true `
-RunTerraformPlan true `
-RunTerraformPlanDestroy false `
-RunTerraformApply false `
-RunTerraformDestroy false `
-DebugMode $DebugMode `
-RunTrivy ${{ inputs.run_trivy }} `
-RunCheckov ${{ inputs.run_checkov }} `
-RunTerraformCompliance ${{ inputs.run_terraform_compliance }} `
-TerraformCompliancePolicyFiles ${{ inputs.terraform_compliance_policy_files }} `
-DeletePlanFiles ${{ inputs.delete_plan_files }} `
-TerraformVersion ${{ inputs.terraform_version }} `
-BackendStorageSubscriptionId ${{ secrets.SpokeSubscriptionId }} `
-BackendStorageAccountRgName ${{ secrets.SpokeMgmtRgName }} `
-BackendStorageAccountName ${{ secrets.SpokeSaName }} `
-BackendStorageAccountBlobContainerName ${{ secrets.SpokeSaBlobContainerName }} `
-BackendStorageAccountBlobStatefileName ${{ inputs.terraform_state_name }}
env:
ARM_CLIENT_ID: ${{ secrets.SpokeSvpApplicationId }}
ARM_CLIENT_SECRET: ${{ secrets.SpokeSvpClientSecret }}
ARM_SUBSCRIPTION_ID: ${{ secrets.SpokeSubscriptionId }}
ARM_TENANT_ID: ${{ secrets.SpokeSvpTenantId }}
ARM_USE_AZUREAD: true