fix: granted container.admin privileges to terraform svc account #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Create Kubernetes Cluster | |
| on: push | |
| jobs: | |
| deploy-terraform: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./terraform | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Reformat argocd applicationset config | |
| id: reformat-argocd-applicationset | |
| run: sed -i "s/HEAD/${GITHUB_REF##*/}/g" ../manifests/argocd/apps.yaml | |
| - name: Install Terraform | |
| id: install-terraform | |
| run: wget -O terraform.zip https://releases.hashicorp.com/terraform/1.9.4/terraform_1.9.4_linux_amd64.zip && unzip terraform.zip && chmod +x terraform && sudo mv terraform /usr/local/bin | |
| - name: Apply Terraform | |
| id: apply-terraform | |
| # Bucket names have to be unique across gcloud, so it is best practice to add project_id suffix, since it is also unique | |
| run: terraform init -backend-config="bucket=tf-state-sba-terraform-${{ secrets.PROJECT_ID }}" && terraform workspace select ${GITHUB_REF##*/} || terraform workspace new ${GITHUB_REF##*/} && terraform apply -auto-approve -var="project_id=${{ secrets.PROJECT_ID }}" -var="branch=${GITHUB_REF##*/}" | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }} |