Skip to content

Merge pull request #596 from robinmordasiewicz/dev105 #190

Merge pull request #596 from robinmordasiewicz/dev105

Merge pull request #596 from robinmordasiewicz/dev105 #190

Workflow file for this run

---
name: "terraform"
on: # yamllint disable-line rule:truthy
workflow_dispatch:
push:
paths:
- "terraform/**.tf"
- "terraform/terraform.auto.tfvars"
- "terraform/cloud-init/*"
branches:
- "main"
permissions:
id-token: write
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
terraform:
name: Terraform Init
runs-on: ubuntu-latest
outputs:
action: ${{ steps.terraform.outputs.action }}
steps:
- id: terraform
name: ${{ github.ref_name }} deployed is ${{ vars.DEPLOYED }}
shell: bash
run: |
env
if [[ -n "${{ vars.DEPLOYED }}" ]]
then
if [[ "${{ vars.DEPLOYED }}" == "true" ]]
then
echo 'action=apply' >> "${GITHUB_OUTPUT}"
else
echo 'action=destroy' >> "${GITHUB_OUTPUT}"
fi
else
echo 'action=skip' >> "${GITHUB_OUTPUT}"
fi
plan:
needs: [terraform]
if: needs.terraform.outputs.action == 'apply'
name: Terraform Plan
runs-on: ubuntu-latest
env:
ARM_SKIP_PROVIDER_REGISTRATION: true
outputs:
tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}
steps:
- name: Github repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: enable-azurerm-backend
env:
ANSIBLE_LOCALHOST_WARNING: false
ANSIBLE_INVENTORY_UNPARSED_WARNING: false
run: |
ansible-playbook enable-azurerm-backend.yml
- name: Microsoft Azure Authentication
uses: azure/login@f83d0254638e35ef1165887ce2c56be3d11c3eb4
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Hashicorp Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: 1.7.1
terraform_wrapper: false
- name: terraform init
id: init
env:
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
TF_IN_AUTOMATION: true
TF_CLI_ARGS_init: -backend-config="storage_account_name=${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}" -backend-config="container_name=${{ secrets.TFSTATE_CONTAINER_NAME }}" -backend-config="resource_group_name=${{ secrets.AZURE_RESOURCE_GROUP_NAME }}" -backend-config="key=${{ github.ref_name }}" -input=false
run: terraform -chdir=terraform init
- name: terraform plan
id: tf-plan
env:
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
TF_IN_AUTOMATION: true
run: |
export exitcode=0
terraform -chdir=terraform plan -detailed-exitcode -no-color -out tfplan || export exitcode=$?
echo "exitcode=$exitcode" >> "$GITHUB_OUTPUT"
if [ $exitcode -eq 1 ]; then
echo Terraform Plan Failed!
exit 1
else
exit 0
fi
- name: Publish Terraform Plan
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874
with:
name: tfplan
path: terraform/tfplan
- name: Create String Output
id: tf-plan-string
run: |
TERRAFORM_PLAN=$(terraform -chdir=terraform show -no-color tfplan)
delimiter="$(openssl rand -hex 8)"
{
echo "summary<<${delimiter}"
echo "## Terraform Plan Output"
echo "<details><summary>Click to expand</summary>"
echo ""
echo '```terraform'
echo "$TERRAFORM_PLAN"
echo '```'
echo "</details>"
echo "${delimiter}"
} >> "$GITHUB_OUTPUT"
- name: Publish Terraform Plan to Task Summary
env:
SUMMARY: ${{ steps.tf-plan-string.outputs.summary }}
run: |
echo "$SUMMARY" >> "$GITHUB_STEP_SUMMARY"
# - name: Push Terraform Output to PR
# if: github.ref != 'refs/heads/main'
# uses: actions/github-script@v6
# env:
# SUMMARY: "${{ steps.tf-plan-string.outputs.summary }}"
# with:
# github-token: ${{ secrets.GITHUB_TOKEN }}
# script: |
# const body = `${process.env.SUMMARY}`;
# github.rest.issues.createComment({
# issue_number: context.issue.number,
# owner: context.repo.owner,
# repo: context.repo.repo,
# body: body
# })
apply:
name: Terraform Apply
if: needs.terraform.outputs.action == 'apply'
runs-on: ubuntu-latest
needs: [terraform, plan]
steps:
- name: Github repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: enable-azurerm-backend
run: |
ansible-playbook enable-azurerm-backend.yml
- name: Microsoft Azure Authentication
uses: azure/login@f83d0254638e35ef1165887ce2c56be3d11c3eb4
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# - name: ACR login
# uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c
# with:
# login-server: "${{ secrets.PROJECTNAME }}.azurecr.io"
# username: ${{ secrets.ARM_CLIENT_ID }}
# password: ${{ secrets.ARM_CLIENT_SECRET }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db
- name: Hashicorp Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: 1.7.1
terraform_wrapper: false
- name: terraform init
id: init
env:
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
TF_IN_AUTOMATION: true
TF_CLI_ARGS_init: -backend-config="storage_account_name=${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}" -backend-config="container_name=${{ secrets.TFSTATE_CONTAINER_NAME }}" -backend-config="resource_group_name=${{ secrets.AZURE_RESOURCE_GROUP_NAME }}" -backend-config="key=${{ github.ref_name }}" -input=false
run: terraform -chdir=terraform init
- name: Download Terraform Plan
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: tfplan
path: terraform
- name: Terraform Apply
id: apply
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
TF_IN_AUTOMATION: true
run: terraform -chdir=terraform apply -auto-approve tfplan
destroy:
name: Terraform Destroy
needs: [terraform]
if: needs.terraform.outputs.action == 'destroy'
runs-on: ubuntu-latest
steps:
- name: Github repository checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: enable-azurerm-backend
run: |
ansible-playbook enable-azurerm-backend.yml
- name: Microsoft Azure Authentication
uses: azure/login@f83d0254638e35ef1165887ce2c56be3d11c3eb4
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Hashicorp Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: 1.7.1
terraform_wrapper: false
- name: terraform init
id: init
env:
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
TF_IN_AUTOMATION: true
TF_CLI_ARGS_init: -backend-config="storage_account_name=${{ secrets.AZURE_STORAGE_ACCOUNT_NAME }}" -backend-config="container_name=${{ secrets.TFSTATE_CONTAINER_NAME }}" -backend-config="resource_group_name=${{ secrets.AZURE_RESOURCE_GROUP_NAME }}" -backend-config="key=${{ github.ref_name }}" -input=false
run: terraform -chdir=terraform init
- name: terraform destroy
id: destroy
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
TF_IN_AUTOMATION: true
run: |
terraform -chdir=terraform destroy -auto-approve