Feature/terraform refactor for Scenarios 1 and 2 (#178)

.github/actions/templates/tfValidatePlan/action.yml

@@ -68,7 +68,9 @@ runs:
     id: validate
     shell: ${{ inputs.shell }}
     working-directory: ${{ inputs.modulePath }}
-    run: terraform validate -no-color
+    run: |
+      terraform validate -no-color
+      echo stdout=$(terraform validate -no-color)
 
   - name: tfsec
     uses: aquasecurity/[email protected]
@@ -96,19 +98,14 @@ runs:
           -no-color \
           -var-file="${{ inputs.tfvarPath }}"
       fi
+      
+      terraform show -no-color tfplan > ${GITHUB_WORKSPACE}/plan.out
     env:  
       ARM_CLIENT_ID: ${{ inputs.ARM_CLIENT_ID }}
       ARM_SUBSCRIPTION_ID: ${{ inputs.ARM_SUBSCRIPTION_ID }}
       ARM_TENANT_ID: ${{ inputs.ARM_TENANT_ID }}
       ARM_USE_OIDC: true
 
-  - name: Show TFPlan
-    id: show
-    shell: ${{ inputs.shell }}
-    working-directory: ${{ inputs.modulePath }}
-    if: steps.plan.outcome == 'success'
-    run: terraform show -no-color tfplan
-
   - name: 'Upload TFPlan Artifact'
     if: steps.plan.outcome == 'success'
     uses: actions/upload-artifact@v3
@@ -120,10 +117,14 @@ runs:
   - name: Post Plan to GitHub PR
     uses: actions/github-script@v6
     if: github.event_name == 'pull_request' && steps.plan.outcome == 'success'
-    env:
-      PLAN: "terraform\n${{ steps.show.outputs.stdout }}"
     with:
       script: |
+        const run_url = process.env.GITHUB_SERVER_URL + '/' + process.env.GITHUB_REPOSITORY + '/actions/runs/' + process.env.GITHUB_RUN_ID
+        const run_link = '<a href="' + run_url + '">Actions</a>.'
+        const fs = require('fs')
+        const plan_file = fs.readFileSync('plan.out', 'utf8')
+        const plan = plan_file.length > 65000 ? plan_file.toString().substring(0, 65000) + " ..." : plan_file
+        const truncated_message = plan_file.length > 65000 ? "Output is too long and was truncated. You can read full Plan in " + run_link + "<br /><br />" : ""
         const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
         #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
         #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
@@ -140,10 +141,11 @@ runs:
         <details><summary>Show Plan</summary>
 
         \`\`\`\n
-        ${{ steps.show.outputs.stdout }}
+        ${plan}
         \`\`\`
 
         </details>
+        ${truncated_message}
 
         *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ inputs.modulePath }}\`, Workflow: \`${{ github.workflow }}\`*`;
         

.github/workflows/platform.terraform-dependencies.yml

@@ -50,7 +50,7 @@ jobs:
               --name $rg_name \
               --location ${{ env.location }} 
           fi
-          echo ::set-output name=rg_name::$rg_name
+          echo rg_name=$rg_name >> $GITHUB_ENV
       
       - name: Create Storage Account
         if: ${{ github.event.inputs.createStorageAccount == 'true' }}

.github/workflows/scenario1.terraform.hub.yml

@@ -1,66 +1,66 @@
-name: 'Scenario 1: Terraform HUB Multi-tenant Secure Baseline'
-
-on:
-  workflow_dispatch:
-    inputs:
-      destroy:
-        description: 'Destroy resources?'
-        required: true
-        type: boolean
-        default: false
-
-  push:
-    branches:
-      - main
-    paths:
-      - '.github/workflows/terraform.scenario1.hub.yml'
-      - '.github/workflows/_template.terraform.yml'
-      - 'scenarios/secure-baseline-multitenant/terraform/solutions/hub/**'
-      - '!scenarios/secure-baseline-multitenant/terraform/solutions/hub/**.md'
-
-  pull_request:
-    branches:
-      - main
-      - feature/*
-    paths:
-      - '.github/workflows/terraform.scenario1.hub.yml'
-      - '.github/workflows/_template.terraform.yml'
-      - 'scenarios/secure-baseline-multitenant/terraform/solutions/hub/**'
-      - '!scenarios/secure-baseline-multitenant/terraform/solutions/hub/**.md'
-
-permissions:
-  id-token: write
-  contents: read
-  pull-requests: write
-
-env:
-  modulePath: 'scenarios/secure-baseline-multitenant/terraform/solutions/hub'
-  terraformVersion: 1.3.9 # must be greater than or equal to 1.2 for OIDC
-  backendStateKey: 'scenario1.hub.tfstate'
-  tfvarPath: 'Parameters/uat.tfvars'
-
-jobs:
-  prepare-environment:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout the code
-      uses: actions/checkout@main
-    outputs:
-      modulePath: ${{ env.modulePath }}
-      terraformVersion: ${{ env.terraformVersion }}
-      backendStateKey: ${{ env.backendStateKey }}
-      tfvarPath: ${{ env.tfvarPath }}
-
-  call-workflow-passing-data:
-    name: 'Terraform CICD'
-    needs: 
-    - prepare-environment
-    uses: ./.github/workflows/.template.terraform.yml
-    with:
-      modulePath: ${{ needs.prepare-environment.outputs.modulePath }}
-      terraformVersion: ${{ needs.prepare-environment.outputs.terraformVersion }}
-      backendStateKey: ${{ needs.prepare-environment.outputs.backendStateKey }}
-      tfvarPath: ${{ needs.prepare-environment.outputs.tfvarPath }}
-      # Ensure this value is a boolean
-      destroy: ${{ github.event.inputs.destroy == 'true' }}
-    secrets: inherit
+name: 'Scenario 1: Terraform HUB Multi-tenant Secure Baseline'
+
+on:
+  workflow_dispatch:
+    inputs:
+      destroy:
+        description: 'Destroy resources?'
+        required: true
+        type: boolean
+        default: false
+
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/scenario1.terraform.hub.yml'
+      - '.github/workflows/_template.terraform.yml'
+      - 'scenarios/secure-baseline-multitenant/terraform/hub/**'
+      - '!scenarios/secure-baseline-multitenant/terraform/hub/**.md'
+
+  pull_request:
+    branches:
+      - main
+      - feature/*
+    paths:
+      - '.github/workflows/scenario1.terraform.hub.yml'
+      - '.github/workflows/_template.terraform.yml'
+      - 'scenarios/secure-baseline-multitenant/terraform/hub/**'
+      - '!scenarios/secure-baseline-multitenant/terraform/hub/**.md'
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+env:
+  modulePath: 'scenarios/secure-baseline-multitenant/terraform/hub'
+  terraformVersion: 1.5.2 # must be greater than or equal to 1.2 for OIDC
+  backendStateKey: 'scenario1.hub.tfstate'
+  tfvarPath: 'Parameters/uat.tfvars'
+
+jobs:
+  prepare-environment:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@main
+    outputs:
+      modulePath: ${{ env.modulePath }}
+      terraformVersion: ${{ env.terraformVersion }}
+      backendStateKey: ${{ env.backendStateKey }}
+      tfvarPath: ${{ env.tfvarPath }}
+
+  call-workflow-passing-data:
+    name: 'Terraform CICD'
+    needs: 
+    - prepare-environment
+    uses: ./.github/workflows/.template.terraform.yml
+    with:
+      modulePath: ${{ needs.prepare-environment.outputs.modulePath }}
+      terraformVersion: ${{ needs.prepare-environment.outputs.terraformVersion }}
+      backendStateKey: ${{ needs.prepare-environment.outputs.backendStateKey }}
+      tfvarPath: ${{ needs.prepare-environment.outputs.tfvarPath }}
+      # Ensure this value is a boolean
+      destroy: ${{ github.event.inputs.destroy == 'true' }}
+    secrets: inherit

.github/workflows/scenario1.terraform.spoke.yml

@@ -1,67 +1,67 @@
-name: 'Scenario 1: Terraform SPOKE Multi-tenant Secure Baseline'
-
-on:
-  workflow_dispatch:
-    inputs:
-      destroy:
-        description: 'Destroy resources?'
-        required: true
-        type: boolean
-        default: false
-
-  push:
-    branches:
-      - main
-    paths:
-      - '.github/workflows/terraform.scenario1.spoke.yml'
-      - '.github/workflows/_template.terraform.yml'
-      - 'scenarios/secure-baseline-multitenant/terraform/solutions/spoke/**'
-      - '!scenarios/secure-baseline-multitenant/terraform/solutions/spoke/**.md'
-
-  pull_request:
-    branches:
-      - main
-      - feature/*
-    paths:
-      - '.github/workflows/terraform.scenario1.spoke.yml'
-      - '.github/workflows/_template.terraform.yml'
-      - 'scenarios/secure-baseline-multitenant/terraform/solutions/spoke/**'
-      - '!scenarios/secure-baseline-multitenant/terraform/solutions/spoke/**.md'
-
-permissions:
-  id-token: write
-  contents: read
-  pull-requests: write
-
-env:
-  modulePath: 'scenarios/secure-baseline-multitenant/terraform/solutions/spoke'
-  terraformVersion: 1.3.9 # must be greater than or equal to 1.2 for OIDC
-  backendStateKey: 'scenario1.spoke.tfstate'
-  tfvarPath: 'Parameters/uat.tfvars'
-
-jobs:
-  prepare-environment:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Checkout the code
-      uses: actions/checkout@main
-    outputs:
-      modulePath: ${{ env.modulePath }}
-      terraformVersion: ${{ env.terraformVersion }}
-      backendStateKey: ${{ env.backendStateKey }}
-      tfvarPath: ${{ env.tfvarPath }}
-
-  call-workflow-passing-data:
-    name: 'Terraform CICD'
-    needs: 
-    - prepare-environment
-    uses: ./.github/workflows/.template.terraform.yml
-    with:
-      modulePath: ${{ needs.prepare-environment.outputs.modulePath }}
-      terraformVersion: ${{ needs.prepare-environment.outputs.terraformVersion }}
-      backendStateKey: ${{ needs.prepare-environment.outputs.backendStateKey }}
-      tfvarPath: ${{ needs.prepare-environment.outputs.tfvarPath }}
-      # Ensure this value is a boolean
-      destroy: ${{ github.event.inputs.destroy == 'true' }}
-    secrets: inherit
-
+name: 'Scenario 1: Terraform SPOKE Multi-tenant Secure Baseline'
+
+on:
+  workflow_dispatch:
+    inputs:
+      destroy:
+        description: 'Destroy resources?'
+        required: true
+        type: boolean
+        default: false
+
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/scenario1.terraform.spoke.yml'
+      - '.github/workflows/_template.terraform.yml'
+      - 'scenarios/secure-baseline-multitenant/terraform/spoke/**'
+      - '!scenarios/secure-baseline-multitenant/terraform/spoke/**.md'
+
+  pull_request:
+    branches:
+      - main
+      - feature/*
+    paths:
+      - '.github/workflows/scenario1.terraform.spoke.yml'
+      - '.github/workflows/_template.terraform.yml'
+      - 'scenarios/secure-baseline-multitenant/terraform/spoke/**'
+      - '!scenarios/secure-baseline-multitenant/terraform/spoke/**.md'
+
+permissions:
+  id-token: write
+  contents: read
+  pull-requests: write
+
+env:
+  modulePath: 'scenarios/secure-baseline-multitenant/terraform/spoke'
+  terraformVersion: 1.5.2 # must be greater than or equal to 1.2 for OIDC
+  backendStateKey: 'scenario1.spoke.tfstate'
+  tfvarPath: 'Parameters/uat.tfvars'
+
+jobs:
+  prepare-environment:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@main
+    outputs:
+      modulePath: ${{ env.modulePath }}
+      terraformVersion: ${{ env.terraformVersion }}
+      backendStateKey: ${{ env.backendStateKey }}
+      tfvarPath: ${{ env.tfvarPath }}
+
+  call-workflow-passing-data:
+    name: 'Terraform CICD test'
+    needs: 
+    - prepare-environment
+    uses: ./.github/workflows/.template.terraform.yml
+    with:
+      modulePath: ${{ needs.prepare-environment.outputs.modulePath }}
+      terraformVersion: ${{ needs.prepare-environment.outputs.terraformVersion }}
+      backendStateKey: ${{ needs.prepare-environment.outputs.backendStateKey }}
+      tfvarPath: ${{ needs.prepare-environment.outputs.tfvarPath }}
+      # Ensure this value is a boolean
+      destroy: ${{ github.event.inputs.destroy == 'true' }}
+    secrets: inherit
+

.github/workflows/scenario2.terraform.yml

@@ -36,7 +36,7 @@ permissions:
 env:
   modulePath: 'scenarios/secure-baseline-ase/terraform'
   terraformVersion: 1.3.9 # must be greater than or equal to 1.2 for OIDC
-  backendStateKey: 'secure-baseline-ase.tfstate'
+  backendStateKey: 'scenario2.tfstate'
   tfvarPath: 'Parameters/uat.tfvars'
 
 jobs: