-
Notifications
You must be signed in to change notification settings - Fork 0
141 lines (128 loc) · 4.93 KB
/
terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: 'Terraform Azure Deployment'
on:
workflow_dispatch:
inputs:
action:
type: choice
description: Terraform action
required: true
options:
- plan
- apply
- destroy
default: plan
directory:
type: choice
description: Terraform directory to apply
required: true
options:
- terraform
- terraform-init
default: terraform
workspace:
type: choice
description: Terraform workspace used for staging
required: true
options:
- dev
- dev2
- qa
- prod
default: dev
module:
type: choice
description: Terraform module to target
required: false
options:
- all
- acr
- runner
- network
- acg
default: ''
jobs:
terraform:
name: 'Terraform Apply'
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Setup Terraform'
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- name: 'Terraform Init'
if: github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
az account set --subscription $ARM_SUBSCRIPTION_ID
if [[ "$(basename $PWD)" == "terraform" ]]; then
source scripts/helper.sh
export RESOURCE_GROUP_NAME=$(extract_value "resource_group_name" config.azurerm.tfbackend)
export STORAGE_ACCOUNT_NAME=$(extract_value "storage_account_name" config.azurerm.tfbackend)
export ARM_ACCESS_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)
terraform init --backend-config=config.azurerm.tfbackend
fi
terraform workspace list
terraform workspace select --or-create ${{github.event.inputs.workspace}}
terraform workspace list
- name: 'Terraform Plan'
if: github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
if [[ "${{ github.event.inputs.module }}" == "all" ]]; then
terraform plan -out main.tfplan
else
terraform plan -target=module.${{ github.event.inputs.module }} -out main.tfplan
fi
- uses: actions/setup-python@v5
with:
python-version: '3.12'
working-directory: ${{ github.event.inputs.directory }}
- name: 'Terraform apply'
if: |
github.event.inputs.action == 'apply' &&
github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
python -m venv venv
source venv/bin/activate
which python
pip install -r requirements.txt
terraform apply -auto-approve main.tfplan
- name: 'Terraform destroy'
if: |
github.event.inputs.action == 'destroy' &&
github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
terraform destroy -target=module.${{ github.event.inputs.module }} -auto-approve