-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (121 loc) · 4.67 KB
/
terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: 'Terraform Azure Deployment'
on:
workflow_dispatch:
inputs:
action:
type: choice
description: Terraform action
required: true
options:
- plan
- apply
- destroy
default: plan
directory:
type: choice
description: Terraform directory to apply
required: true
options:
- terraform
- terraform-init
default: terraform
workspace:
type: choice
description: Terraform workspace used for staging
required: true
options:
- dev
- dev2
- qa
- prod
default: dev
module:
type: choice
description: Terraform module to target
required: false
options:
- all
- acr
- runner
- network
- acg
default: ''
jobs:
terraform:
name: 'Terraform Apply'
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v4
- name: 'Setup Terraform'
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- name: 'Terraform Init'
if: github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
source scripts/helper.sh
az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
az account set --subscription $ARM_SUBSCRIPTION_ID
if [[ "$(basename $PWD)" == "terraform" ]]; then
source scripts/helper.sh
export RESOURCE_GROUP_NAME=$(extract_value "resource_group_name" config.azurerm.tfbackend)
export STORAGE_ACCOUNT_NAME=$(extract_value "storage_account_name" config.azurerm.tfbackend)
export ARM_ACCESS_KEY=$(az storage account keys list --resource-group $RESOURCE_GROUP_NAME --account-name $STORAGE_ACCOUNT_NAME --query '[0].value' -o tsv)
terraform init --backend-config=config.azurerm.tfbackend
fi
terraform workspace list
terraform workspace select --or-create ${{github.event.inputs.workspace}}
terraform workspace list
- name: 'Terraform Plan'
if: github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
if [${{ github.event.inputs.module }} == "all"]; then
terraform plan -out.main.tfplan
else
terraform plan -target=module.${{ github.event.inputs.module }} -out main.tfplan
fi
- name: 'Terraform apply'
if: |
github.event.inputs.action == 'apply' &&
github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
terraform apply -auto-approve main.tfplan
- name: 'Terraform destroy'
if: |
github.event.inputs.action == 'destroy' &&
github.event.inputs.directory != ''
working-directory: ${{ github.event.inputs.directory }}
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
GITHUB_TOKEN: ${{ secrets.GH_PAT_TOKEN }}
GITHUB_OWNER: ${{ vars.GH_OWNER }}
run: |
terraform destroy -target=module.${{ github.event.inputs.module }} -auto-approve