Skip to content

Commit

Permalink
Drop Terraform Gradle Integration (#526)
Browse files Browse the repository at this point in the history 
* Migrate terraform to top-level GitHub Action invocation

* Add lock timeout

* Remove wait lock

* Include token variable argument

* Use elevated github token

* Correct name of apply step

* Use backtick quotes

* Show only terraform plan file

* Include lock timeout

* Include chdir for Terraform

* Include no color flag
  • Loading branch information
@ashdavies
ashdavies authored Sep 15, 2023
1 parent d86f8eb commit 3e6a708
Show file tree
Hide file tree
Showing 34 changed files with 45 additions and 121 deletions.
73 changes: 25 additions & 48 deletions .github/workflows/google-cloud.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,46 +35,39 @@ jobs:
# - name: Permissions Monitor
# uses: GitHubSecurityLab/actions-permissions/monitor@v1

- name: Checkout Repository
uses: actions/checkout@v3
- uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Setup JDK
uses: actions/setup-java@v3
- uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17

- name: Generate Token
id: generate_token
- id: token
uses: tibdex/github-app-token@v2
with:
private_key: ${{ secrets.PRIVATE_KEY }}
app_id: ${{ secrets.APP_ID }}

- name: Google Cloud Auth
id: google_cloud_auth
- id: google_cloud_auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ secrets.GOOGLE_WORKLOAD_IDENTITY }}
service_account: ${{ secrets.GOOGLE_SERVICE_ACCOUNT_ID }}
token_format: access_token

- name: Setup Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- uses: google-github-actions/setup-gcloud@v1

- name: Docker Auth
uses: docker/login-action@v3
- uses: docker/login-action@v3
with:
username: oauth2accesstoken
password: ${{ steps.google_cloud_auth.outputs.access_token }}
registry: europe-west1-docker.pkg.dev

- name: Setup Gradle Build
uses: gradle/gradle-build-action@v2
- uses: gradle/gradle-build-action@v2

- name: Containerize Cloud Run
- id: containerize
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GOOGLE_PROJECT_API_KEY: ${{ secrets.google_project_api_key }}
Expand All @@ -90,50 +83,34 @@ jobs:
--no-configuration-cache \
--console=plain \
- name: Generate Terraform Plan
- uses: hashicorp/setup-terraform@v2

- id: init
run: terraform -chdir=terraform init

- id: plan
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
PLAYGROUND_API_KEY: ${{ secrets.PLAYGROUND_API_KEY }}
TF_INPUT: 0
TF_LOG: ${{ inputs.debug && 'DEBUG' || 'ERROR' }}
TF_VAR_gh_token: ${{ steps.token.outputs.token }}
if: ${{ github.event_name == 'pull_request' }}
run: |
./gradlew google-cloud:terraformShowText \
${{ contains(github.event.pull_request.labels.*.name, 'Dry Run') && '--dry-run' || '' }} \
${{ inputs.debug && '--debug' || '--info' }} \
--no-configuration-cache \
--console=plain \
--stacktrace
terraform -chdir=terraform plan >/dev/null -lock-timeout=5m -out=.terraform/terraform.tfplan
terraform -chdir=terraform show .terraform/terraform.tfplan -no-color
- name: Show Terraform Plan
uses: actions/github-script@v6
- uses: actions/github-script@v6
if: ${{ github.event_name == 'pull_request' }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const comments = require('./.github/workflows/scripts/comments.js');
const fs = require('fs/promises');
const body = await fs.readFile('google-cloud/build/terraform/main/plan.txt', 'utf8');
await comments.create(context, github, `\`\`\`${body}\`\`\``);
const message = `\`\`\`${{ steps.plan.outputs.stdout }}\`\`\``;
await comments.create(context, github, message);
- name: Apply Terraform Plan
- id: apply
env:
GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
PLAYGROUND_API_KEY: ${{ secrets.PLAYGROUND_API_KEY }}
TF_VAR_gh_token: ${{ steps.token.outputs.token }}
TF_LOG: ${{ inputs.debug && 'DEBUG' || 'ERROR' }}
TF_INPUT: 0
if: ${{ github.ref == 'refs/heads/main' }}
run: |
./gradlew google-cloud:terraformApply \
${{ contains(github.event.pull_request.labels.*.name, 'Dry Run') && '--dry-run' || '' }} \
${{ inputs.debug && '--debug' || '--info' }} \
--no-configuration-cache \
--console=plain \
-Ptf.apply
- name: Upload Terraform Plan
uses: actions/upload-artifact@v3
with:
name: terraform-plan
path: "**/build/terraform/main/plan.txt"
if-no-files-found: error
if: ${{ github.ref == 'refs/heads/main' }}
run: terraform -chdir=terraform apply -auto-approve -lock-timeout=5m
3 changes: 3 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ node_modules/
# Local .terraform directories
**/.terraform/*

# Terraform lock files
.terraform.lock.hcl

# .tfstate files
*.tfstate
*.tfstate.*
Expand Down
1 change: 0 additions & 1 deletion google-cloud/.gitignore
View file

This file was deleted.

58 changes: 0 additions & 58 deletions google-cloud/build.gradle.kts
View file

This file was deleted.

8 changes: 0 additions & 8 deletions google-cloud/tf.sh
View file

This file was deleted.

6 changes: 6 additions & 0 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion settings.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ include(
":events-app",
":firebase-compose",
":gallery-app",
":google-cloud",
":http-client",
":image-loader",
":kotlin-gb",
Expand Down
0 google-cloud/src/main/terraform/backend.tf → terraform/backend.tf
View file
File renamed without changes.
0 ...oud/src/main/resources/gcloud_build_image → terraform/gcloud_build_image
View file
File renamed without changes.
0 google-cloud/src/main/terraform/main.tf → terraform/main.tf
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion google-cloud/src/main/terraform/modules.tf → terraform/modules.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ module "cloud-run-endpoint" {
container_image = "${var.project_region}-docker.pkg.dev/${var.project_id}/endpoints-release/endpoints-runtime-serverless:${var.esp_tag}-${var.service_name}-${module.cloud-run-endpoint.config_id}"
endpoint_name = "playground.ashdavies.dev"
esp_tag = var.esp_tag
gcloud_build_image = var.resources.gcloud-build-image.path
gcloud_build_image = var.gcloud_build_image
image_repository = "${var.project_region}-docker.pkg.dev/${var.project_id}/endpoints-release"
location = var.project_region
openapi_config = local.openapi_config
Expand Down
0 ...rraform/modules/github/repository/main.tf → terraform/modules/github/repository/main.tf
View file
File renamed without changes.
0 ...rm/modules/github/repository/variables.tf → ...rm/modules/github/repository/variables.tf
View file
File renamed without changes.
0 ...orm/modules/github/repository/versions.tf → ...orm/modules/github/repository/versions.tf
View file
File renamed without changes.
0 ...raform/modules/google/api-gateway/main.tf → terraform/modules/google/api-gateway/main.tf
View file
File renamed without changes.
0 ...m/modules/google/api-gateway/variables.tf → ...m/modules/google/api-gateway/variables.tf
View file
File renamed without changes.
0 ...rm/modules/google/api-gateway/versions.tf → ...rm/modules/google/api-gateway/versions.tf
View file
File renamed without changes.
0 ...rm/modules/google/cloud-run-build/main.tf → ...rm/modules/google/cloud-run-build/main.tf
View file
File renamed without changes.
0 ...modules/google/cloud-run-build/outputs.tf → ...modules/google/cloud-run-build/outputs.tf
View file
File renamed without changes.
0 ...dules/google/cloud-run-build/variables.tf → ...dules/google/cloud-run-build/variables.tf
View file
File renamed without changes.
0 ...odules/google/cloud-run-build/versions.tf → ...odules/google/cloud-run-build/versions.tf
View file
File renamed without changes.
0 ...modules/google/cloud-run-endpoint/main.tf → ...modules/google/cloud-run-endpoint/main.tf
View file
File renamed without changes.
0 ...ules/google/cloud-run-endpoint/outputs.tf → ...ules/google/cloud-run-endpoint/outputs.tf
View file
File renamed without changes.
0 ...es/google/cloud-run-endpoint/variables.tf → ...es/google/cloud-run-endpoint/variables.tf
View file
File renamed without changes.
0 ...les/google/cloud-run-endpoint/versions.tf → ...les/google/cloud-run-endpoint/versions.tf
View file
File renamed without changes.
0 ...orm/modules/google/github-api-key/main.tf → ...orm/modules/google/github-api-key/main.tf
View file
File renamed without changes.
0 .../modules/google/github-api-key/outputs.tf → .../modules/google/github-api-key/outputs.tf
View file
File renamed without changes.
0 ...odules/google/github-api-key/variables.tf → ...odules/google/github-api-key/variables.tf
View file
File renamed without changes.
0 ...modules/google/github-api-key/versions.tf → ...modules/google/github-api-key/versions.tf
View file
File renamed without changes.
0 google-cloud/src/main/terraform/outputs.tf → terraform/outputs.tf
View file
File renamed without changes.
0 google-cloud/src/main/terraform/providers.tf → terraform/providers.tf
View file
File renamed without changes.
Binary file added terraform/tfplan
View file
Binary file not shown.
6 changes: 6 additions & 0 deletions google-cloud/src/main/terraform/variables.tf → terraform/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,11 @@ variable "esp_tag" {
default = "2.40.0"
}

variable "gcloud_build_image" {
description = "GCloud build image script"
default = "./gcloud_build_image"
}

variable "gh_owner" {
description = "Username of the GitHub repository owner"
default = "ashdavies"
Expand All @@ -20,6 +25,7 @@ variable "gh_token" {

variable "openapi_config" {
description = "The full path of the OpenAPI configuration."
default = "../openapi-v2.yml"
}

variable "service_name" {
Expand Down
8 changes: 4 additions & 4 deletions google-cloud/src/main/terraform/versions.tf → terraform/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,19 @@ terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "~> 3.0.0"
version = "3.0.2"
}

github = {
source = "integrations/github"
version = "~> 5.0"
version = "5.36.0"
}

google = {
source = "hashicorp/google"
version = "~> 4.0"
version = "4.82.0"
}
}

required_version = ">= 0.13"
required_version = "1.5.7"
}

0 comments on commit 3e6a708

Please sign in to comment.