-
Notifications
You must be signed in to change notification settings - Fork 0
155 lines (132 loc) · 4.24 KB
/
terraform.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Terraform
on:
workflow_dispatch:
push:
branches:
- dev
- main
- ssoteam-2035
paths:
- terraform-ecs/**
- loki-authorizer/**
- .github/**
- grafana-config/*
env:
TF_VERSION: 1.9.7
GITHUB_REGISTRY: ghcr.io
IMAGE_NAME: bcgov/sso-loki
jobs:
# build-and-push-image:
# runs-on: ubuntu-22.04
# permissions:
# contents: read
# packages: write
# steps:
# - uses: actions/checkout@v4
# - name: Log in to the GitHub Container registry
# uses: docker/login-action@v3
# with:
# registry: ${{ env.GITHUB_REGISTRY }}
# username: ${{ github.actor }}
# password: ${{ secrets.GITHUB_TOKEN }}
# - name: Extract metadata (tags, labels) for Docker
# id: meta
# uses: docker/metadata-action@v5
# with:
# images: ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
# tags: |
# type=ref,event=branch
# type=sha,format=long
# - name: Build and push Docker image
# uses: docker/build-push-action@v5
# with:
# context: grafana-config
# push: true
# tags: ${{ steps.meta.outputs.tags }}
# labels: ${{ steps.meta.outputs.labels }}
terraform:
# needs: build-and-push-image
permissions: write-all
runs-on: ubuntu-20.04
steps:
- uses: hmarr/debug-action@v3
- uses: actions/checkout@v4
- name: Install asdf
uses: asdf-vm/actions/setup@v3
- name: Cache tools
uses: actions/cache@v4
with:
path: /home/runner/.asdf
key: ${{ runner.os }}-${{ hashFiles('**/.tool-versions') }}
- name: Install required tools
run: |
cat .tool-versions | cut -f 1 -d ' ' | xargs -n 1 asdf plugin-add || true
asdf plugin-update --all
asdf install
asdf reshim
shell: bash
- name: Set env to development
if: (github.ref == 'refs/heads/ssoteam-2035' && github.event_name == 'push')
run: |
cat >> $GITHUB_ENV <<EOF
TERRAFORM_DEPLOY_ROLE_ARN=${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN_DEV }}
LOKI_AUTH_TOKEN=${{ secrets.LOKI_AUTH_TOKEN_DEV }}
LOKI_BUCKET_NAME=${{ vars.LOKI_BUCKET_NAME_DEV }}
S3_BACKEND_NAME=${{vars.S3_BACKEND_NAME_DEV}}
LOKI_TAG=dev
LOKI_READ_CPU=256
LOKI_READ_MEMORY=512
RETENTION_PERIOD=7d
SUBNET_A=Web_Dev_aza_net
SUBNET_B=Web_Dev_azb_net
EOF
# - name: Set env to production
# if: (github.ref == 'refs/heads/main' && github.event_name == 'push')
# run: |
# cat >> $GITHUB_ENV <<EOF
# TERRAFORM_DEPLOY_ROLE_ARN=${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN_PROD }}
# LOKI_AUTH_TOKEN=${{ secrets.LOKI_AUTH_TOKEN_PROD }}
# LOKI_BUCKET_NAME=${{ vars.LOKI_BUCKET_NAME_PROD }}
# S3_BACKEND_NAME=${{vars.S3_BACKEND_NAME_PROD}}
# LOKI_TAG=main
# LOKI_READ_CPU=512
# LOKI_READ_MEMORY=2048
# RETENTION_PERIOD=180d
# SUBNET_A=Web_Prod_aza_net
# SUBNET_B=Web_Prod_azb_net
# EOF
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.TERRAFORM_DEPLOY_ROLE_ARN }}
aws-region: ca-central-1
- name: Build Lambdas
working-directory: ./loki-authorizer
run: make build
- name: Terraform Init
working-directory: ./terraform-ecs
run: |
cat <<EOF > backend.hcl
bucket = "${{ env.S3_BACKEND_NAME }}"
key = "tf-state"
region = "ca-central-1"
EOF
terraform init -backend-config=backend.hcl
- name: Terraform Variables
working-directory: ./terraform-ecs
run: |
cat >"ci.auto.tfvars" <<EOF
auth_secret="${{env.LOKI_AUTH_TOKEN}}"
bucket_name="${{ env.LOKI_BUCKET_NAME }}"
loki_read_cpu="${{env.LOKI_READ_CPU}}"
loki_read_memory="${{env.LOKI_READ_MEMORY}}"
retention_period="${{env.RETENTION_PERIOD}}"
subnet_a="${{env.SUBNET_A}}"
subnet_b="${{env.SUBNET_B}}"
EOF
- name: Terraform Plan
run: terraform plan -no-color
working-directory: ./terraform-ecs
- name: Terraform Apply
run: terraform apply -auto-approve
working-directory: ./terraform-ecs