chore(ci): adding in raw terraform commands

Pocket · Aug 15, 2024 · 54fe08c · 54fe08c
1 parent c1d6c74
commit 54fe08c
Show file tree

Hide file tree

Showing 4 changed files with 188 additions and 34 deletions.
diff --git a/.github/actions/cdktf/action.yml b/.github/actions/cdktf/action.yml
@@ -11,19 +11,36 @@ inputs:
     description: 'The node environment to build for'
     required: true
     default: 'development'
+  behavior:
+    description: The behavior that Terraform should use, either plan or apply
+    required: true
 
 runs:
   using: 'composite'
   steps:
-  # TODO: These need to request AWS credentials to run terraform
-  # Since this is a composite step, it may be easier to request these in the calling workflow
     - name: Install tfenv
       shell: bash
-      # NOTE: May want to cache TFENV in the future.. TBD
       run: |
-        git clone https://github.com/tfutils/tfenv.git ~/.tfenv
+        git clone --depth=1 https://github.com/tfutils/tfenv.git ~/.tfenv
         echo "PATH=$HOME/.tfenv/bin:$PATH" >> $GITHUB_ENV
 
+    # Setup Terraform Comment
+    - uses: shmokmt/actions-setup-tfcmt@v2
+
+    # Let's tell github actions we want to cache all the terraform verisons we install.
+    # We do this to speed up terraform installing, as the cache will cache the terraform versions we download.
+    - name: Cache tfenv installations
+      uses: actions/cache@v2
+      with:
+        path: |
+          ~/.tfenv/versions
+        key: ${{ runner.os }}-tfenv-${{ hashFiles('**/.terraform-version') }}
+        restore-keys: |
+          ${{ runner.os }}-tfenv-
+
+  # TODO: These need to request AWS credentials to run terraform
+  # It may be best to not do AWS credentials here and do it in the calling workflow.. TBD
+
     - name: Install pnpm & node
       uses: ./.github/actions/install-pnpm-and-node
       with:
@@ -35,10 +52,25 @@ runs:
           export NODE_ENV=${{ inputs['environment'] }}
           pnpm run synth --filter=${{ inputs['scope'] }}...
 
-    - name: Plan CDKTF
+    - name: Init Terraform
       shell: bash
       run: |
           cd ${{ inputs['stack-output-path'] }}
           tfenv install
           tfenv use
-          terraform init
+          terraform init
+
+    # Once TFCMT supports no change applies, change terraform apply to
+    # tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} apply -- terraform apply -auto-approve -lock-timeout=10m
+    # https://github.com/suzuki-shunsuke/tfcmt/issues/1184
+    - name: Plan/Apply CDKTF
+      shell: bash
+      run: |
+        cd ${{ inputs.stack-output-path }}
+        if [ "${{ inputs.behavior }}" = "apply" ]; then
+          echo "Apply behavior specified, applying terraform configuration in ${{ inputs.environment }}."
+          terraform apply
+        else
+          echo "Plan behavior specified, planning terraform configuration in ${{ inputs.environment }}."
+          tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} plan --skip-no-changes --patch -- terraform plan -lock-timeout=10m
+        fi
diff --git a/.github/actions/raw-terraform/action.yml b/.github/actions/raw-terraform/action.yml
@@ -0,0 +1,76 @@
+name: 'Execute Raw Terraform'
+description: 'Builds and either plans or applies a terraform environment'
+inputs:
+  scope:
+    description: 'Turbo Repo scope to run the build for'
+    required: true
+  stack-output-path:
+    description: 'The path where CDKTF outputs the terraform json'
+    required: true
+  environment:
+    description: 'The node environment to build for'
+    required: true
+    default: 'development'
+  behavior:
+    description: The behavior that Terraform should use, either plan or apply
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install tfenv
+      shell: bash
+      run: |
+        git clone --depth=1 https://github.com/tfutils/tfenv.git ~/.tfenv
+
+    # Setup Terraform Comment
+    - uses: shmokmt/actions-setup-tfcmt@v2
+
+    # Let's tell github actions we want to cache all the terraform verisons we install.
+    # We do this to speed up terraform installing, as the cache will cache the terraform versions we download.
+    - name: Cache tfenv installations
+      uses: actions/cache@v2
+      with:
+        path: |
+          ~/.tfenv/versions
+        key: ${{ runner.os }}-tfenv-${{ hashFiles('**/.terraform-version') }}
+        restore-keys: |
+          ${{ runner.os }}-tfenv-
+
+  # TODO: These need to request AWS credentials to run terraform
+  # It may be best to not do AWS credentials here and do it in the calling workflow.. TBD
+
+    - name: Copy Terraform Vars
+      shell: bash
+      run: |
+        cd ${{ inputs.stack-output-path }}
+        if [ "${{ inputs.environment }}" = "development" ]; then
+          echo "Development environment specified, copying development tf vars"
+          cp dev_backend.tfvars backend.tf
+        else
+          echo "Production environment specified, copying production tf vars"
+          cp prod_backend.tfvars backend.tf    
+        fi
+
+    - name: Init Terraform
+      shell: bash
+      run: |
+          cd ${{ inputs['stack-output-path'] }}
+          tfenv install
+          tfenv use
+          terraform init
+
+    # Once TFCMT supports no change applies, change terraform apply to
+    # tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} apply -- terraform apply -auto-approve -lock-timeout=10m
+    # https://github.com/suzuki-shunsuke/tfcmt/issues/1184
+    - name: Plan/Apply CDKTF
+      shell: bash
+      run: |
+        cd ${{ inputs.stack-output-path }}
+        if [ "${{ inputs.behavior }}" = "apply" ]; then
+          echo "Apply behavior specified, applying terraform configuration in ${{ inputs.environment }}."
+          terraform apply
+        else
+          echo "Plan behavior specified, planning terraform configuration in ${{ inputs.environment }}."
+          tfcmt --var target:${{ inputs.scope }}-${{ inputs.environment }} plan --skip-no-changes --patch -- terraform plan -lock-timeout=10m
+        fi
diff --git a/.github/workflows/infrastructure.yml b/.github/workflows/infrastructure.yml
@@ -1,16 +1,28 @@
-name: 'Re-usable Docker Build Flow'
+name: 'Re-usable Infrastructure Workflow'
 on:
   workflow_call:
     inputs:
       scope:
         description: 'Turbo Repo scope to run the build for'
-        required: true
+        required: false
         type: string
       stack-output-path:
         description: 'The path where CDKTF outputs the terraform json'
-        required: true
+        required: false
         type: string
-
+      raw-terraform:
+        description: 'Whether or not this service uses raw terraform'
+        required: false
+        default: false
+        type: boolean
+    outputs:
+      terraform-output:
+        description: "The output of terraform apply"
+        value: ${{ jobs.apply.outputs.terraform-output }}
+
+# Allow Terraform Comment to write to PRs
+permissions:
+  pull-requests: write  
 
 jobs:
 
@@ -24,38 +36,69 @@ jobs:
           uses: actions/checkout@v4
 
         - name: Execute CDKTF
+          if: inputs.raw-terraform == false
           uses: ./.github/actions/cdktf
           with:
             stack-output-path: ${{inputs['stack-output-path']}}
             scope: ${{inputs['scope']}}
             environment: production
+            behavior: plan
+        - name: Execute Raw Terraform
+          if: inputs.raw-terraform == true
+          uses: ./.github/actions/raw-terraform
+          with:
+            stack-output-path: ${{inputs['stack-output-path']}}
+            scope: ${{inputs['scope']}}
+            environment: production
+            behavior: plan
 
-
-    development:
-      if: github.ref == 'refs/heads/dev'
+    apply:
+      if: github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main'
       runs-on: ubuntu-latest
+      outputs:
+        terraform-output: ${{ steps.set_output.outputs.terraform-output }}
       steps:        
         - name: Checkout
           uses: actions/checkout@v4
-        - name: Execute CDKTF
+
+        - name: Execute Development CDKTF
+          if: inputs.raw-terraform == false && github.ref == 'refs/heads/dev'
           uses: ./.github/actions/cdktf
           with:
             stack-output-path: ${{inputs['stack-output-path']}}
             scope: ${{inputs['scope']}}
             environment: development
-
-
-
-    production:
-      if: github.ref == 'refs/heads/main'
-      runs-on: ubuntu-latest
-      steps:
-        - name: Checkout
-          uses: actions/checkout@v4
+            behavior: apply
+        - name: Execute Developement Raw Terraform
+          if: inputs.raw-terraform == true && github.ref == 'refs/heads/dev'
+          uses: ./.github/actions/raw-terraform
+          with:
+            stack-output-path: ${{inputs['stack-output-path']}}
+            scope: ${{inputs['scope']}}
+            environment: development
+            behavior: apply
 
-        - name: Execute CDKTF
+        - name: Execute Production CDKTF
+          if: inputs.raw-terraform == false && github.ref == 'refs/heads/main'
           uses: ./.github/actions/cdktf
           with:
             stack-output-path: ${{inputs['stack-output-path']}}
             scope: ${{inputs['scope']}}
-            environment: production
+            environment: production
+            behavior: apply
+        - name: Execute Production Raw Terraform
+          if: inputs.raw-terraform == true && github.ref == 'refs/heads/main'
+          uses: ./.github/actions/raw-terraform
+          with:
+            stack-output-path: ${{inputs['stack-output-path']}}
+            scope: ${{inputs['scope']}}
+            environment: production
+            behavior: apply
+        - name: Set Output Based on Condition
+          id: set_output
+          run: |
+            echo "Grabbing Terraform Output"
+            cd ${{inputs['stack-output-path']}}
+            echo "terraform-output=$(terraform output -json)" >> $GITHUB_OUTPUT
+            echo '::set-output name=terraform-output::'
+    
diff --git a/.github/workflows/user-api.yml b/.github/workflows/user-api.yml
@@ -27,9 +27,19 @@ jobs:
     # Ensure the re-usable workflow is allowed to access the secrets
     secrets: inherit
 
+  # It's infrastructure time, run the infrastructure update commands
+  infrastructure:
+    uses: ./.github/workflows/infrastructure.yml
+    with:
+      scope: user-api-cdk
+      stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api
+    # Ensure the re-usable workflow is allowed to access the secrets
+    secrets: inherit
+
   # Let's try building and conidtionally pushing our docker image to the necessary account.
   build-and-push-image:
     uses: ./.github/workflows/build-and-push-image.yml
+    #needs: [infrastructure]
     with:
       scope: user-api
       app-path: servers/user-api
@@ -39,15 +49,8 @@ jobs:
     # Ensure the re-usable workflow is allowed to access the secrets
     secrets: inherit
 
-  # It's infrastructure time, run the infrastructure update commands
-  infrastructure:
-    uses: ./.github/workflows/infrastructure.yml
-    with:
-      scope: user-api-cdk
-      stack-output-path: infrastructure/user-api/cdktf.out/stacks/user-api
-    # Ensure the re-usable workflow is allowed to access the secrets
-    secrets: inherit
-
   # deploy:
   #  needs: [infrastructure]
+  #   with:
+  #      terraform-output: ${{ needs.infrastructure.outputs.terraform-output }}