merger #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "F5XC + NAP Apply" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| terraform_infra: | |
| name: "AWS Infra" | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./infra | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| - name: Cache Terraform Plugins | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.terraform.d/plugin-cache | |
| key: terraform-plugins-${{ runner.os }}-${{ hashFiles('**/.terraform.lock.hcl') }} | |
| restore-keys: | | |
| terraform-plugins-${{ runner.os }}- | |
| - name: Show Terraform Version | |
| run: terraform version | |
| - name: Setup Terraform Backend | |
| run: | | |
| cat > backend.tf << EOF | |
| terraform { | |
| cloud { | |
| organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" | |
| workspaces { | |
| name = "${{ secrets.TF_CLOUD_WORKSPACE_INFRA }}" | |
| } | |
| } | |
| } | |
| EOF | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate -no-color | |
| - name: Terraform Plan | |
| id: plan | |
| if: github.event_name == 'pull_request' | |
| run: terraform plan -no-color -input=false | tee plan.txt | |
| continue-on-error: true | |
| - name: Capture Terraform Plan Output | |
| if: github.event_name == 'pull_request' | |
| run: echo "PLAN=$(cat plan.txt)" >> $GITHUB_ENV | |
| - uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PLAN: ${{ env.PLAN }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `#### Terraform Initialization ⚙️\n\`${{ steps.init.outcome }}\` | |
| #### Terraform Validation 🤖\n\`${{ steps.validate.outcome }}\` | |
| #### Terraform Plan 📖\n\`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\` | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details> | |
| *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }); | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome != 'success' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| run: terraform apply -auto-approve -input=false | |
| terraform_eks: | |
| name: "AWS EKS" | |
| runs-on: ubuntu-latest | |
| needs: terraform_infra | |
| defaults: | |
| run: | |
| working-directory: ./eks-cluster | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate -no-color | |
| - name: Terraform Plan | |
| id: plan | |
| if: github.event_name == 'pull_request' | |
| run: terraform plan -no-color -input=false | tee plan.txt | |
| continue-on-error: true | |
| - name: Capture Terraform Plan Output | |
| if: github.event_name == 'pull_request' | |
| run: echo "PLAN=$(cat plan.txt)" >> $GITHUB_ENV | |
| - uses: actions/github-script@v6 | |
| if: github.event_name == 'pull_request' | |
| env: | |
| PLAN: ${{ env.PLAN }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `#### Terraform Plan 📖\n\`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\` | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details>`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }); | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| run: terraform apply -auto-approve -input=false | |
| terraform_nap: | |
| name: "NGINX App Protect" | |
| runs-on: ubuntu-latest | |
| needs: terraform_eks | |
| defaults: | |
| run: | |
| working-directory: ./nap | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate -no-color | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| run: terraform apply -auto-approve -input=false | |
| terraform_arcadia: | |
| name: "Arcadia WebApp" | |
| runs-on: ubuntu-latest | |
| needs: [terraform_nap, terraform_eks] | |
| defaults: | |
| run: | |
| working-directory: ./arcadia | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Validate | |
| run: terraform validate -no-color | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| run: terraform apply -auto-approve -input=false | |