Bootstrap infrastructure #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Bootstrap infrastructure | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
inputs: | |
apply: | |
type: string | |
default: "" | |
description: 'Provide "apply!" if you actually want to apply the terraform plan on the selected environment.' | |
environment: | |
type: choice | |
default: test | |
description: Environment | |
required: true | |
options: | |
# main (and feature) branch deployments in respective EKS-namespace/s in non-prod AWS account | |
- dev | |
defaults: | |
run: | |
# This sets the default shell to bash with some debugging related options. | |
# - noprofile: do not source the profile files | |
# - norc: do not source rc files | |
# - e/errexit: exit on error status codes | |
# - u/nounset: exit on unset variables | |
# - o pipefail: pipes inherit error exit codes | |
shell: bash --noprofile --norc -euo pipefail {0} | |
jobs: | |
plan-apply-dev: | |
name: Plan and potentially apply for test | |
if: ${{ github.event.inputs.environment == 'dev' }} | |
runs-on: | |
- ubuntu-latest | |
env: | |
TF_WORK_DIR: ./environments/dev | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
project_id: ${{ vars.GOOGLE_PROJECT_ID }} | |
credentials_json: ${{ secrets.AUTOMATION_SA_KEY_JSON }} | |
- name: terraform init | |
run: terraform -chdir="$TF_WORK_DIR" init # -backend-config="key=$TF_STATE_FILE" | |
- name: terraform plan | |
env: | |
PROJECT_ID: ${{ vars.GOOGLE_PROJECT_ID }} | |
GH_API_TOKEN: ${{ secrets.API_ACCESS_TOKEN }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" plan -input=false -out=tfplan \ | |
-var "github_token=$GH_API_TOKEN" \ | |
-var "project_id=$PROJECT_ID" | |
- name: terraform apply | |
if: ${{ github.event.inputs.apply == 'apply!' }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" apply -input=false tfplan | |
terraform output |