Skip to content

Bootstrap infrastructure #2

Bootstrap infrastructure

Bootstrap infrastructure #2

Workflow file for this run

---
name: Bootstrap infrastructure
on: # yamllint disable-line rule:truthy
workflow_dispatch:
inputs:
apply:
type: string
default: ""
description: 'Provide "apply!" if you actually want to apply the terraform plan on the selected environment.'
environment:
type: choice
default: test
description: Environment
required: true
options:
# main (and feature) branch deployments in respective EKS-namespace/s in non-prod AWS account
- dev
defaults:
run:
# This sets the default shell to bash with some debugging related options.
# - noprofile: do not source the profile files
# - norc: do not source rc files
# - e/errexit: exit on error status codes
# - u/nounset: exit on unset variables
# - o pipefail: pipes inherit error exit codes
shell: bash --noprofile --norc -euo pipefail {0}
jobs:
plan-apply-dev:
name: Plan and potentially apply for test
if: ${{ github.event.inputs.environment == 'dev' }}
runs-on:
- ubuntu-latest
env:
TF_WORK_DIR: ./environments/dev
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- uses: 'google-github-actions/auth@v2'
with:
project_id: ${{ vars.GOOGLE_PROJECT_ID }}
credentials_json: ${{ secrets.AUTOMATION_SA_KEY_JSON }}
- name: terraform init
run: terraform -chdir="$TF_WORK_DIR" init # -backend-config="key=$TF_STATE_FILE"
- name: terraform plan
env:
PROJECT_ID: ${{ vars.GOOGLE_PROJECT_ID }}
GH_API_TOKEN: ${{ secrets.API_ACCESS_TOKEN }}
run: |
terraform -chdir="$TF_WORK_DIR" plan -input=false -out=tfplan \
-var "github_token=$GH_API_TOKEN" \
-var "project_id=$PROJECT_ID"
- name: terraform apply
if: ${{ github.event.inputs.apply == 'apply!' }}
run: |
terraform -chdir="$TF_WORK_DIR" apply -input=false tfplan
terraform output