-
-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (103 loc) · 3.88 KB
/
use-multiple-platforms.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: use-multiple-platforms
on:
push:
workflow_dispatch:
jobs:
provisioning:
timeout-minutes: 10
runs-on: ${{ matrix.runs-on }}
strategy:
matrix:
backend:
- azurerm
- gcs
- s3
runs-on:
- ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Export UIDs as environment variables
run: |
cat<<EOE > .env
# Todo https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses
TF_VAR_allowed_ipaddr_list=["0.0.0.0/0"]
EOE
echo "UID=$(id -u)" >> .env
echo "GID=$(id -g)" >> .env
echo "DOCKER_GID=$(getent group docker | cut -d : -f 3)" >> .env
- name: Set the backend type to ${{ matrix.backend }}
run: |
echo "_TERRAFORM_BACKEND_TYPE=${{ matrix.backend }}" >> .env
- name: Generate and export Project ID as the environment variable
run: |
export _B=${{ matrix.backend }}
export _R=${{ matrix.runs-on }}
echo "PROJECT_UNIQUE_ID=${PROJECT_UNIQUE_ID}-m${_B:0:1}${_R:0:1}" >> .env
env:
PROJECT_UNIQUE_ID: ${{ secrets.PROJECT_UNIQUE_ID }}
- name: Export credentials
run: |
echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" >> .env
echo "AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID}" >> .env
echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> .env
echo "ARM_CLIENT_ID=${ARM_CLIENT_ID}" >> .env
echo "ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET}" >> .env
echo "ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID}" >> .env
echo "ARM_TENANT_ID=${ARM_TENANT_ID}" >> .env
echo "CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT}" >> .env
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
CLOUDSDK_CORE_PROJECT: ${{ secrets.CLOUDSDK_CORE_PROJECT }}
- name: Export GOOGLE_SA_KEY
run: |
echo ${GOOGLE_SA_KEY} > config/credentials/google-cloud-keyfile.provisioning-owner.json
jq -e '. | select(.type=="service_account")' config/credentials/google-cloud-keyfile.provisioning-owner.json > /dev/null
env:
GOOGLE_SA_KEY: ${{ secrets.GOOGLE_SA_KEY }}
- name: (debug)Check services
run: |
docker compose config
- name: Build containers
timeout-minutes: 4
run: |
docker compose build
- name: Start the service
timeout-minutes: 4
run: |
docker compose up --detach
while :
do
docker compose ps --format=json provisioning\
| jq -e '.[] | select(.Health=="healthy")' 2> /dev/null\
&& break
sleep 1
done
- name: Show service logs
timeout-minutes: 1
run: |
docker compose logs
- name: Exec Terraform - check the format for each tf file
run: |
docker compose exec provisioning terraform fmt -check -recursive
- name: Exec Terraform - validate
run: |
docker compose exec provisioning terraform validate
- name: Exec Terraform - dry-run
timeout-minutes: 1
run: |
docker compose exec provisioning terraform plan
- name: Exec Terraform - apply
timeout-minutes: 1
if: github.ref == 'refs/heads/main'
run: |
docker compose exec provisioning terraform apply -auto-approve
- name: Stop the service
timeout-minutes: 1
run: |
docker compose down