Update testdemo.yaml #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Workflow with OIDC and Artifact Upload | |
| on: | |
| #push: | |
| branches: | |
| - main | |
| jobs: | |
| terraform: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # Required for OIDC | |
| contents: read # Required to access repository contents | |
| steps: | |
| # Step 1: Checkout the repository | |
| - name: Checkout Code | |
| uses: actions/checkout@v3 | |
| # Step 2: Setup Terraform | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.5.6 | |
| # Step 3: Configure AWS Credentials using OIDC | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.ROLE_NAME }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| # Step 4: Initialize Terraform | |
| - name: Terraform Init | |
| run: terraform init | |
| # Step 5: Terraform Validate | |
| - name: Terraform Validate | |
| env: | |
| TF_LOG: DEBUG | |
| TF_LOG_PATH: terraform_validate.log | |
| FAILURE_FLAG: false | |
| run: | | |
| terraform validate || echo "FAILURE_FLAG=true" >> $GITHUB_ENV | |
| true # Always continue execution | |
| # Step 6: Terraform Plan | |
| - name: Terraform Plan | |
| env: | |
| TF_LOG: INFO | |
| TF_LOG_PATH: terraform_plan.log | |
| FAILURE_FLAG: false | |
| run: | | |
| terraform plan -out=tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV | |
| true # Always continue execution | |
| # Step 7: Terraform Apply | |
| - name: Terraform Apply | |
| env: | |
| TF_LOG: TRACE | |
| TF_LOG_PATH: terraform_apply.log | |
| FAILURE_FLAG: false | |
| run: | | |
| terraform apply -auto-approve tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV | |
| true # Always continue execution | |
| # Step 8: Ensure Logs Directory Exists | |
| - name: Ensure Logs Directory Exists | |
| run: mkdir -p $GITHUB_WORKSPACE/logs | |
| # Step 9: Copy Logs to Logs Directory | |
| - name: Copy Logs to Logs Directory | |
| run: | | |
| cp terraform_validate.log $GITHUB_WORKSPACE/logs/ || true | |
| cp terraform_plan.log $GITHUB_WORKSPACE/logs/ || true | |
| cp terraform_apply.log $GITHUB_WORKSPACE/logs/ || true | |
| echo "Files in logs directory:" | |
| ls -alh $GITHUB_WORKSPACE/logs/ | |
| # Step 10: Print Logs on Failure | |
| - name: Print Logs on Failure | |
| if: failure() # Only print logs if failure occurs | |
| run: | | |
| echo "Terraform failed. Logs are as follows:" | |
| cat $GITHUB_WORKSPACE/logs/terraform_validate.log || true | |
| cat $GITHUB_WORKSPACE/logs/terraform_plan.log || true | |
| cat $GITHUB_WORKSPACE/logs/terraform_apply.log || true | |
| # Step 11: Upload Terraform Logs as Artifacts (Always, even on failure) | |
| - name: Upload Terraform Logs as Artifacts | |
| if: always() # Ensure this runs even if the workflow fails | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: terraform-logs | |
| path: logs/ | |
| # Step 12: Force Workflow Failure if Any Step Failed | |
| - name: Fail Workflow if Any Step Failed | |
| if: ${{ env.FAILURE_FLAG == 'true' }} | |
| run: | | |
| echo "One or more Terraform steps failed. Marking workflow as failed." | |
| exit 1 # Exit with failure status |