Skip to content

Update newdestroy.yaml #24

Update newdestroy.yaml

Update newdestroy.yaml #24

Workflow file for this run

name: Terraform Workflow with OIDC, SNS Notification, and Artifact Upload
on:
#push:
branches:
- main
jobs:
terraform:
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC
contents: read # Required to access repository contents
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
# Step 2: Setup Terraform
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.6
# Step 3: Configure AWS Credentials using OIDC
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.ROLE_NAME }}
aws-region: ${{ secrets.AWS_REGION }}
# Step 4: Initialize Terraform (INFO logging)
- name: Terraform Init
env:
TF_LOG: INFO # Set Terraform logging to INFO for general info messages
run: terraform init
# Step 5: Terraform Validate (DEBUG logging)
- name: Terraform Validate
env:
TF_LOG: DEBUG # Set Terraform logging to DEBUG for detailed logs
TF_LOG_PATH: terraform_validate.log
run: |
terraform validate || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 6: Terraform Plan (INFO logging)
- name: Terraform Plan
env:
TF_LOG: INFO # Set Terraform logging to INFO for plan-related logs
TF_LOG_PATH: terraform_plan.log
run: |
terraform plan -out=tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 7: Terraform Apply (TRACE logging)
- name: Terraform Apply
env:
TF_LOG: TRACE # Set Terraform logging to TRACE for detailed logs
TF_LOG_PATH: terraform_apply.log
run: |
terraform apply -auto-approve tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 8: Ensure Logs Directory Exists (DEBUG logging)
- name: Ensure Logs Directory Exists
env:
TF_LOG: DEBUG # Set Terraform logging to DEBUG for detailed process steps
run: mkdir -p $GITHUB_WORKSPACE/logs
# Step 9: Copy Logs to Logs Directory (WARN logging)
- name: Copy Logs to Logs Directory
env:
TF_LOG: WARN # Set Terraform logging to WARN to capture potential issues
run: |
cp terraform_validate.log $GITHUB_WORKSPACE/logs/ || true
cp terraform_plan.log $GITHUB_WORKSPACE/logs/ || true
cp terraform_apply.log $GITHUB_WORKSPACE/logs/ || true
echo "Files in logs directory:"
ls -alh $GITHUB_WORKSPACE/logs/
# Step 10: Print Logs on Failure (ERROR logging)
- name: Print Logs on Failure
if: failure() # Only print logs if failure occurs
env:
TF_LOG: ERROR # Set Terraform logging to ERROR to capture critical failure messages
run: |
echo "Terraform failed. Logs are as follows:"
cat $GITHUB_WORKSPACE/logs/terraform_validate.log || true
cat $GITHUB_WORKSPACE/logs/terraform_plan.log || true
cat $GITHUB_WORKSPACE/logs/terraform_apply.log || true
# Step 11: Upload Terraform Logs as Artifacts (Always, even on failure)
- name: Upload Terraform Logs as Artifacts
if: always() # Ensure this runs even if the workflow fails
uses: actions/upload-artifact@v3
with:
name: terraform-logs
path: logs/
# Step 12: Upload Logs to S3 (Both Success and Failure)
- name: Upload Logs to S3
if: always() # Ensure this runs even if the workflow fails
run: |
aws s3 cp $GITHUB_WORKSPACE/logs/ s3://${{ secrets.S3_BUCKET_NAME }}/logs/ --recursive
# Step 13: Send SNS Notification (Success or Failure)
- name: Send SNS Notification
if: always() # Ensure this runs even if the workflow fails or succeeds
run: |
# Check the FAILURE_FLAG to determine whether the workflow failed
if [[ "${{ env.FAILURE_FLAG }}" == "true" ]]; then
SUBJECT="Terraform Workflow Status - failure"
BODY="The Terraform workflow has failed. Please check the logs for details."
else
SUBJECT="Terraform Workflow Status - success"
BODY="The Terraform workflow has completed successfully. Please check the logs for details."
fi
# Publish the SNS message with the status
aws sns publish \
--topic-arn arn:aws:sns:${{ secrets.AWS_REGION }}:${{ secrets.AWS_ACCOUNT_ID }}:${{ secrets.SNS_TOPIC_NAME }} \
--message "$BODY" \
--subject "$SUBJECT"
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
# Step 14: Force Workflow Failure if Any Step Failed
- name: Fail Workflow if Any Step Failed
if: ${{ env.FAILURE_FLAG == 'true' }}
run: |
echo "One or more Terraform steps failed. Marking workflow as failed."
exit 1 # Exit with failure status