-
Notifications
You must be signed in to change notification settings - Fork 0
111 lines (96 loc) · 3.97 KB
/
testdemo.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
name: Terraform Workflow with OIDC and Artifact Upload
on:
#push:
branches:
- main
jobs:
terraform:
runs-on: ubuntu-latest
permissions:
id-token: write # Required for OIDC
contents: read # Required to access repository contents
steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
# Step 2: Setup Terraform
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.5.6
# Step 3: Configure AWS Credentials using OIDC
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.ROLE_NAME }}
aws-region: ${{ secrets.AWS_REGION }}
# Step 4: Initialize Terraform (INFO logging)
- name: Terraform Init
env:
TF_LOG: INFO # Set Terraform logging to INFO for general info messages
run: terraform init
# Step 5: Terraform Validate (DEBUG logging)
- name: Terraform Validate
env:
TF_LOG: DEBUG # Set Terraform logging to DEBUG for detailed logs
TF_LOG_PATH: terraform_validate.log
FAILURE_FLAG: false
run: |
terraform validate || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 6: Terraform Plan (INFO logging)
- name: Terraform Plan
env:
TF_LOG: INFO # Set Terraform logging to INFO for plan-related logs
TF_LOG_PATH: terraform_plan.log
FAILURE_FLAG: false
run: |
terraform plan -out=tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 7: Terraform Apply (TRACE logging)
- name: Terraform Apply
env:
TF_LOG: TRACE # Set Terraform logging to TRACE for detailed logs
TF_LOG_PATH: terraform_apply.log
FAILURE_FLAG: false
run: |
terraform apply -auto-approve tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
true # Always continue execution
# Step 8: Ensure Logs Directory Exists (DEBUG logging)
- name: Ensure Logs Directory Exists
env:
TF_LOG: DEBUG # Set Terraform logging to DEBUG for detailed process steps
run: mkdir -p $GITHUB_WORKSPACE/logs
# Step 9: Copy Logs to Logs Directory (WARN logging)
- name: Copy Logs to Logs Directory
env:
TF_LOG: WARN # Set Terraform logging to WARN to capture potential issues
run: |
cp terraform_validate.log $GITHUB_WORKSPACE/logs/ || true
cp terraform_plan.log $GITHUB_WORKSPACE/logs/ || true
cp terraform_apply.log $GITHUB_WORKSPACE/logs/ || true
echo "Files in logs directory:"
ls -alh $GITHUB_WORKSPACE/logs/
# Step 10: Print Logs on Failure (ERROR logging)
- name: Print Logs on Failure
if: failure() # Only print logs if failure occurs
env:
TF_LOG: ERROR # Set Terraform logging to ERROR to capture critical failure messages
run: |
echo "Terraform failed. Logs are as follows:"
cat $GITHUB_WORKSPACE/logs/terraform_validate.log || true
cat $GITHUB_WORKSPACE/logs/terraform_plan.log || true
cat $GITHUB_WORKSPACE/logs/terraform_apply.log || true
# Step 11: Upload Terraform Logs as Artifacts (Always, even on failure)
- name: Upload Terraform Logs as Artifacts
if: always() # Ensure this runs even if the workflow fails
uses: actions/upload-artifact@v3
with:
name: terraform-logs
path: logs/
# Step 12: Force Workflow Failure if Any Step Failed
- name: Fail Workflow if Any Step Failed
if: ${{ env.FAILURE_FLAG == 'true' }}
run: |
echo "One or more Terraform steps failed. Marking workflow as failed."
exit 1 # Exit with failure status