From 6002ad7b36dbb9a25002540e2a16cca8cfd3950c Mon Sep 17 00:00:00 2001
From: Devendraappa <devendraappa.kune@gmail.com>
Date: Mon, 23 Dec 2024 16:22:20 +0530
Subject: [PATCH] Create test.yaml

---
 .github/workflows/test.yaml | 120 ++++++++++++++++++++++++++++++++++++
 1 file changed, 120 insertions(+)
 create mode 100644 .github/workflows/test.yaml

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
new file mode 100644
index 0000000..2088b19
--- /dev/null
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,120 @@
+name: Terraform Workflow with OIDC, S3 Logging, and Email Notification
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  terraform:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write  # Required for OIDC
+      contents: read   # Required to access repository contents
+
+    steps:
+      # Step 1: Checkout the repository
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      # Step 2: Setup Terraform
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.5.6
+
+      # Step 3: Configure AWS Credentials using OIDC
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.ROLE_NAME }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      # Step 4: Initialize Terraform (INFO logging)
+      - name: Terraform Init
+        env:
+          TF_LOG: INFO  # Set Terraform logging to INFO for general info messages
+        run: terraform init
+
+      # Step 5: Terraform Validate (DEBUG logging)
+      - name: Terraform Validate
+        env:
+          TF_LOG: DEBUG  # Set Terraform logging to DEBUG for detailed logs
+          TF_LOG_PATH: terraform_validate.log
+          FAILURE_FLAG: false
+        run: |
+          terraform validate || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
+          true  # Always continue execution
+
+      # Step 6: Terraform Plan (INFO logging)
+      - name: Terraform Plan
+        env:
+          TF_LOG: INFO  # Set Terraform logging to INFO for plan-related logs
+          TF_LOG_PATH: terraform_plan.log
+          FAILURE_FLAG: false
+        run: |
+          terraform plan -out=tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
+          true  # Always continue execution
+
+      # Step 7: Terraform Apply (TRACE logging)
+      - name: Terraform Apply
+        env:
+          TF_LOG: TRACE  # Set Terraform logging to TRACE for detailed logs
+          TF_LOG_PATH: terraform_apply.log
+          FAILURE_FLAG: false
+        run: |
+          terraform apply -auto-approve tfplan || echo "FAILURE_FLAG=true" >> $GITHUB_ENV
+          true  # Always continue execution
+
+      # Step 8: Ensure Logs Directory Exists (DEBUG logging)
+      - name: Ensure Logs Directory Exists
+        env:
+          TF_LOG: DEBUG  # Set Terraform logging to DEBUG for detailed process steps
+        run: mkdir -p $GITHUB_WORKSPACE/logs
+
+      # Step 9: Copy Logs to Logs Directory (WARN logging)
+      - name: Copy Logs to Logs Directory
+        env:
+          TF_LOG: WARN  # Set Terraform logging to WARN to capture potential issues
+        run: |
+          cp terraform_validate.log $GITHUB_WORKSPACE/logs/ || true
+          cp terraform_plan.log $GITHUB_WORKSPACE/logs/ || true
+          cp terraform_apply.log $GITHUB_WORKSPACE/logs/ || true
+          echo "Files in logs directory:"
+          ls -alh $GITHUB_WORKSPACE/logs/
+
+      # Step 10: Upload Logs to S3 (Both Success and Failure)
+      - name: Upload Logs to S3
+        if: always()  # Ensure this runs even if the workflow fails
+        run: |
+          aws s3 cp $GITHUB_WORKSPACE/logs/ s3://${{ secrets.S3_BUCKET_NAME }}/logs/ --recursive
+
+      # Step 11: Print Logs on Failure (ERROR logging)
+      - name: Print Logs on Failure
+        if: failure()  # Only print logs if failure occurs
+        env:
+          TF_LOG: ERROR  # Set Terraform logging to ERROR to capture critical failure messages
+        run: |
+          echo "Terraform failed. Logs are as follows:"
+          cat $GITHUB_WORKSPACE/logs/terraform_validate.log || true
+          cat $GITHUB_WORKSPACE/logs/terraform_plan.log || true
+          cat $GITHUB_WORKSPACE/logs/terraform_apply.log || true
+
+      # Step 12: Send Email Notification (Success or Failure)
+      - name: Send Email Notification
+        if: always()  # Ensure this runs even if the workflow fails
+        run: |
+          SUBJECT="Terraform Workflow Status - ${{ job.status }}"
+          BODY="The Terraform workflow has completed with status: ${{ job.status }}. Please check the logs for details."
+          aws ses send-email \
+            --from ${{ secrets.SENDER_EMAIL }} \
+            --destination "ToAddresses=${{ secrets.RECIPIENT_EMAIL }}" \
+            --message "Subject={Data=$SUBJECT},Body={Text={Data=$BODY}}"
+
+      # Step 13: Force Workflow Failure if Any Step Failed
+      - name: Fail Workflow if Any Step Failed
+        if: ${{ env.FAILURE_FLAG == 'true' }}
+        run: |
+          echo "One or more Terraform steps failed. Marking workflow as failed."
+          exit 1  # Exit with failure status