-
Notifications
You must be signed in to change notification settings - Fork 0
160 lines (141 loc) · 5.86 KB
/
terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: 'Terraform'
on:
push:
branches:
- main
workflow_dispatch:
inputs:
# Working directory input from user.
terraform_operation:
description: "Terraform operation: plan, apply, destroy"
required: true
default: "plan"
type: choice
options:
- plan
- apply
- destroy
jobs:
Terraform:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Terraform Init
run: |
export TF_VAR_USERNAME=$DB_USERNAME
export TF_VAR_PASSWORD=$DB_PASSWORD
export TF_VAR_S3_BUCKET_NAME=$S3_BUCKET_NAME
export TF_VAR_S3_BUCKET_POLICY_ACTIONS=$S3_BUCKET_POLICY_ACTIONS
export TF_VAR_DB_IDENTIFIER=$DB_IDENTIFIER
export TF_VAR_PUBLIC_KEY=$PUBLIC_KEY
export TF_VAR_CERTIFICATE_DOMAIN=$CERTIFICATE_DOMAIN
export TF_VAR_DNS=$DNS
export TF_VAR_GATEWAY_DNS=$GATEWAY_DNS
terraform init
env:
DB_USERNAME: ${{secrets.DB_USERNAME}}
DB_PASSWORD: ${{secrets.DB_PASSWORD}}
S3_BUCKET_NAME: ${{secrets.S3_BUCKET_NAME}}
DB_IDENTIFIER: ${{secrets.DB_IDENTIFIER}}
PUBLIC_KEY: ${{secrets.PUBLIC_KEY}}
CERTIFICATE_DOMAIN: ${{secrets.CERTIFICATE_DOMAIN}}
DNS: ${{secrets.DNS}}
GATEWAY_DNS: ${{secrets.GATEWAY_DNS}}
- name: Terraform Plan
run: |
export TF_VAR_DB_USERNAME=$DB_USERNAME
export TF_VAR_DB_PASSWORD=$DB_PASSWORD
export TF_VAR_S3_BUCKET_NAME=$S3_BUCKET_NAME
export TF_VAR_S3_BUCKET_POLICY_ACTIONS=$S3_BUCKET_POLICY_ACTIONS
export TF_VAR_DB_IDENTIFIER=$DB_IDENTIFIER
export TF_VAR_PUBLIC_KEY=$PUBLIC_KEY
export TF_VAR_CERTIFICATE_DOMAIN=$CERTIFICATE_DOMAIN
export TF_VAR_DNS=$DNS
export TF_VAR_GATEWAY_DNS=$GATEWAY_DNS
terraform plan -input=false
env:
DB_USERNAME: ${{secrets.DB_USERNAME}}
DB_PASSWORD: ${{secrets.DB_PASSWORD}}
S3_BUCKET_NAME: ${{secrets.S3_BUCKET_NAME}}
DB_IDENTIFIER: ${{secrets.DB_IDENTIFIER}}
PUBLIC_KEY: ${{secrets.PUBLIC_KEY}}
CERTIFICATE_DOMAIN: ${{secrets.CERTIFICATE_DOMAIN}}
DNS: ${{secrets.DNS}}
GATEWAY_DNS: ${{secrets.GATEWAY_DNS}}
if: ${{ github.event.inputs.terraform_operation == 'plan' }}
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Apply
run: |
export TF_VAR_DB_USERNAME=$DB_USERNAME
export TF_VAR_DB_PASSWORD=$DB_PASSWORD
export TF_VAR_S3_BUCKET_NAME=$S3_BUCKET_NAME
export TF_VAR_S3_BUCKET_POLICY_ACTIONS=$S3_BUCKET_POLICY_ACTIONS
export TF_VAR_DB_IDENTIFIER=$DB_IDENTIFIER
export TF_VAR_PUBLIC_KEY=$PUBLIC_KEY
export TF_VAR_CERTIFICATE_DOMAIN=$CERTIFICATE_DOMAIN
export TF_VAR_DNS=$DNS
export TF_VAR_GATEWAY_DNS=$GATEWAY_DNS
terraform apply -auto-approve
env:
DB_USERNAME: ${{secrets.DB_USERNAME}}
DB_PASSWORD: ${{secrets.DB_PASSWORD}}
S3_BUCKET_NAME: ${{secrets.S3_BUCKET_NAME}}
DB_IDENTIFIER: ${{secrets.DB_IDENTIFIER}}
PUBLIC_KEY: ${{secrets.PUBLIC_KEY}}
CERTIFICATE_DOMAIN: ${{secrets.CERTIFICATE_DOMAIN}}
DNS: ${{secrets.DNS}}
GATEWAY_DNS: ${{secrets.GATEWAY_DNS}}
if: ${{ github.event.inputs.terraform_operation == 'apply' }}
- name: AWS Plan Copy
run: aws s3 cp terraform.tfstate s3://terraform-state-saving/terraform.tfstate
id: copy
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.REGION }}
if: ${{ github.event.inputs.terraform_operation == 'apply' }}
- name: AWS Plan Copy
id: copyfrom
run: aws s3 cp s3://terraform-state-saving/terraform.tfstate terraform.tfstate
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.REGION }}
continue-on-error: true
if: ${{ github.event.inputs.terraform_operation == 'destroy' }}
- name: Terraform Destroy
id: destroy
run: |
export TF_VAR_DB_USERNAME=$DB_USERNAME
export TF_VAR_DB_PASSWORD=$DB_PASSWORD
export TF_VAR_S3_BUCKET_NAME=$S3_BUCKET_NAME
export TF_VAR_S3_BUCKET_POLICY_ACTIONS=$S3_BUCKET_POLICY_ACTIONS
export TF_VAR_DB_IDENTIFIER=$DB_IDENTIFIER
export TF_VAR_PUBLIC_KEY=$PUBLIC_KEY
export TF_VAR_CERTIFICATE_DOMAIN=$CERTIFICATE_DOMAIN
export TF_VAR_DNS=$DNS
export TF_VAR_GATEWAY_DNS=$GATEWAY_DNS
terraform destroy -input=false -auto-approve
env:
DB_USERNAME: ${{secrets.DB_USERNAME}}
DB_PASSWORD: ${{secrets.DB_PASSWORD}}
S3_BUCKET_NAME: ${{secrets.S3_BUCKET_NAME}}
DB_IDENTIFIER: ${{secrets.DB_IDENTIFIER}}
PUBLIC_KEY: ${{secrets.PUBLIC_KEY}}
CERTIFICATE_DOMAIN: ${{secrets.CERTIFICATE_DOMAIN}}
DNS: ${{secrets.DNS}}
GATEWAY_DNS: ${{secrets.GATEWAY_DNS}}
if: ${{ github.event.inputs.terraform_operation == 'destroy' }}
- name: Delete plan file
if: steps.destroy.outcome == 'success'
run: aws s3 rm s3://terraform-state-saving/terraform.tfstate