Marketplace-Example #89
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I have created public github marketplace actions (plan and apply) as well that can be used as shown in this example. | |
| #Plan: https://github.com/marketplace/actions/terraform-plan-for-azure | |
| #Apply: https://github.com/marketplace/actions/terraform-apply-for-azure | |
| name: "Marketplace-Example" | |
| on: | |
| workflow_dispatch: | |
| #pull_request: | |
| # branches: | |
| # - master | |
| jobs: | |
| ##### PLAN A DEPLOYMENT ##### | |
| Plan_Dev_Deploy: | |
| runs-on: ubuntu-latest | |
| permissions: #Permission is required if enabling TFSEC == true | |
| actions: read | |
| contents: read | |
| security-events: write | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| environment: null #(Optional) If using GitHub Environments | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Dev TF Plan Deploy | |
| uses: Pwd9000-ML/[email protected] | |
| with: | |
| path: 01_Foundation ## (Optional) Specify path TF module relevant to repo root. Default="." | |
| plan_mode: deploy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy" | |
| tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest" | |
| tf_vars_file: config-dev.tfvars ## (Required) Specifies Terraform TFVARS file name inside module path. | |
| tf_key: foundation-dev ## (Required) AZ backend - Specifies name that will be given to terraform state file and plan artifact | |
| enable_TFSEC: true ## (Optional) Enable TFSEC IaC scans (Private repo requires GitHub enterprise). Default=false | |
| az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc | |
| az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc | |
| az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files | |
| arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID | |
| arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret | |
| arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID | |
| arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID | |
| github_token: ${{ secrets.GITHUB_TOKEN }} ## (Required) Needed to comment output on PR's. ${{ secrets.GITHUB_TOKEN }} already has permissions | |
| ##### APPLY DEPLOY ##### | |
| Apply_Dev_Deploy: | |
| needs: Plan_Dev_Deploy | |
| runs-on: ubuntu-latest | |
| environment: Development #(Optional) If using GitHub Environments | |
| steps: | |
| - name: Dev TF Deploy | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| uses: Pwd9000-ML/[email protected] | |
| with: | |
| plan_mode: deploy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy" | |
| tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest" | |
| tf_key: foundation-dev ## (Required) Specifies name of the terraform state file and plan artifact to download | |
| az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc | |
| az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc | |
| az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files | |
| arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID | |
| arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret | |
| arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID | |
| arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID | |
| ##### PLAN A DESTROY ##### | |
| Plan_Dev_Destroy: | |
| needs: Apply_Dev_Deploy | |
| runs-on: ubuntu-latest | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| environment: null #(Optional) If using GitHub Environments | |
| steps: | |
| - name: Checkout | |
| uses: actions/[email protected] | |
| - name: Dev TF Plan Destroy | |
| uses: Pwd9000-ML/[email protected] | |
| with: | |
| path: 01_Foundation ## (Optional) Specify path TF module relevant to repo root. Default="." | |
| plan_mode: destroy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy" | |
| tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest" | |
| tf_vars_file: config-dev.tfvars ## (Required) Specifies Terraform TFVARS file name inside module path. | |
| tf_key: foundation-dev ## (Required) AZ backend - Specifies name that will be given to terraform state file and plan artifact | |
| enable_TFSEC: false ## (Optional) Enable TFSEC IaC scans (Private repo requires GitHub enterprise). Default=false | |
| az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc | |
| az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc | |
| az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files | |
| arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID | |
| arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret | |
| arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID | |
| arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID | |
| github_token: ${{ secrets.GITHUB_TOKEN }} ## (Required) Needed to comment output on PR's. ${{ secrets.GITHUB_TOKEN }} already has permissions | |
| ##### APPLY DESTROY ##### | |
| Apply_Dev_Destroy: | |
| needs: Plan_Dev_Destroy | |
| runs-on: ubuntu-latest | |
| environment: Development #(Optional) If using GitHub Environments | |
| steps: | |
| - name: Dev TF Destroy | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| uses: Pwd9000-ML/[email protected] | |
| with: | |
| plan_mode: destroy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy" | |
| tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest" | |
| tf_key: foundation-dev ## (Required) Specifies name of the terraform state file and plan artifact to download | |
| az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc | |
| az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc | |
| az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files | |
| arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID | |
| arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret | |
| arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID | |
| arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID |