Terraform Custom Realm Batch Job #325

Summary
Jobs
- terraform
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/terraform-v2-custom.yml at 81e7bf3

	name: Terraform Custom Realm Batch Job

	on:
	workflow_dispatch:
	schedule:
	- cron: 0 12 * * *

	env:
	TF_VERSION: 1.1.4
	KEYCLOAK_V2_DEV_URL: https://dev.sandbox.loginproxy.gov.bc.ca
	KEYCLOAK_V2_TEST_URL: https://test.sandbox.loginproxy.gov.bc.ca
	KEYCLOAK_V2_PROD_URL: https://sandbox.loginproxy.gov.bc.ca
	REALM_REGISTRY_API_URL: ${{ secrets.REALM_REGISTRY_API_URL }}

	jobs:
	terraform:
	runs-on: ubuntu-20.04
	steps:
	- uses: hmarr/debug-action@v3
	- uses: actions/checkout@v4

	- name: Fetch Requests Count
	id: requests
	uses: fjogeleit/http-request-action@v1
	with:
	url: ${{ env.REALM_REGISTRY_API_URL }}/realms/pending
	method: GET
	customHeaders: '{"Authorization": "${{ secrets.REALM_REGISTRY_GH_API_TOKEN }}"}'
	timeout: '60000'

	- name: Get Requests Count
	id: count
	run: \|
	count=$(jq length <<< ${{ steps.requests.outputs.response }})
	echo "$count"
	echo "count=$count" >> $GITHUB_OUTPUT

	- name: Setup Terraform
	if: steps.count.outputs.count != '0'
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ env.TF_VERSION }}

	- name: Terraform Format
	id: fmt
	if: steps.count.outputs.count != '0'
	run: terraform fmt -check
	working-directory: ./terraform-v2-custom

	- name: Terraform Variables
	if: steps.count.outputs.count != '0'
	run: \|
	cat >"config.tf" <<EOF
	terraform {
	backend "s3" {
	bucket = "xgr00q-dev-keycloak"
	key = "keycloak/gold-custom"
	region = "ca-central-1"
	dynamodb_table = "xgr00q-dev-state-locking"
	access_key = "${{ secrets.TF_S3_ACCESS_KEY }}"
	secret_key = "${{ secrets.TF_S3_SECRET_KEY }}"
	role_arn = "${{ secrets.TF_S3_ROLE_ARN }}"
	}
	required_providers {
	keycloak = {
	source = "mrparkers/keycloak"
	version = "4.4.0"
	}
	}
	}
	EOF

	cat >"ci.auto.tfvars" <<EOF
	dev_keycloak_url="${{ env.KEYCLOAK_V2_DEV_URL }}"
	test_keycloak_url="${{ env.KEYCLOAK_V2_TEST_URL }}"
	prod_keycloak_url="${{ env.KEYCLOAK_V2_PROD_URL }}"
	dev_username="${{ secrets.KEYCLOAK_V2_DEV_USERNAME }}"
	dev_password="${{ secrets.KEYCLOAK_V2_DEV_PASSWORD }}"
	test_username="${{ secrets.KEYCLOAK_V2_TEST_USERNAME }}"
	test_password="${{ secrets.KEYCLOAK_V2_TEST_PASSWORD }}"
	prod_username="${{ secrets.KEYCLOAK_V2_PROD_USERNAME }}"
	prod_password="${{ secrets.KEYCLOAK_V2_PROD_PASSWORD }}"
	EOF
	working-directory: ./terraform-v2-custom

	- name: Terraform Init
	if: steps.count.outputs.count != '0'
	id: init
	run: terraform init -upgrade
	working-directory: ./terraform-v2-custom

	- name: Terraform Plan
	if: steps.count.outputs.count != '0'
	id: plan
	run: terraform plan -no-color
	working-directory: ./terraform-v2-custom
	continue-on-error: true

	- name: Update Realm Request TF Plan Status
	if: steps.count.outputs.count != '0'
	uses: fjogeleit/http-request-action@v1
	with:
	url: ${{ env.REALM_REGISTRY_API_URL }}/realms/pending
	method: PUT
	data: "{\"ids\": ${{ steps.requests.outputs.response }}, \"action\": \"tf_plan\", \"success\": \"${{ steps.plan.outcome != 'failure' }}\"}"
	customHeaders: '{"Authorization": "${{ secrets.REALM_REGISTRY_GH_API_TOKEN }}"}'
	timeout: '60000'

	- name: Terraform Plan Status
	if: steps.count.outputs.count != '0' && steps.plan.outcome == 'failure'
	run: exit 1

	- name: Terraform Apply
	if: steps.count.outputs.count != '0' && steps.plan.outcome != 'failure'
	id: apply
	run: terraform apply -auto-approve
	working-directory: ./terraform-v2-custom
	continue-on-error: true

	- uses: bcgov/sso-requests-actions/[email protected]
	if: steps.count.outputs.count != '0' && steps.apply.outcome != 'failure'
	with:
	dev-keycloak-url: ${{ env.KEYCLOAK_V2_DEV_URL }}
	test-keycloak-url: ${{ env.KEYCLOAK_V2_TEST_URL }}
	prod-keycloak-url: ${{ env.KEYCLOAK_V2_PROD_URL }}
	dev-username: ${{ secrets.KEYCLOAK_V2_DEV_USERNAME }}
	test-username: ${{ secrets.KEYCLOAK_V2_TEST_USERNAME }}
	prod-username: ${{ secrets.KEYCLOAK_V2_PROD_USERNAME }}
	dev-password: ${{ secrets.KEYCLOAK_V2_DEV_PASSWORD }}
	test-password: ${{ secrets.KEYCLOAK_V2_TEST_PASSWORD }}
	prod-password: ${{ secrets.KEYCLOAK_V2_PROD_PASSWORD }}
	tasks: create-master-viewer

	- name: Update Realm Request TF Apply Status
	if: steps.count.outputs.count != '0'
	uses: fjogeleit/http-request-action@v1
	with:
	url: ${{ env.REALM_REGISTRY_API_URL }}/realms/pending
	method: PUT
	data: "{\"ids\": ${{ steps.requests.outputs.response }}, \"action\": \"tf_apply\", \"success\": \"${{ steps.apply.outcome != 'failure' }}\"}"
	customHeaders: '{"Authorization": "${{ secrets.REALM_REGISTRY_GH_API_TOKEN }}"}'
	timeout: '60000'

	- name: Terraform Apply Status
	if: steps.count.outputs.count != '0' && steps.apply.outcome == 'failure'
	run: exit 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Terraform Custom Realm Batch Job #325

Workflow file

Terraform Custom Realm Batch Job #325

Jobs

Run details

Workflow file for this run