Skip to content

Merge branch 'dev' of https://github.com/imperva/dsfkit into COUNT-24… #119

Merge branch 'dev' of https://github.com/imperva/dsfkit into COUNT-24…

Merge branch 'dev' of https://github.com/imperva/dsfkit into COUNT-24… #119

Workflow file for this run

name: 'Plan CLI'
on:
workflow_call:
inputs:
use_modules_from_terraform_registry:
required: true
type: boolean
explicit_ref:
required: true
type: string
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
AWS_ACCESS_KEY_ID_STAGE:
required: true
AWS_SECRET_ACCESS_KEY_STAGE:
required: true
ARM_CLIENT_SECRET:
required: true
DAM_LICENSE:
required: true
workflow_dispatch:
inputs:
use_modules_from_terraform_registry:
type: boolean
required: false
push:
branches:
- '*'
- '!master'
- '!dev'
paths-ignore:
- '.github/**'
- 'modules/aws/sonar-upgrader/**'
- 'examples/aws/sonar_upgrade/*'
- 'installer_machine/*'
- 'dsf_instances_permissions_samples/*'
- 'permissions_samples/*'
- 'security_groups_samples/*'
permissions:
contents: read
jobs:
terraform:
# name: 'Terraform'
runs-on: ubuntu-latest
environment: test
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
strategy:
fail-fast: false
matrix:
include:
- name: Azure - POC - DSF
example: ./examples/azure/poc/dsf_deployment
terraformvars: |
resource_group_location = "East US"
tarball_location = {
az_resource_group = "dummy-resource-group"
az_storage_account = "dummy-torage-account"
az_container = "dummy-container"
az_blob = "dummy-blob"
}
dam_agent_installation_location = {
az_resource_group = "dummy-resource-group"
az_storage_account = "dummy-torage-account"
az_container = "dummy-container"
az_blob = "dummy-blob"
}
dam_license="license.mprv"
dra_admin_image_details = {
resource_group_name = "dummy-resource-group"
image_id = "dummy-admin-image-id"
}
dra_analytics_image_details = {
resource_group_name = "dummy-resource-group"
image_id = "dummy-analytics-image-id"
}
- name: AWS - POC - DSF
example: ./examples/aws/poc/dsf_deployment
terraformvars: |
dam_license="license.mprv"
- name: AWS - POC - Sonar Basic
example: ./examples/aws/poc/sonar_basic_deployment
- name: AWS - POC - Sonar HADR
example: ./examples/aws/poc/sonar_hadr_deployment
- name: AWS - Installation - Sonar Single Account
example: ./examples/aws/installation/sonar_single_account_deployment
- name: AWS - Installation - Sonar Multi Account
example: ./examples/aws/installation/sonar_multi_account_deployment
- name: AWS - Installation - DSF Single Account
example: ./examples/aws/installation/dsf_single_account_deployment
name: '${{ matrix.name }}'
env:
TF_CLI_ARGS: "-no-color"
TF_INPUT: 0
AWS_REGION: us-west-2
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ vars.ARM_CLIENT_ID }}
ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
steps:
- name: Pick ref
run: |
if [ -z "${{ inputs.explicit_ref }}" ]; then
echo REF=${{ github.ref }} >> $GITHUB_ENV;
else
echo REF=${{ inputs.explicit_ref }} >> $GITHUB_ENV;
fi
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ env.REF }}
- name: Change the modules source to local
if: ${{ inputs.use_modules_from_terraform_registry == false }}
run: |
find ${{ matrix.example }} -type f -exec sed -i -f sed.expr {} \;
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ~1.7.0
- name: Create License File
env:
MY_SECRET: ${{ secrets.DAM_LICENSE }}
run: |
echo "${{ secrets.DAM_LICENSE }}" | base64 -d > ${{ matrix.example }}/license.mprv
- name: Configure AWS credentials - innodev
if: contains(matrix.name, 'single account') || contains(matrix.name, 'multi account')
run: |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile innodev
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile innodev
- name: Configure AWS credentials - innostage
if: contains(matrix.name, 'single account') || contains(matrix.name, 'multi account')
run: |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} --profile innostage
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} --profile innostage
- name: Get AWS credentials
run: |
aws sts get-caller-identity
- name: Create tfvars file (1)
if: matrix.terraformvars
run: |
echo '${{ matrix.terraformvars }}' >> "${{ matrix.example }}/terraform.tfvars"
- name: Create tfvars File (2)
if: matrix.name == 'AWS - Installation - Sonar Single Account'
run: |
cat << EOF > "${{ matrix.example }}/terraform.tfvars"
${{ vars.TFVAR_PARAMETERS_SINGLE_ACCOUNT_AUTOMATION_V1 }}
EOF
- name: Create tfvars File (3)
if: matrix.name == 'AWS - Installation - Sonar Multi Account'
run: |
cat << EOF > "${{ matrix.example }}/terraform.tfvars"
${{ vars.TFVAR_PARAMETERS_MULTI_ACCOUNT_AUTOMATION_V1 }}
EOF
- name: Create tfvars File (4)
if: matrix.name == 'AWS - Installation - DSF Single Account'
run: |
cat << EOF > "${{ matrix.example }}/terraform.tfvars"
${{ vars.TFVAR_PARAMETERS_DSF_SINGLE_ACCOUNT_AUTOMATION_PRIVATE_SUBNETS_V1 }}
EOF
- name: View The Vars
run: cat ${{ matrix.example }}/terraform.tfvars || true
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
run: terraform -chdir=${{ matrix.example }} init
- name: Terraform Validate
run: terraform -chdir=${{ matrix.example }} validate
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
run: terraform fmt -check
continue-on-error: true
# Generates an execution plan for Terraform
- name: Terraform Plan
run: terraform -chdir=${{ matrix.example }} plan