Digitalocean & Cloudflare terraform setup

.github/workflows/terraform.yml

@@ -0,0 +1,152 @@
+name: 'Terraform'
+
+on:
+  push:
+    branches:
+    - master
+  pull_request:
+    branches:
+    - master
+
+env:
+  DIGITALOCEAN_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
+  PRIVATE_SSH_KEY: ${{ secrets.PRIVATE_SSH_KEY }}
+  CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+  CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
+  CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+  CLOUDFLARE_DOMAIN: ${{ secrets.CLOUDFLARE_DOMAIN }}
+  KUBECONFIG: ${{ secrets.KUBECONFIG }}
+
+jobs:
+  terraform-plan:
+    name: 'Terraform Plan'
+    runs-on: ubuntu-latest
+    outputs:
+      tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_wrapper: false
+
+    - name: Write Kubeconfig to Disk
+      run: |
+        mkdir ~/.kube
+        echo "$KUBECONFIG" > ~/.kube/config
+
+    - name: Terraform Init
+      working-directory: ./tf
+      run: terraform init
+
+    - name: Terraform Format
+      working-directory: ./tf
+      run: terraform fmt -check
+
+    - name: Terraform Plan
+      id: tf-plan
+      working-directory: ./tf
+      run: |
+        export exitcode=0
+        terraform plan \
+        -var "do_token=$DIGITALOCEAN_TOKEN" \
+        -var "pvt_key=$PRIVATE_SSH_KEY" \
+        -var "cloudflare_api_token=$CLOUDFLARE_API_TOKEN" \
+        -var "cloudflare_zone_id=$CLOUDFLARE_ZONE_ID" \
+        -var "cloudflare_account_id=$CLOUDFLARE_ACCOUNT_ID" \
+        -var "cloudflare_domain=$CLOUDFLARE_DOMAIN" \
+        -detailed-exitcode \
+        -no-color \
+        -out tfplan \
+        || export exitcode=$?
+
+        echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
+
+        if [ $exitcode -eq 1 ]; then
+          echo Terraform Plan Failed!
+          exit 1
+        else
+          exit 0
+        fi
+
+    - name: Publish Terraform Plan
+      uses: actions/upload-artifact@v4
+      with:
+        name: tfplan
+        path: tfplan
+
+    - name: Create String Output
+      id: tf-plan-string
+      working-directory: ./tf
+      run: |
+        TERRAFORM_PLAN=$(terraform show -no-color tfplan)
+
+        delimiter="$(openssl rand -hex 8)"
+        echo "summary<<${delimiter}" >> $GITHUB_OUTPUT
+        echo "## Terraform Plan Output" >> $GITHUB_OUTPUT
+        echo "<details><summary>Click to expand</summary>" >> $GITHUB_OUTPUT
+        echo "" >> $GITHUB_OUTPUT
+        echo '```terraform' >> $GITHUB_OUTPUT
+        echo "$TERRAFORM_PLAN" >> $GITHUB_OUTPUT
+        echo '```' >> $GITHUB_OUTPUT
+        echo "</details>" >> $GITHUB_OUTPUT
+        echo "${delimiter}" >> $GITHUB_OUTPUT
+
+    - name: Publish Terraform Plan to Task Summary
+      env:
+        SUMMARY: ${{ steps.tf-plan-string.outputs.summary }}
+      run: |
+        echo "$SUMMARY" >> $GITHUB_STEP_SUMMARY
+
+    - name: Push Terraform Output to PR
+      if: github.ref != 'refs/heads/master'
+      uses: actions/github-script@v7
+      env:
+        SUMMARY: "${{ steps.tf-plan-string.outputs.summary }}"
+      with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const body = `${process.env.SUMMARY}`;
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: body
+            })
+
+  terraform-apply:
+    name: 'Terraform Apply'
+    if: github.ref == 'refs/heads/master' && needs.terraform-plan.outputs.tfplanExitCode == 2
+    runs-on: ubuntu-latest
+    needs: [terraform-plan]
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+
+    - name: Terraform Init
+      working-directory: ./tf
+      run: terraform init
+
+    - name: Download Terraform Plan
+      uses: actions/download-artifact@v4
+      with:
+        name: tfplan
+
+    - name: Terraform Apply
+      working-directory: ./tf
+      run: terraform apply  \
+        -var "do_token=$DIGITALOCEAN_TOKEN" \
+        -var "pvt_key=$PRIVATE_SSH_KEY" \
+        -var "cloudflare_api_token=$CLOUDFLARE_API_TOKEN" \
+        -var "cloudflare_zone_id=$CLOUDFLARE_ZONE_ID" \
+        -var "cloudflare_account_id=$CLOUDFLARE_ACCOUNT_ID" \
+        -var "cloudflare_domain=$CLOUDFLARE_DOMAIN" \
+        -auto-approve \
+        tfplan

tf/aws.tf

@@ -0,0 +1,2 @@
+# variable "aws_access_key" {}
+# variable "aws_secret_key" {}