Bootstrapping application_infrastructure for @dev #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Bootstrap infrastructure | |
on: # yamllint disable-line rule:truthy | |
workflow_dispatch: | |
inputs: | |
apply: | |
type: string | |
default: "" | |
description: 'Provide "apply!" if you actually want to apply the terraform plan on the selected environment.' | |
environment: | |
type: choice | |
default: dev | |
description: 'Which environment to target?' | |
required: true | |
options: | |
- dev | |
scope: | |
type: choice | |
default: application_infrastructure | |
description: 'Which infrastructure scope to apply?' | |
required: true | |
options: | |
- github | |
- gke_and_state_bucket | |
- bastion_host | |
- application_infrastructure | |
run-name: Bootstrapping ${{ inputs.scope }} for @${{ inputs.environment }} | |
defaults: | |
run: | |
# This sets the default shell to bash with some debugging related options. | |
# - noprofile: do not source the profile files | |
# - norc: do not source rc files | |
# - e/errexit: exit on error status codes | |
# - u/nounset: exit on unset variables | |
# - o pipefail: pipes inherit error exit codes | |
shell: bash --noprofile --norc -euo pipefail {0} | |
jobs: | |
plan-apply-github: | |
name: Plan and potentially apply for scope github | |
if: ${{ github.event.inputs.environment == 'dev' && github.event.inputs.scope == 'github'}} | |
runs-on: | |
- ubuntu-latest | |
env: | |
TF_WORK_DIR: ./scopes/github_and_co | |
#TF_STATE_FILE: '-> Handled by bucket backend prefix' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
project_id: ${{ vars.GOOGLE_PROJECT_ID }} | |
credentials_json: ${{ secrets.AUTOMATION_SA_KEY_JSON }} | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: terraform init | |
run: terraform -chdir="$TF_WORK_DIR" init | |
- name: terraform plan | |
env: | |
PROJECT_ID: ${{ vars.GOOGLE_PROJECT_ID }} | |
GH_API_TOKEN: ${{ secrets.API_ACCESS_TOKEN }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" plan -input=false -out=tfplan \ | |
-var-file "../../environments/dev.tfvars" \ | |
-var "github_token=$GH_API_TOKEN" \ | |
-var "project_id=$PROJECT_ID" | |
- name: terraform apply | |
if: ${{ github.event.inputs.apply == 'apply!' }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" apply -input=false tfplan | |
terraform output | |
plan-apply-gke: | |
name: Plan and potentially apply for scope gke | |
if: ${{ github.event.inputs.environment == 'dev' && github.event.inputs.scope == 'gke_and_state_bucket'}} | |
runs-on: | |
- ubuntu-latest | |
env: | |
TF_WORK_DIR: ./scopes/gke_and_state_bucket | |
#TF_STATE_FILE: '-> Handled by bucket backend prefix' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
project_id: ${{ vars.GOOGLE_PROJECT_ID }} | |
credentials_json: ${{ secrets.AUTOMATION_SA_KEY_JSON }} | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: terraform init | |
run: terraform -chdir="$TF_WORK_DIR" init | |
- name: terraform plan | |
env: | |
PROJECT_ID: ${{ vars.GOOGLE_PROJECT_ID }} | |
GH_API_TOKEN: ${{ secrets.API_ACCESS_TOKEN }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" plan -input=false -out=tfplan \ | |
-var-file "../../environments/dev.tfvars" \ | |
-var "github_token=$GH_API_TOKEN" \ | |
-var "project_id=$PROJECT_ID" | |
- name: terraform apply | |
if: ${{ github.event.inputs.apply == 'apply!' }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" apply -input=false tfplan | |
terraform output | |
bastion_host: | |
name: Plan and potentially apply for scope bastion host | |
if: ${{ github.event.inputs.environment == 'dev' && github.event.inputs.scope == 'bastion_host'}} | |
runs-on: | |
- ubuntu-latest | |
env: | |
TF_WORK_DIR: ./scopes/ssh-bastion | |
#TF_STATE_FILE: '-> Handled by bucket backend prefix' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
project_id: ${{ vars.GOOGLE_PROJECT_ID }} | |
credentials_json: ${{ secrets.AUTOMATION_SA_KEY_JSON }} | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: terraform init | |
run: terraform -chdir="$TF_WORK_DIR" init | |
- name: terraform plan | |
env: | |
PROJECT_ID: ${{ vars.GOOGLE_PROJECT_ID }} | |
GH_API_TOKEN: ${{ secrets.API_ACCESS_TOKEN }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" plan -input=false -out=tfplan \ | |
-var-file "../../environments/dev.tfvars" \ | |
-var "project_id=$PROJECT_ID" | |
- name: terraform apply | |
if: ${{ github.event.inputs.apply == 'apply!' }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" apply -input=false tfplan | |
terraform output | |
plan-apply-application: | |
name: Plan and potentially apply for scope application infra | |
if: ${{ github.event.inputs.environment == 'dev' && github.event.inputs.scope == 'application_infrastructure'}} | |
runs-on: | |
- ubuntu-latest | |
env: | |
TF_WORK_DIR: ./scopes/application | |
#TF_STATE_FILE: '-> Handled by bucket backend prefix' | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: 'google-github-actions/auth@v2' | |
with: | |
project_id: ${{ vars.GOOGLE_PROJECT_ID }} | |
credentials_json: ${{ secrets.AUTOMATION_SA_KEY_JSON }} | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: terraform init | |
run: terraform -chdir="$TF_WORK_DIR" init | |
- name: terraform plan | |
env: | |
PROJECT_ID: ${{ vars.GOOGLE_PROJECT_ID }} | |
GH_API_TOKEN: ${{ secrets.API_ACCESS_TOKEN }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" plan -input=false -out=tfplan \ | |
-var-file "../../environments/dev.tfvars" \ | |
-var "project_id=$PROJECT_ID" | |
- name: terraform apply | |
if: ${{ github.event.inputs.apply == 'apply!' }} | |
run: | | |
terraform -chdir="$TF_WORK_DIR" apply -input=false tfplan | |
terraform output |