Merge branch 'main' into ryanwi/container-test-run-options

signalwire · Jun 1, 2024 · 8622ef5 · 8622ef5
2 parents 5e6a45c + 22c2fb5
commit 8622ef5
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 22 deletions.
diff --git a/.github/actions/docker-build-artifacts/action.yml b/.github/actions/docker-build-artifacts/action.yml
@@ -41,17 +41,17 @@ runs:
       shell: bash
       working-directory: ${{ inputs.WORKING_DIRECTORY }}
       run: |
-        env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' docker build \
+        env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' DEPLOYMENT_TOKEN='${{ env.DEPLOYMENT_TOKEN }}' docker build \
           --build-arg BUILD_NUMBER="${GITHUB_RUN_ID}" \
           --build-arg GIT_SHA="$(echo ${GITHUB_SHA} | cut -c1-10)" \
           --build-arg MAINTAINER="${{ inputs.MAINTAINER }}" \
           --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \
           --build-arg REPO_USERNAME="${{ env.REPO_USERNAME }}" \
           --file "${{ inputs.DOCKERFILE }}" \
-          --no-cache \
           --platform linux/${{ inputs.PLATFORM }} \
           --progress=plain \
           --secret id=REPO_PASSWORD,env=REPO_PASSWORD \
+          --secret id=DEPLOYMENT_TOKEN,env=DEPLOYMENT_TOKEN \
           --tag artifacts-${GITHUB_RUN_ID}:${GITHUB_SHA} \
           --ulimit nofile=1024000:1024000 \
         . 2>&1 | tee -a ${{ inputs.BUILD_LOG_FILENAME }}

diff --git a/.github/workflows/ci-docker-build.yml b/.github/workflows/ci-docker-build.yml
@@ -82,7 +82,6 @@ jobs:
           --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \
           --build-arg REPO_USERNAME="${{ secrets.REPO_USERNAME }}" \
           --file "${{ inputs.DOCKERFILE }}" \
-          --no-cache \
           --platform linux/${{ inputs.PLATFORM }} \
           --progress=plain \
           --secret id=REPO_PASSWORD,env=REPO_PASSWORD \

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -259,7 +259,10 @@ jobs:
       PLATFORMS: ${{ inputs.PLATFORMS }}
       CONTAINER_SCAN: ${{ inputs.CONTAINER_SCAN }}
       CONTAINER_TEST: ${{ inputs.CONTAINER_TEST }}
+<<<<<<< HEAD
       CONTAINER_TEST_RUN_OPTIONS: ${{ inputs.CONTAINER_TEST_RUN_OPTIONS }}
+=======
+>>>>>>> main
       CONTAINER_TEST_COMMAND: ${{ inputs.CONTAINER_TEST_COMMAND }}
       RUNNER: ${{ inputs.RUNNER }}
       TAG: ${{ inputs.TAG }}

diff --git a/.github/workflows/cicd-docker-build-and-distribute.yml b/.github/workflows/cicd-docker-build-and-distribute.yml
@@ -87,9 +87,11 @@ on:
         required: true
       USERNAME:
         required: true
+      REPO_USERNAME:
+        required: false
       REPO_PASSWORD:
         required: false
-      REPO_USERNAME:
+      DEPLOYMENT_TOKEN:
         required: false
       GH_BOT_DEPLOY_TOKEN:
         required: true
@@ -135,6 +137,7 @@ jobs:
         env:
           REPO_USERNAME: ${{ secrets.REPO_USERNAME }}
           REPO_PASSWORD: ${{ secrets.REPO_PASSWORD }}
+          DEPLOYMENT_TOKEN: ${{ secrets.DEPLOYMENT_TOKEN }}
 
       - name: Upload build logs
         uses: actions/upload-artifact@v4

diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml
@@ -12,7 +12,7 @@ on:
       TG_VERSION: 
         required: false
         type: string
-        default: '0.57.5'
+        default: '0.58.2'
       TF_VERSION: 
         required: false
         type: string
@@ -57,6 +57,11 @@ on:
         required: true
         type: string
         default: ubuntu-latest
+      AZURE_ENV:
+        required: false
+        description: If Azure is required
+        type: boolean
+        default: false
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -99,6 +104,19 @@ on:
       PRIVATE_SSH_KEY_TFMODULES:
         required: false
         description: A private SSH key to clone the repository
+      AZURE_CLIENT_ID:
+        required: false
+        description: "Azure Client ID"
+      AZURE_TENANT_ID:
+        required: false
+        description: "Azure Tenant ID"
+      AZURE_SUBSCRIPTION_ID:
+        required: false
+        description: "Azure Subscription ID"
+env:
+  ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+  ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+  ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
 jobs:
   terragrunt:
@@ -110,6 +128,14 @@ jobs:
     permissions: write-all
 
     steps:
+      - name: Install dependencies
+        run: |
+          sudo apt update
+          sudo apt install unzip git -yq
+      
+      - name: cleanup old checkout  
+        run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*;
+
       - name: 'Checkout'
         uses: actions/checkout@v4
 
@@ -119,7 +145,7 @@ jobs:
           repository: signalwire/actions-template
           ref: main
           path: actions
-
+        
       - name: Configure AWS Credentials
         uses: aws-actions/[email protected]
         with:
@@ -129,18 +155,16 @@ jobs:
 
       - id: 'auth'
         name: 'Authenticate to Google Cloud'
-        uses: 'google-github-actions/[email protected].2'
+        uses: 'google-github-actions/[email protected].3'
         if: inputs.GCP_ENV == true
         with:
           workload_identity_provider: ${{ inputs.GCP_WIP }}
           project_id: ${{ inputs.PROJECT_ID }}
           service_account: ${{ inputs.GCP_SA }}
 
-      - name: Install dependencies
-        run: sudo apt update ; sudo apt install unzip -yq
-
       - name: Sops Binary Installer
         uses: mdgreenwald/[email protected]
+        if: inputs.TELEPORT_APP != ''
         with:
           version: 3.7.3
 
@@ -170,15 +194,13 @@ jobs:
 
       - uses: opentofu/setup-opentofu@main
 
-      - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*'
-
       - name: Init
         id: init
-        uses: gruntwork-io/terragrunt-action@v2
+        uses: gruntwork-io/terragrunt-action@v1
         with:
           tf_version: ${{ inputs.TF_VERSION }}
           tg_version: ${{ inputs.TG_VERSION }}
-          tg_dir: ${{ inputs.WORKING_DIR }}
+          tg_dir: ./${{ inputs.WORKING_DIR }}
           tg_command: 'run-all init'
         env:
           # configure git to use custom token to clone repository.
@@ -189,7 +211,7 @@ jobs:
             git config --global --list
       
       - name: Validate
-        uses: gruntwork-io/terragrunt-action@v2
+        uses: gruntwork-io/terragrunt-action@v1
         id: validate
         with:
           tf_version: ${{ inputs.TF_VERSION }}
@@ -200,8 +222,9 @@ jobs:
           OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }}
 
       - name: Plan
-        uses: gruntwork-io/terragrunt-action@v2
+        uses: gruntwork-io/terragrunt-action@v1
         id: plan
+        continue-on-error: true
         with:
           tf_version: ${{ inputs.TF_VERSION }}
           tg_version: ${{ inputs.TG_VERSION }}
@@ -223,13 +246,9 @@ jobs:
           OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }}
           OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }}
           OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
+          GITHUB_TOKEN: ${{ github.token }}
           # TF_LOG: trace
 
-      - name: Terraform Plan Status
-        if: steps.plan.outcome == 'failure'
-        run: exit 1
-
       - name: Generate token
         id: generate_token
         uses: tibdex/github-app-token@v2
@@ -250,7 +269,7 @@ jobs:
 
       - name: Apply
         if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-        uses: gruntwork-io/terragrunt-action@v2
+        uses: gruntwork-io/terragrunt-action@v1
         id: apply
         with:
           tf_version: ${{ inputs.TF_VERSION }}
@@ -272,3 +291,6 @@ jobs:
           OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }}
           OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }}
           OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }}
+
+      - run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }}
+        continue-on-error: true