diff --git a/.github/actions/docker-build-artifacts/action.yml b/.github/actions/docker-build-artifacts/action.yml index e7f3d88a..36046bb4 100644 --- a/.github/actions/docker-build-artifacts/action.yml +++ b/.github/actions/docker-build-artifacts/action.yml @@ -41,17 +41,17 @@ runs: shell: bash working-directory: ${{ inputs.WORKING_DIRECTORY }} run: | - env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' docker build \ + env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' DEPLOYMENT_TOKEN='${{ env.DEPLOYMENT_TOKEN }}' docker build \ --build-arg BUILD_NUMBER="${GITHUB_RUN_ID}" \ --build-arg GIT_SHA="$(echo ${GITHUB_SHA} | cut -c1-10)" \ --build-arg MAINTAINER="${{ inputs.MAINTAINER }}" \ --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \ --build-arg REPO_USERNAME="${{ env.REPO_USERNAME }}" \ --file "${{ inputs.DOCKERFILE }}" \ - --no-cache \ --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ + --secret id=DEPLOYMENT_TOKEN,env=DEPLOYMENT_TOKEN \ --tag artifacts-${GITHUB_RUN_ID}:${GITHUB_SHA} \ --ulimit nofile=1024000:1024000 \ . 2>&1 | tee -a ${{ inputs.BUILD_LOG_FILENAME }} diff --git a/.github/workflows/ci-docker-build.yml b/.github/workflows/ci-docker-build.yml index 2b09bb92..fed91110 100644 --- a/.github/workflows/ci-docker-build.yml +++ b/.github/workflows/ci-docker-build.yml @@ -82,7 +82,6 @@ jobs: --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \ --build-arg REPO_USERNAME="${{ secrets.REPO_USERNAME }}" \ --file "${{ inputs.DOCKERFILE }}" \ - --no-cache \ --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eec76798..5406dd4a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -259,7 +259,10 @@ jobs: PLATFORMS: ${{ inputs.PLATFORMS }} CONTAINER_SCAN: ${{ inputs.CONTAINER_SCAN }} CONTAINER_TEST: ${{ inputs.CONTAINER_TEST }} +<<<<<<< HEAD CONTAINER_TEST_RUN_OPTIONS: ${{ inputs.CONTAINER_TEST_RUN_OPTIONS }} +======= +>>>>>>> main CONTAINER_TEST_COMMAND: ${{ inputs.CONTAINER_TEST_COMMAND }} RUNNER: ${{ inputs.RUNNER }} TAG: ${{ inputs.TAG }} diff --git a/.github/workflows/cicd-docker-build-and-distribute.yml b/.github/workflows/cicd-docker-build-and-distribute.yml index e60fa829..49fc0c32 100644 --- a/.github/workflows/cicd-docker-build-and-distribute.yml +++ b/.github/workflows/cicd-docker-build-and-distribute.yml @@ -87,9 +87,11 @@ on: required: true USERNAME: required: true + REPO_USERNAME: + required: false REPO_PASSWORD: required: false - REPO_USERNAME: + DEPLOYMENT_TOKEN: required: false GH_BOT_DEPLOY_TOKEN: required: true @@ -135,6 +137,7 @@ jobs: env: REPO_USERNAME: ${{ secrets.REPO_USERNAME }} REPO_PASSWORD: ${{ secrets.REPO_PASSWORD }} + DEPLOYMENT_TOKEN: ${{ secrets.DEPLOYMENT_TOKEN }} - name: Upload build logs uses: actions/upload-artifact@v4 diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index f4d40069..f03539db 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -12,7 +12,7 @@ on: TG_VERSION: required: false type: string - default: '0.57.5' + default: '0.58.2' TF_VERSION: required: false type: string @@ -57,6 +57,11 @@ on: required: true type: string default: ubuntu-latest + AZURE_ENV: + required: false + description: If Azure is required + type: boolean + default: false secrets: AWS_ACCESS_KEY_ID: required: true @@ -99,6 +104,19 @@ on: PRIVATE_SSH_KEY_TFMODULES: required: false description: A private SSH key to clone the repository + AZURE_CLIENT_ID: + required: false + description: "Azure Client ID" + AZURE_TENANT_ID: + required: false + description: "Azure Tenant ID" + AZURE_SUBSCRIPTION_ID: + required: false + description: "Azure Subscription ID" +env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} jobs: terragrunt: @@ -110,6 +128,14 @@ jobs: permissions: write-all steps: + - name: Install dependencies + run: | + sudo apt update + sudo apt install unzip git -yq + + - name: cleanup old checkout + run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; + - name: 'Checkout' uses: actions/checkout@v4 @@ -119,7 +145,7 @@ jobs: repository: signalwire/actions-template ref: main path: actions - + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: @@ -129,18 +155,16 @@ jobs: - id: 'auth' name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v2.1.2' + uses: 'google-github-actions/auth@v2.1.3' if: inputs.GCP_ENV == true with: workload_identity_provider: ${{ inputs.GCP_WIP }} project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} - - name: Install dependencies - run: sudo apt update ; sudo apt install unzip -yq - - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 + if: inputs.TELEPORT_APP != '' with: version: 3.7.3 @@ -170,15 +194,13 @@ jobs: - uses: opentofu/setup-opentofu@main - - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' - - name: Init id: init - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{ inputs.WORKING_DIR }} + tg_dir: ./${{ inputs.WORKING_DIR }} tg_command: 'run-all init' env: # configure git to use custom token to clone repository. @@ -189,7 +211,7 @@ jobs: git config --global --list - name: Validate - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: validate with: tf_version: ${{ inputs.TF_VERSION }} @@ -200,8 +222,9 @@ jobs: OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - name: Plan - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: plan + continue-on-error: true with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} @@ -223,13 +246,9 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ github.token }} # TF_LOG: trace - - name: Terraform Plan Status - if: steps.plan.outcome == 'failure' - run: exit 1 - - name: Generate token id: generate_token uses: tibdex/github-app-token@v2 @@ -250,7 +269,7 @@ jobs: - name: Apply if: github.ref == 'refs/heads/main' && github.event_name == 'push' - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: apply with: tf_version: ${{ inputs.TF_VERSION }} @@ -272,3 +291,6 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} + + - run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }} + continue-on-error: true \ No newline at end of file