From f649a2e1517687b04f23de901c014df776b0190f Mon Sep 17 00:00:00 2001 From: Ryan Williams Date: Wed, 1 May 2024 16:26:03 -0700 Subject: [PATCH 01/64] fix: container start test (#275) --- .github/actions/docker/action.yml | 18 +++++++++--------- .github/workflows/ci.yml | 5 +++++ .gitignore | 3 ++- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/.github/actions/docker/action.yml b/.github/actions/docker/action.yml index 8e12c3d0..97aa3ace 100644 --- a/.github/actions/docker/action.yml +++ b/.github/actions/docker/action.yml @@ -124,7 +124,7 @@ runs: - name: Build and export to Docker uses: docker/build-push-action@v5 - if: inputs.PLATFORMS == 'linux/amd64' && inputs.TAG_ONLY == 'false' + if: inputs.TAG_ONLY == 'false' with: load: true tags: | @@ -133,7 +133,8 @@ runs: # cache-to: type=gha,mode=max file: ${{ inputs.FILE }} context: ${{ inputs.CONTEXT }} - platforms: ${{ inputs.PLATFORMS }} + # cannot use multiple platforms with `load`, build a single arch image for validation purposes in CI + platforms: linux/amd64 build-args: ${{ env.BUILD_ARGS }} secrets: ${{ env.DOCKER_SECRETS }} @@ -142,14 +143,13 @@ runs: id: test shell: bash run: | - docker run -d --rm --name test ${{ fromJSON(steps.meta.outputs.json).tags[0] }} ${{ inputs.CONTAINER_TEST_COMMAND }} + docker images + echo "Starting container for image: ${{ steps.meta.outputs.tags }}" + docker run -d --rm --name test ${{ fromJSON(steps.meta.outputs.json).tags[0] }} sleep 20 - docker logs test > logs.txt - EXECUTIONLOG=$(cat logs.txt) - EXECUTIONLOG="${EXECUTIONLOG//'%'/'%25'}" - EXECUTIONLOG="${EXECUTIONLOG//$'\n'/'%0A'}" - EXECUTIONLOG="${EXECUTIONLOG//$'\r'/'%0D'}" - echo "name=container-logs::$EXECUTIONLOG" >> $GITHUB_OUTPUT + docker ps + docker logs test + ${{ inputs.CONTAINER_TEST_COMMAND }} - name: Build and push if: inputs.PUSH == 'true' # && inputs.TAG_ONY == 'false' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index efdbd583..3f39c89d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,6 +91,10 @@ on: type: boolean default: true description: 'Whenever the container should be tested on pr.' + CONTAINER_TEST_COMMAND: + type: string + default: '' + description: 'A custom command to test the docker container.' RUNNER: type: string default: 'ubuntu-latest' @@ -251,6 +255,7 @@ jobs: PLATFORMS: ${{ inputs.PLATFORMS }} CONTAINER_SCAN: ${{ inputs.CONTAINER_SCAN }} CONTAINER_TEST: ${{ inputs.CONTAINER_TEST }} + CONTAINER_TEST_COMMAND: ${{ inputs.CONTAINER_TEST_COMMAND }} RUNNER: ${{ inputs.RUNNER }} TAG: ${{ inputs.TAG }} BUILD_ARGS: ${{ inputs.BUILD_ARGS }} diff --git a/.gitignore b/.gitignore index 5ae19268..e5e8094f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -./sonarscanner \ No newline at end of file +./sonarscanner +.DS_Store From 7f21ffbb94f96df568b075335205eaf17233e3c4 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 13:50:10 -0300 Subject: [PATCH 02/64] update tg action --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index f4d40069..6db1d269 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -174,7 +174,7 @@ jobs: - name: Init id: init - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v2.1.1 with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} From 666b92e863bf65bbd628ec5b21a97d1159ac6f76 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 14:01:30 -0300 Subject: [PATCH 03/64] update tg version --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 6db1d269..7d30fd22 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -12,7 +12,7 @@ on: TG_VERSION: required: false type: string - default: '0.57.5' + default: '0.58.2' TF_VERSION: required: false type: string From b880fa303420e9dbc1562814cce41726ff46157b Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 14:13:32 -0300 Subject: [PATCH 04/64] replace tg --- .github/workflows/iac.yml | 55 +++++++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 16 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 7d30fd22..1a49e00a 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -137,7 +137,26 @@ jobs: service_account: ${{ inputs.GCP_SA }} - name: Install dependencies - run: sudo apt update ; sudo apt install unzip -yq + run: | + + wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.58.2/terragrunt_linux_amd64 + mv terragrunt_linux_amd64 /usr/local/bin/terragrunt + chmod u+x /usr/local/bin/terragrunt + sudo apt-get update -y + sudo apt-get install -y gnupg software-properties-common + wget -O- https://apt.releases.hashicorp.com/gpg | \ + gpg --dearmor | \ + sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null + gpg --no-default-keyring \ + --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \ + --fingerprint + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ + https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \ + sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update -y + sudo apt-get install terraform unzip -yq + + - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 @@ -172,21 +191,25 @@ jobs: - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' - - name: Init - id: init - uses: gruntwork-io/terragrunt-action@v2.1.1 - with: - tf_version: ${{ inputs.TF_VERSION }} - tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{ inputs.WORKING_DIR }} - tg_command: 'run-all init' - env: - # configure git to use custom token to clone repository. - INPUT_PRE_EXEC_1: | - git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - # print git configuration - INPUT_PRE_EXEC_2: | - git config --global --list + # - name: Init + # id: init + # uses: gruntwork-io/terragrunt-action@v2.1.1 + # with: + # tf_version: ${{ inputs.TF_VERSION }} + # tg_version: ${{ inputs.TG_VERSION }} + # tg_dir: ${{ inputs.WORKING_DIR }} + # tg_command: 'run-all init' + # env: + # # configure git to use custom token to clone repository. + # INPUT_PRE_EXEC_1: | + # git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + # # print git configuration + # INPUT_PRE_EXEC_2: | + # git config --global --list + + - run: | + git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + terragrunt run-all init --terragrunt-working-dir ${{ inputs.WORKING_DIR }} - name: Validate uses: gruntwork-io/terragrunt-action@v2 From 51fe0f46fa772ee2a0d69a2c14b722336044cef3 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 14:15:28 -0300 Subject: [PATCH 05/64] replace tg --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 1a49e00a..a90b5ea6 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -138,7 +138,7 @@ jobs: - name: Install dependencies run: | - + sudo apt update ; sudo apt install wget -yq wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.58.2/terragrunt_linux_amd64 mv terragrunt_linux_amd64 /usr/local/bin/terragrunt chmod u+x /usr/local/bin/terragrunt From 532ab72ae688b086ac96deb86feca48110f8d497 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 14:17:00 -0300 Subject: [PATCH 06/64] bump ci --- .github/workflows/iac.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index a90b5ea6..055300d5 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -140,8 +140,8 @@ jobs: run: | sudo apt update ; sudo apt install wget -yq wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.58.2/terragrunt_linux_amd64 - mv terragrunt_linux_amd64 /usr/local/bin/terragrunt - chmod u+x /usr/local/bin/terragrunt + sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt + sudo chmod u+x /usr/local/bin/terragrunt sudo apt-get update -y sudo apt-get install -y gnupg software-properties-common wget -O- https://apt.releases.hashicorp.com/gpg | \ From 99c6b6e64b7adeee1eb9db89f0084cd372d921a8 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 14:20:36 -0300 Subject: [PATCH 07/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 055300d5..37b16f1d 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -209,7 +209,7 @@ jobs: - run: | git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - terragrunt run-all init --terragrunt-working-dir ${{ inputs.WORKING_DIR }} + sudo terragrunt run-all init --terragrunt-working-dir ${{ inputs.WORKING_DIR }} - name: Validate uses: gruntwork-io/terragrunt-action@v2 From 3cbda219deacab40bca0aab4b01df2d1aa41c377 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:06:48 -0300 Subject: [PATCH 08/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 37b16f1d..095e3ec5 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -209,7 +209,7 @@ jobs: - run: | git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - sudo terragrunt run-all init --terragrunt-working-dir ${{ inputs.WORKING_DIR }} + sudo terragrunt run-all init --terragrunt-log-level debug --terragrunt-debug --terragrunt-working-dir ${{ inputs.WORKING_DIR }} - name: Validate uses: gruntwork-io/terragrunt-action@v2 From 11510a73f6fdbbf4494f5a7ee8414c533b3ee6ea Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:17:44 -0300 Subject: [PATCH 09/64] debug --- .github/workflows/iac.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 095e3ec5..b4a07067 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -209,6 +209,7 @@ jobs: - run: | git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + git init sudo terragrunt run-all init --terragrunt-log-level debug --terragrunt-debug --terragrunt-working-dir ${{ inputs.WORKING_DIR }} - name: Validate From dddc03fa2e2fdc07d1857a11aec64c3dcb69b693 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:21:34 -0300 Subject: [PATCH 10/64] debug --- .github/workflows/iac.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index b4a07067..8a1bbf92 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -110,6 +110,8 @@ jobs: permissions: write-all steps: + - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' + - name: 'Checkout' uses: actions/checkout@v4 @@ -189,7 +191,7 @@ jobs: - uses: opentofu/setup-opentofu@main - - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' + # - name: Init # id: init @@ -209,7 +211,7 @@ jobs: - run: | git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - git init + # git init sudo terragrunt run-all init --terragrunt-log-level debug --terragrunt-debug --terragrunt-working-dir ${{ inputs.WORKING_DIR }} - name: Validate From 64097a17499132a055c26d48b77d2c109504c8a9 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:24:17 -0300 Subject: [PATCH 11/64] debug --- .github/workflows/iac.yml | 66 ++++++++++++--------------------------- 1 file changed, 20 insertions(+), 46 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 8a1bbf92..2668def1 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -12,7 +12,7 @@ on: TG_VERSION: required: false type: string - default: '0.58.2' + default: '0.58.5' TF_VERSION: required: false type: string @@ -110,8 +110,9 @@ jobs: permissions: write-all steps: - - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' - + - name: Install dependencies + run: sudo apt update ; sudo apt install unzip -yq + - name: 'Checkout' uses: actions/checkout@v4 @@ -138,28 +139,6 @@ jobs: project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} - - name: Install dependencies - run: | - sudo apt update ; sudo apt install wget -yq - wget https://github.com/gruntwork-io/terragrunt/releases/download/v0.58.2/terragrunt_linux_amd64 - sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt - sudo chmod u+x /usr/local/bin/terragrunt - sudo apt-get update -y - sudo apt-get install -y gnupg software-properties-common - wget -O- https://apt.releases.hashicorp.com/gpg | \ - gpg --dearmor | \ - sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null - gpg --no-default-keyring \ - --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \ - --fingerprint - echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ - https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \ - sudo tee /etc/apt/sources.list.d/hashicorp.list - sudo apt update -y - sudo apt-get install terraform unzip -yq - - - - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 with: @@ -191,28 +170,23 @@ jobs: - uses: opentofu/setup-opentofu@main - + - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' - # - name: Init - # id: init - # uses: gruntwork-io/terragrunt-action@v2.1.1 - # with: - # tf_version: ${{ inputs.TF_VERSION }} - # tg_version: ${{ inputs.TG_VERSION }} - # tg_dir: ${{ inputs.WORKING_DIR }} - # tg_command: 'run-all init' - # env: - # # configure git to use custom token to clone repository. - # INPUT_PRE_EXEC_1: | - # git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - # # print git configuration - # INPUT_PRE_EXEC_2: | - # git config --global --list - - - run: | - git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - # git init - sudo terragrunt run-all init --terragrunt-log-level debug --terragrunt-debug --terragrunt-working-dir ${{ inputs.WORKING_DIR }} + - name: Init + id: init + uses: gruntwork-io/terragrunt-action@v2.1.1 + with: + tf_version: ${{ inputs.TF_VERSION }} + tg_version: ${{ inputs.TG_VERSION }} + tg_dir: ${{ inputs.WORKING_DIR }} + tg_command: 'run-all init' + env: + # configure git to use custom token to clone repository. + INPUT_PRE_EXEC_1: | + git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + # print git configuration + INPUT_PRE_EXEC_2: | + git config --global --list - name: Validate uses: gruntwork-io/terragrunt-action@v2 From 0ab0cfdee961a106af08aca76f5fa155bfa1ac11 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:26:09 -0300 Subject: [PATCH 12/64] debug --- .github/workflows/iac.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 2668def1..00426100 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -12,7 +12,7 @@ on: TG_VERSION: required: false type: string - default: '0.58.5' + default: '0.58.2' TF_VERSION: required: false type: string @@ -112,7 +112,7 @@ jobs: steps: - name: Install dependencies run: sudo apt update ; sudo apt install unzip -yq - + - name: 'Checkout' uses: actions/checkout@v4 From 3ae77b80830f6d76f84fd78bdf3050f5dcf74962 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:29:07 -0300 Subject: [PATCH 13/64] debug --- .github/workflows/iac.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 00426100..f6072c01 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -111,7 +111,9 @@ jobs: steps: - name: Install dependencies - run: sudo apt update ; sudo apt install unzip -yq + run: | + sudo apt update + sudo apt install unzip git -yq - name: 'Checkout' uses: actions/checkout@v4 @@ -170,8 +172,6 @@ jobs: - uses: opentofu/setup-opentofu@main - - run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*' - - name: Init id: init uses: gruntwork-io/terragrunt-action@v2.1.1 From a9a611776069abd37113e2e919df6f099021ae23 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:34:54 -0300 Subject: [PATCH 14/64] debug --- .github/workflows/iac.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index f6072c01..4b13f953 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -272,3 +272,5 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} + + - run: sudo chown -R $USER:$USER /home/github/actions-runner/_work/${{ github.repository }} \ No newline at end of file From 3e425a0aa65e36dead31d702b841b013650073be Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:38:04 -0300 Subject: [PATCH 15/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 4b13f953..f1512595 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -273,4 +273,4 @@ jobs: OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - - run: sudo chown -R $USER:$USER /home/github/actions-runner/_work/${{ github.repository }} \ No newline at end of file + - run: sudo chown -R $USER:$USER /home/github/actions-runner/_work/${{ github.repository.name }} \ No newline at end of file From 9cfefcbfc63da52377e5bea12e0fa2bd68d0a46e Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:40:54 -0300 Subject: [PATCH 16/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index f1512595..e2a221b2 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -273,4 +273,4 @@ jobs: OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - - run: sudo chown -R $USER:$USER /home/github/actions-runner/_work/${{ github.repository.name }} \ No newline at end of file + - run: sudo chown -R $USER:$USER /home/github/_work/${{ github.repository.name }} \ No newline at end of file From 2198c07f33a647d8d59ecc49aef49821af2d9c50 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:44:58 -0300 Subject: [PATCH 17/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index e2a221b2..79d44458 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -273,4 +273,4 @@ jobs: OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - - run: sudo chown -R $USER:$USER /home/github/_work/${{ github.repository.name }} \ No newline at end of file + - run: sudo chown -R $USER:$USER /home/runner/_work/${{ github.event.repository.name }} \ No newline at end of file From dd39cdea72899cc14428aa0acfc8c2dfd936043e Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:53:23 -0300 Subject: [PATCH 18/64] bump ci From 21c0a3977c09432c26f84f254b345cb802be062d Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 16:53:27 -0300 Subject: [PATCH 19/64] debug --- .github/workflows/iac.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 79d44458..772fb9e7 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -107,7 +107,9 @@ jobs: environment: name: ${{ inputs.ENVIRONMENT }} - permissions: write-all + permissions: + contents: 'read' + id-token: 'write' steps: - name: Install dependencies From 534ed8b19a24d1661f120e30a9532560274beeb0 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 17:02:24 -0300 Subject: [PATCH 20/64] debug --- .github/workflows/iac.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 772fb9e7..01067244 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -116,6 +116,9 @@ jobs: run: | sudo apt update sudo apt install unzip git -yq + + - name: cleanup old checkout + run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; - name: 'Checkout' uses: actions/checkout@v4 @@ -275,4 +278,4 @@ jobs: OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - - run: sudo chown -R $USER:$USER /home/runner/_work/${{ github.event.repository.name }} \ No newline at end of file + # - run: sudo chown -R $USER:$USER /home/runner/_work/${{ github.event.repository.name }} \ No newline at end of file From 0e6cc76b696c8fff19d212c9561d81d5e90532fd Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 17:26:32 -0300 Subject: [PATCH 21/64] debug --- .github/workflows/iac.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 01067244..7fdffc1a 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -117,19 +117,19 @@ jobs: sudo apt update sudo apt install unzip git -yq + + - name: 'Checkout' + uses: actions/checkout@v4 + + - name: Checkout actions + uses: actions/checkout@v4 + with: + repository: signalwire/actions-template + ref: main + path: actions + - name: cleanup old checkout run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; - - - name: 'Checkout' - uses: actions/checkout@v4 - - - name: Checkout actions - uses: actions/checkout@v4 - with: - repository: signalwire/actions-template - ref: main - path: actions - - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: From 1923eb1bb65671a015cb934e44729e08b1e71fdc Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 17:28:26 -0300 Subject: [PATCH 22/64] debug --- .github/workflows/iac.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 7fdffc1a..94424449 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -118,15 +118,15 @@ jobs: sudo apt install unzip git -yq - - name: 'Checkout' - uses: actions/checkout@v4 - - - name: Checkout actions - uses: actions/checkout@v4 - with: - repository: signalwire/actions-template - ref: main - path: actions + - name: 'Checkout' + uses: actions/checkout@v4 + + - name: Checkout actions + uses: actions/checkout@v4 + with: + repository: signalwire/actions-template + ref: main + path: actions - name: cleanup old checkout run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; From 3775e3f792f52021d20a23f865126ef0e4b5e8ae Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 17:30:32 -0300 Subject: [PATCH 23/64] debug --- .github/workflows/iac.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 94424449..0ae69270 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -117,6 +117,8 @@ jobs: sudo apt update sudo apt install unzip git -yq + - name: cleanup old checkout + run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; - name: 'Checkout' uses: actions/checkout@v4 @@ -128,8 +130,6 @@ jobs: ref: main path: actions - - name: cleanup old checkout - run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: From 8ce60916bbf763a2f25c5ed335a8667e5793529a Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 17:37:15 -0300 Subject: [PATCH 24/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 0ae69270..e15f001c 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -278,4 +278,4 @@ jobs: OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - # - run: sudo chown -R $USER:$USER /home/runner/_work/${{ github.event.repository.name }} \ No newline at end of file + - run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }} \ No newline at end of file From 6cf4b31d95f11d2784b9740f84210ce5f6c4c8e6 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Fri, 3 May 2024 17:55:56 -0300 Subject: [PATCH 25/64] debug --- .github/workflows/iac.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index e15f001c..e18d3f39 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -207,6 +207,7 @@ jobs: - name: Plan uses: gruntwork-io/terragrunt-action@v2 id: plan + continue-on-error: true with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} @@ -231,10 +232,6 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} # TF_LOG: trace - - name: Terraform Plan Status - if: steps.plan.outcome == 'failure' - run: exit 1 - - name: Generate token id: generate_token uses: tibdex/github-app-token@v2 From 79e03d05332373ee6674bca32fea0921b733359e Mon Sep 17 00:00:00 2001 From: s3rj1k Date: Tue, 7 May 2024 23:25:49 +0200 Subject: [PATCH 26/64] Use cache when building Docker images. --- .github/actions/docker-build-artifacts/action.yml | 1 - .github/workflows/ci-docker-build.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/actions/docker-build-artifacts/action.yml b/.github/actions/docker-build-artifacts/action.yml index e7f3d88a..0d46ebab 100644 --- a/.github/actions/docker-build-artifacts/action.yml +++ b/.github/actions/docker-build-artifacts/action.yml @@ -48,7 +48,6 @@ runs: --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \ --build-arg REPO_USERNAME="${{ env.REPO_USERNAME }}" \ --file "${{ inputs.DOCKERFILE }}" \ - --no-cache \ --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ diff --git a/.github/workflows/ci-docker-build.yml b/.github/workflows/ci-docker-build.yml index 2b09bb92..fed91110 100644 --- a/.github/workflows/ci-docker-build.yml +++ b/.github/workflows/ci-docker-build.yml @@ -82,7 +82,6 @@ jobs: --build-arg REPO_DOMAIN="${{ inputs.REPO_DOMAIN }}" \ --build-arg REPO_USERNAME="${{ secrets.REPO_USERNAME }}" \ --file "${{ inputs.DOCKERFILE }}" \ - --no-cache \ --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ From 9ea56770088fc05a137459becfb168683738a528 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 15:09:18 -0300 Subject: [PATCH 27/64] add azure support --- .github/workflows/iac.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index e18d3f39..601485fd 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -57,6 +57,11 @@ on: required: true type: string default: ubuntu-latest + AZURE_ENV: + required: false + description: If Azure is required + type: boolean + default: false secrets: AWS_ACCESS_KEY_ID: required: true @@ -99,6 +104,15 @@ on: PRIVATE_SSH_KEY_TFMODULES: required: false description: A private SSH key to clone the repository + AZURE_CLIENT_ID: + required: false + description: "Azure Client ID" + AZURE_TENANT_ID: + required: false + description: "Azure Tenant ID" + AZURE_SUBSCRIPTION_ID: + required: false + description: "Azure Subscription ID" jobs: terragrunt: @@ -146,8 +160,17 @@ jobs: project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} + - name: 'Authenticate Azure' + uses: azure/login@v1 + if: inputs.AZURE_ENV == true + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 + if: inputs.TELEPORT_APP != '' with: version: 3.7.3 From b6798744d775525b13c0baaae5ca4b690feba0b6 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 16:08:12 -0300 Subject: [PATCH 28/64] update action --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 601485fd..00757b64 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -161,7 +161,7 @@ jobs: service_account: ${{ inputs.GCP_SA }} - name: 'Authenticate Azure' - uses: azure/login@v1 + uses: azure/login@master if: inputs.AZURE_ENV == true with: client-id: ${{ secrets.AZURE_CLIENT_ID }} From c3b6ec5593a17709c859a92f8c2a77bc6dc8fa26 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 16:10:13 -0300 Subject: [PATCH 29/64] update action --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 00757b64..9568a195 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -161,7 +161,7 @@ jobs: service_account: ${{ inputs.GCP_SA }} - name: 'Authenticate Azure' - uses: azure/login@master + uses: azure/login@v2.1.0 if: inputs.AZURE_ENV == true with: client-id: ${{ secrets.AZURE_CLIENT_ID }} From f1513f9955de1676009d44e2dcdcff06afad49c0 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 16:14:18 -0300 Subject: [PATCH 30/64] update action --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 9568a195..812d250c 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -161,7 +161,7 @@ jobs: service_account: ${{ inputs.GCP_SA }} - name: 'Authenticate Azure' - uses: azure/login@v2.1.0 + uses: azure/login@v1.5.1 if: inputs.AZURE_ENV == true with: client-id: ${{ secrets.AZURE_CLIENT_ID }} From 991d73e0bd48c29ef006359dc38dcb5f30224927 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 16:16:32 -0300 Subject: [PATCH 31/64] deubg --- .github/workflows/iac.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 812d250c..b07217b1 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -298,4 +298,5 @@ jobs: OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - - run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }} \ No newline at end of file + - run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }} + continue-on-error: true \ No newline at end of file From 008306e88ad4bfa88d9437e0c599a6f63a0dbf15 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 16:41:45 -0300 Subject: [PATCH 32/64] deubg --- .github/workflows/iac.yml | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index b07217b1..6a792c99 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -113,7 +113,10 @@ on: AZURE_SUBSCRIPTION_ID: required: false description: "Azure Subscription ID" - +env: + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} jobs: terragrunt: name: 'Terragrunt ${{ inputs.WORKING_DIR}}' @@ -160,13 +163,13 @@ jobs: project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} - - name: 'Authenticate Azure' - uses: azure/login@v1.5.1 - if: inputs.AZURE_ENV == true - with: - client-id: ${{ secrets.AZURE_CLIENT_ID }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # - name: 'Authenticate Azure' + # uses: azure/login@v1.5.1 + # if: inputs.AZURE_ENV == true + # with: + # client-id: ${{ secrets.AZURE_CLIENT_ID }} + # tenant-id: ${{ secrets.AZURE_TENANT_ID }} + # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 From 5f9e90b739de20679069ca6b625d6984b258993d Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Wed, 8 May 2024 17:21:27 -0300 Subject: [PATCH 33/64] setup az client secret --- .github/workflows/iac.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 6a792c99..4e7be545 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -113,10 +113,15 @@ on: AZURE_SUBSCRIPTION_ID: required: false description: "Azure Subscription ID" + AZURE_CLIENT_SECRET: + required: false + description: "Azure Client Secret" env: ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + jobs: terragrunt: name: 'Terragrunt ${{ inputs.WORKING_DIR}}' From 8c212bbce33ac7fabdfe400bac8383a055d0aec3 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Thu, 9 May 2024 17:24:08 -0300 Subject: [PATCH 34/64] remove client sct --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 4e7be545..8a11e414 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -120,7 +120,7 @@ env: ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + # ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} jobs: terragrunt: From 8b30bed4f25b29460dd7e0f0ea2a1e5e6d461525 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Thu, 9 May 2024 17:25:54 -0300 Subject: [PATCH 35/64] debug --- .github/workflows/iac.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 8a11e414..041d9ec5 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -226,6 +226,7 @@ jobs: - name: Validate uses: gruntwork-io/terragrunt-action@v2 + if: steps.init.outputs.status == 'success' id: validate with: tf_version: ${{ inputs.TF_VERSION }} From 6476ac42d05d811d70e09a917254539f0b86d4d2 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Thu, 9 May 2024 17:42:31 -0300 Subject: [PATCH 36/64] setup secret --- .github/workflows/iac.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 041d9ec5..4e7be545 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -120,7 +120,7 @@ env: ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - # ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} jobs: terragrunt: @@ -226,7 +226,6 @@ jobs: - name: Validate uses: gruntwork-io/terragrunt-action@v2 - if: steps.init.outputs.status == 'success' id: validate with: tf_version: ${{ inputs.TF_VERSION }} From 150f1e3b432d7b1e25dcee25f1743a6dfff58d15 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Thu, 9 May 2024 18:04:27 -0300 Subject: [PATCH 37/64] remove secret based auth --- .github/workflows/iac.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 4e7be545..028ad79c 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -113,14 +113,10 @@ on: AZURE_SUBSCRIPTION_ID: required: false description: "Azure Subscription ID" - AZURE_CLIENT_SECRET: - required: false - description: "Azure Client Secret" env: ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} jobs: terragrunt: From 8df50aa59748ce89c6fd3da73f37bbc52d797c34 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 10 May 2024 21:04:57 +0000 Subject: [PATCH 38/64] Update gruntwork-io/terragrunt-action action to v2.1.2 --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 028ad79c..e6fcee58 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -206,7 +206,7 @@ jobs: - name: Init id: init - uses: gruntwork-io/terragrunt-action@v2.1.1 + uses: gruntwork-io/terragrunt-action@v2.1.2 with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} From 3f071bc0bd7c13a67e49a077b0835c322987d920 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:29:18 -0300 Subject: [PATCH 39/64] debug --- .github/workflows/iac.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index e6fcee58..c12b1cf1 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -164,13 +164,7 @@ jobs: project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} - # - name: 'Authenticate Azure' - # uses: azure/login@v1.5.1 - # if: inputs.AZURE_ENV == true - # with: - # client-id: ${{ secrets.AZURE_CLIENT_ID }} - # tenant-id: ${{ secrets.AZURE_TENANT_ID }} - # subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - run: git init - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 From 275a45b02bb772f8196deb4979204b8b2f13c54d Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:32:16 -0300 Subject: [PATCH 40/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index c12b1cf1..521a73d8 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -204,7 +204,7 @@ jobs: with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{ inputs.WORKING_DIR }} + tg_dir: /home/runner/_work/${{ github.event.repository.name }}/${{ inputs.WORKING_DIR }} tg_command: 'run-all init' env: # configure git to use custom token to clone repository. From b4a3f14029aadaf351de35937e5c28f36d23905f Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:39:42 -0300 Subject: [PATCH 41/64] debug --- .github/workflows/iac.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 521a73d8..b5fb86cc 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -164,8 +164,6 @@ jobs: project_id: ${{ inputs.PROJECT_ID }} service_account: ${{ inputs.GCP_SA }} - - run: git init - - name: Sops Binary Installer uses: mdgreenwald/mozilla-sops-action@v1.6.0 if: inputs.TELEPORT_APP != '' @@ -204,7 +202,7 @@ jobs: with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: /home/runner/_work/${{ github.event.repository.name }}/${{ inputs.WORKING_DIR }} + tg_dir: /home/runner/work/infrastructure-lives/${{ github.event.repository.name }}/${{ inputs.WORKING_DIR }} tg_command: 'run-all init' env: # configure git to use custom token to clone repository. From 42a1b567f136acb8a1bc386090465951a9148058 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:43:06 -0300 Subject: [PATCH 42/64] debug --- .github/workflows/iac.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index b5fb86cc..57b83a82 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -138,16 +138,16 @@ jobs: - name: cleanup old checkout run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; - - name: 'Checkout' - uses: actions/checkout@v4 - - name: Checkout actions uses: actions/checkout@v4 with: repository: signalwire/actions-template ref: main path: actions - + + - name: 'Checkout' + uses: actions/checkout@v4 + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: From 4b41ac7dfd3cec48be4aae9d7b8dc63a79b00750 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:43:31 -0300 Subject: [PATCH 43/64] debug --- .github/workflows/iac.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 57b83a82..a5b991fe 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -147,7 +147,7 @@ jobs: - name: 'Checkout' uses: actions/checkout@v4 - + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: @@ -202,7 +202,7 @@ jobs: with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: /home/runner/work/infrastructure-lives/${{ github.event.repository.name }}/${{ inputs.WORKING_DIR }} + tg_dir: ${{ inputs.WORKING_DIR }} tg_command: 'run-all init' env: # configure git to use custom token to clone repository. From e42a02c928994ce10855fcea6a618ef16932d627 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:45:17 -0300 Subject: [PATCH 44/64] debug --- .github/workflows/iac.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index a5b991fe..6c36c07d 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -147,7 +147,7 @@ jobs: - name: 'Checkout' uses: actions/checkout@v4 - + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 with: @@ -202,7 +202,7 @@ jobs: with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{ inputs.WORKING_DIR }} + tg_dir: ${{github.workspace}}/${{ inputs.WORKING_DIR }} tg_command: 'run-all init' env: # configure git to use custom token to clone repository. From 8a9265249b824f3557b1d6455147a34cbb06e77d Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:51:40 -0300 Subject: [PATCH 45/64] debug --- .github/workflows/iac.yml | 41 +++++++++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 6c36c07d..9aac60ea 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -196,21 +196,32 @@ jobs: - uses: opentofu/setup-opentofu@main - - name: Init - id: init - uses: gruntwork-io/terragrunt-action@v2.1.2 - with: - tf_version: ${{ inputs.TF_VERSION }} - tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{github.workspace}}/${{ inputs.WORKING_DIR }} - tg_command: 'run-all init' - env: - # configure git to use custom token to clone repository. - INPUT_PRE_EXEC_1: | - git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - # print git configuration - INPUT_PRE_EXEC_2: | - git config --global --list + - name: Update Homebrew + run: | + brew update --preinstall + cat "$(brew --repository)/Library/Taps/homebrew/homebrew-core/Formula/foo.rb" > .github/brew-formulae + + - run: | + brew install terragrunt + brew install terraform + git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + cd ${{ inputs.WORKING_DIR }} + terragrunt run-all init + # - name: Init + # id: init + # uses: gruntwork-io/terragrunt-action@v2.1.2 + # with: + # tf_version: ${{ inputs.TF_VERSION }} + # tg_version: ${{ inputs.TG_VERSION }} + # tg_dir: ${{github.workspace}}/${{ inputs.WORKING_DIR }} + # tg_command: 'run-all init' + # env: + # # configure git to use custom token to clone repository. + # INPUT_PRE_EXEC_1: | + # git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + # # print git configuration + # INPUT_PRE_EXEC_2: | + # git config --global --list - name: Validate uses: gruntwork-io/terragrunt-action@v2 From 801856bc824a30094948ec8074fc2a38c9f612eb Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:53:10 -0300 Subject: [PATCH 46/64] debug --- .github/workflows/iac.yml | 41 ++++++++++++++------------------------- 1 file changed, 15 insertions(+), 26 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 9aac60ea..a3220f58 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -196,32 +196,21 @@ jobs: - uses: opentofu/setup-opentofu@main - - name: Update Homebrew - run: | - brew update --preinstall - cat "$(brew --repository)/Library/Taps/homebrew/homebrew-core/Formula/foo.rb" > .github/brew-formulae - - - run: | - brew install terragrunt - brew install terraform - git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - cd ${{ inputs.WORKING_DIR }} - terragrunt run-all init - # - name: Init - # id: init - # uses: gruntwork-io/terragrunt-action@v2.1.2 - # with: - # tf_version: ${{ inputs.TF_VERSION }} - # tg_version: ${{ inputs.TG_VERSION }} - # tg_dir: ${{github.workspace}}/${{ inputs.WORKING_DIR }} - # tg_command: 'run-all init' - # env: - # # configure git to use custom token to clone repository. - # INPUT_PRE_EXEC_1: | - # git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" - # # print git configuration - # INPUT_PRE_EXEC_2: | - # git config --global --list + - name: Init + id: init + uses: gruntwork-io/terragrunt-action@v2 + with: + tf_version: ${{ inputs.TF_VERSION }} + tg_version: ${{ inputs.TG_VERSION }} + tg_dir: ./${{ inputs.WORKING_DIR }} + tg_command: 'run-all init' + env: + # configure git to use custom token to clone repository. + INPUT_PRE_EXEC_1: | + git config --global url."https://user:${{secrets.PAT_GIT}}@github.com".insteadOf "https://github.com" + # print git configuration + INPUT_PRE_EXEC_2: | + git config --global --list - name: Validate uses: gruntwork-io/terragrunt-action@v2 From d9dab6fc6a56dc8ae6adc5d2c1eb62df25bb6eae Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:54:47 -0300 Subject: [PATCH 47/64] debug --- .github/workflows/iac.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index a3220f58..25abeaf1 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -194,16 +194,17 @@ jobs: env: VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} - - uses: opentofu/setup-opentofu@main + # - uses: opentofu/setup-opentofu@main - name: Init id: init uses: gruntwork-io/terragrunt-action@v2 with: - tf_version: ${{ inputs.TF_VERSION }} + tofu_version: 1.6.0 tg_version: ${{ inputs.TG_VERSION }} tg_dir: ./${{ inputs.WORKING_DIR }} tg_command: 'run-all init' + tg_add_approve: true env: # configure git to use custom token to clone repository. INPUT_PRE_EXEC_1: | From 31e11420e476712ee80828dba551d0234167fb7e Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:56:59 -0300 Subject: [PATCH 48/64] debug --- .github/workflows/iac.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 25abeaf1..bd867ab6 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -147,6 +147,8 @@ jobs: - name: 'Checkout' uses: actions/checkout@v4 + with: + clean: false - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 From feb33220a45d0e8639eeb92bf5f56a50c1e20acc Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 13:58:41 -0300 Subject: [PATCH 49/64] debug --- .github/workflows/iac.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index bd867ab6..939bd059 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -197,6 +197,9 @@ jobs: VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} # - uses: opentofu/setup-opentofu@main + - run: | + ls -la + ls -la ${{ inputs.WORKING_DIR }} - name: Init id: init From 2b0f11e610cdce828d9e712a027adaf8eb6d7067 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 14:00:05 -0300 Subject: [PATCH 50/64] debug --- .github/workflows/iac.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 939bd059..5e1da193 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -200,6 +200,7 @@ jobs: - run: | ls -la ls -la ${{ inputs.WORKING_DIR }} + pwd - name: Init id: init From d511a6674089d36b38aeb49cd7258ccdf4547496 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 14:02:13 -0300 Subject: [PATCH 51/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 5e1da193..4f8507bc 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -208,7 +208,7 @@ jobs: with: tofu_version: 1.6.0 tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ./${{ inputs.WORKING_DIR }} + tg_dir: ${{ inputs.WORKING_DIR }} tg_command: 'run-all init' tg_add_approve: true env: From 7334e29b9b738565059704b2a4f406e7c0966c9a Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 14:05:42 -0300 Subject: [PATCH 52/64] debug --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 4f8507bc..252c2322 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -204,7 +204,7 @@ jobs: - name: Init id: init - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 with: tofu_version: 1.6.0 tg_version: ${{ inputs.TG_VERSION }} From 3ca5a666212d62a1b21b815423a5dc24f6f569db Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 14:07:27 -0300 Subject: [PATCH 53/64] debug --- .github/workflows/iac.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 252c2322..ea31c326 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -199,18 +199,16 @@ jobs: # - uses: opentofu/setup-opentofu@main - run: | ls -la - ls -la ${{ inputs.WORKING_DIR }} - pwd + ${{ inputs.WORKING_DIR }} - name: Init id: init - uses: gruntwork-io/terragrunt-action@v1 + uses: gruntwork-io/terragrunt-action@v2 with: - tofu_version: 1.6.0 + tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} - tg_dir: ${{ inputs.WORKING_DIR }} + tg_dir: ./${{ inputs.WORKING_DIR }} tg_command: 'run-all init' - tg_add_approve: true env: # configure git to use custom token to clone repository. INPUT_PRE_EXEC_1: | From 40189e2cd86507e730818bbed213d7c076cbac73 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 14:08:46 -0300 Subject: [PATCH 54/64] debug --- .github/workflows/iac.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index ea31c326..beb5f367 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -196,14 +196,14 @@ jobs: env: VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} - # - uses: opentofu/setup-opentofu@main - - run: | - ls -la - ${{ inputs.WORKING_DIR }} + - uses: opentofu/setup-opentofu@main + # - run: | + # ls -la + # ${{ inputs.WORKING_DIR }} - name: Init id: init - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 with: tf_version: ${{ inputs.TF_VERSION }} tg_version: ${{ inputs.TG_VERSION }} From e474031f8ef78e50382a3935703df71a0592f48c Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 14:12:07 -0300 Subject: [PATCH 55/64] debug --- .github/workflows/iac.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index beb5f367..cba4374c 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -218,7 +218,7 @@ jobs: git config --global --list - name: Validate - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: validate with: tf_version: ${{ inputs.TF_VERSION }} @@ -229,7 +229,7 @@ jobs: OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - name: Plan - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: plan continue-on-error: true with: @@ -276,7 +276,7 @@ jobs: - name: Apply if: github.ref == 'refs/heads/main' && github.event_name == 'push' - uses: gruntwork-io/terragrunt-action@v2 + uses: gruntwork-io/terragrunt-action@v1 id: apply with: tf_version: ${{ inputs.TF_VERSION }} From 46c8369cf831f0797b79b580c37c168a240710e5 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:01:15 -0300 Subject: [PATCH 56/64] revert changes --- .github/workflows/iac.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index cba4374c..a0609106 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -138,17 +138,15 @@ jobs: - name: cleanup old checkout run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*; + - name: 'Checkout' + uses: actions/checkout@v4 + - name: Checkout actions uses: actions/checkout@v4 with: repository: signalwire/actions-template ref: main path: actions - - - name: 'Checkout' - uses: actions/checkout@v4 - with: - clean: false - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4.0.2 @@ -197,9 +195,6 @@ jobs: VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} - uses: opentofu/setup-opentofu@main - # - run: | - # ls -la - # ${{ inputs.WORKING_DIR }} - name: Init id: init From 26a986427acb3fbcbb11f6199d92491febcaaa06 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:25:50 -0300 Subject: [PATCH 57/64] add comment --- .github/workflows/iac.yml | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index a0609106..95cb911a 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -248,9 +248,34 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # TF_LOG: trace + - name: Comment PR + uses: actions/github-script@v6 + if: always() + with: + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `### *${{ github.workflow }}* Action ([Run #${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})) Summary 🚀 + #### Target directory: ${{ inputs.WORKING_DIR }} + #### Terragrunt Format and Style 🖌️ ${{ steps.validate.outcome }} + #### Terraform Plan 📖 **${{ steps.plan.outcome }}** + +
Show Plan + + \`\`\`\n + ${{ steps.plan.outputs.tg_action_output }} + \`\`\` + +
+ + Pusher: *@${{ github.actor }}*, Action: *${{ github.event_name }}*` + }) + - name: Generate token id: generate_token uses: tibdex/github-app-token@v2 From 37e495ea2430ef6eafedd9ff3bb7f0eec37366e7 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:28:37 -0300 Subject: [PATCH 58/64] debug comment --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 95cb911a..2e88a3fb 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -248,7 +248,7 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # TF_LOG: trace - name: Comment PR From 809d004029410d0961fe69b89ba9bd7a457facde Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:32:22 -0300 Subject: [PATCH 59/64] debug comment --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 2e88a3fb..a1c8308a 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -248,7 +248,7 @@ jobs: OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }} OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }} OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }} - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} # TF_LOG: trace - name: Comment PR From 957f9b2dcfdab3af2a5905ceaded3964252196cf Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:46:36 -0300 Subject: [PATCH 60/64] debug comment --- .github/workflows/iac.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index a1c8308a..5a1a8ce6 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -126,8 +126,7 @@ jobs: name: ${{ inputs.ENVIRONMENT }} permissions: - contents: 'read' - id-token: 'write' + permissions: write-all steps: - name: Install dependencies From 51a05c5ac5c09a02046d56bfd0ce7051204c6af8 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:47:35 -0300 Subject: [PATCH 61/64] debug comment --- .github/workflows/iac.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 5a1a8ce6..452c0405 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -125,8 +125,7 @@ jobs: environment: name: ${{ inputs.ENVIRONMENT }} - permissions: - permissions: write-all + permissions: write-all steps: - name: Install dependencies From e5a733f36c35b1ceee87f67f19ff0aeaadcfba56 Mon Sep 17 00:00:00 2001 From: Lucas Mellos Carlos Date: Mon, 13 May 2024 17:53:03 -0300 Subject: [PATCH 62/64] fix comment + azure deploys --- .github/workflows/iac.yml | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 452c0405..4710c905 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -249,31 +249,6 @@ jobs: GITHUB_TOKEN: ${{ github.token }} # TF_LOG: trace - - name: Comment PR - uses: actions/github-script@v6 - if: always() - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: `### *${{ github.workflow }}* Action ([Run #${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})) Summary 🚀 - #### Target directory: ${{ inputs.WORKING_DIR }} - #### Terragrunt Format and Style 🖌️ ${{ steps.validate.outcome }} - #### Terraform Plan 📖 **${{ steps.plan.outcome }}** - -
Show Plan - - \`\`\`\n - ${{ steps.plan.outputs.tg_action_output }} - \`\`\` - -
- - Pusher: *@${{ github.actor }}*, Action: *${{ github.event_name }}*` - }) - - name: Generate token id: generate_token uses: tibdex/github-app-token@v2 From 0a1dde970fe12274074176316669f60f9f1b0033 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 22:10:45 +0000 Subject: [PATCH 63/64] Update google-github-actions/auth action to v2.1.3 --- .github/workflows/iac.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/iac.yml b/.github/workflows/iac.yml index 4710c905..f03539db 100644 --- a/.github/workflows/iac.yml +++ b/.github/workflows/iac.yml @@ -155,7 +155,7 @@ jobs: - id: 'auth' name: 'Authenticate to Google Cloud' - uses: 'google-github-actions/auth@v2.1.2' + uses: 'google-github-actions/auth@v2.1.3' if: inputs.GCP_ENV == true with: workload_identity_provider: ${{ inputs.GCP_WIP }} From 5cdf35b9f61e5886627bafc2c9e0da2ffc5006d2 Mon Sep 17 00:00:00 2001 From: s3rj1k Date: Thu, 23 May 2024 21:29:18 +0200 Subject: [PATCH 64/64] [GHA] Add support for arbitrary `DEPLOYMENT_TOKEN`. --- .github/actions/docker-build-artifacts/action.yml | 3 ++- .github/workflows/cicd-docker-build-and-distribute.yml | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/actions/docker-build-artifacts/action.yml b/.github/actions/docker-build-artifacts/action.yml index 0d46ebab..36046bb4 100644 --- a/.github/actions/docker-build-artifacts/action.yml +++ b/.github/actions/docker-build-artifacts/action.yml @@ -41,7 +41,7 @@ runs: shell: bash working-directory: ${{ inputs.WORKING_DIRECTORY }} run: | - env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' docker build \ + env REPO_PASSWORD='${{ env.REPO_PASSWORD }}' DEPLOYMENT_TOKEN='${{ env.DEPLOYMENT_TOKEN }}' docker build \ --build-arg BUILD_NUMBER="${GITHUB_RUN_ID}" \ --build-arg GIT_SHA="$(echo ${GITHUB_SHA} | cut -c1-10)" \ --build-arg MAINTAINER="${{ inputs.MAINTAINER }}" \ @@ -51,6 +51,7 @@ runs: --platform linux/${{ inputs.PLATFORM }} \ --progress=plain \ --secret id=REPO_PASSWORD,env=REPO_PASSWORD \ + --secret id=DEPLOYMENT_TOKEN,env=DEPLOYMENT_TOKEN \ --tag artifacts-${GITHUB_RUN_ID}:${GITHUB_SHA} \ --ulimit nofile=1024000:1024000 \ . 2>&1 | tee -a ${{ inputs.BUILD_LOG_FILENAME }} diff --git a/.github/workflows/cicd-docker-build-and-distribute.yml b/.github/workflows/cicd-docker-build-and-distribute.yml index e60fa829..49fc0c32 100644 --- a/.github/workflows/cicd-docker-build-and-distribute.yml +++ b/.github/workflows/cicd-docker-build-and-distribute.yml @@ -87,9 +87,11 @@ on: required: true USERNAME: required: true + REPO_USERNAME: + required: false REPO_PASSWORD: required: false - REPO_USERNAME: + DEPLOYMENT_TOKEN: required: false GH_BOT_DEPLOY_TOKEN: required: true @@ -135,6 +137,7 @@ jobs: env: REPO_USERNAME: ${{ secrets.REPO_USERNAME }} REPO_PASSWORD: ${{ secrets.REPO_PASSWORD }} + DEPLOYMENT_TOKEN: ${{ secrets.DEPLOYMENT_TOKEN }} - name: Upload build logs uses: actions/upload-artifact@v4