Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9cb07d9cef | |||
| 809d26349b | |||
| 63cc96d602 | |||
| 4db2abc990 | |||
| f7fa3bbd47 | |||
| 2a20398c87 | |||
| 3fe7ea4c36 |
@@ -2,19 +2,28 @@ name: Build
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: almalinux-8
|
||||
container:
|
||||
image: git.query.consul/unkin/almalinux9-buildrunner:latest
|
||||
image: git.query.consul/unkin/almalinux8-runnerdnd:latest
|
||||
options: --privileged
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Install Packages
|
||||
run: |
|
||||
dnf install terraform terragrunt vault jq -y
|
||||
|
||||
- name: Run Terraform Plan
|
||||
env:
|
||||
VAULT_ROLEID: ${{ secrets.TERRAFORM_NOMAD_VAULT_ROLEID }}
|
||||
run: |
|
||||
make plan
|
||||
|
||||
@@ -22,9 +31,9 @@ jobs:
|
||||
run: |
|
||||
find /workspace -type f -name "*.plan"
|
||||
|
||||
#- name: Upload Artifacts
|
||||
# uses: actions/upload-artifact@v3
|
||||
# with:
|
||||
# name: plans
|
||||
# path: /workspace/unkin/rpmbuilder/dist/*/*.rpm
|
||||
- name: Upload Artifacts
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: plans
|
||||
path: /workspace/unkin/terraform-nomad/plans/*.plan
|
||||
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
name: Deploy
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: almalinux-8
|
||||
container:
|
||||
image: git.query.consul/unkin/almalinux8-runnerdnd:latest
|
||||
options: --privileged
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Download Artifacts
|
||||
run: |
|
||||
mkdir -p /workspace/unkin/terraform-nomad/plans
|
||||
export RUN_ID=$((GITHUB_RUN_NUMBER - 1))
|
||||
export PLANS_URL="https://git.query.consul/${GITHUB_REPOSITORY}/actions/runs/${RUN_ID}/artifacts/plans"
|
||||
export MAX_RETRIES=5
|
||||
export RETRY_COUNT=0
|
||||
echo "Attempting to download plans from ${PLANS_URL}"
|
||||
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
|
||||
curl -L -o /workspace/plans.zip "${PLANS_URL}" && break || true
|
||||
echo "Plans file not available yet. Retrying in 10 seconds... ($((RETRY_COUNT + 1))/$MAX_RETRIES)"
|
||||
RETRY_COUNT=$((RETRY_COUNT + 1))
|
||||
sleep 10
|
||||
done
|
||||
if [ ! -f /workspace/plans.zip ]; then
|
||||
echo "Failed to download plans file after $MAX_RETRIES attempts."
|
||||
exit 1
|
||||
fi
|
||||
echo "Plans file downloaded. Extracting..."
|
||||
unzip /workspace/plans.zip -d /workspace/unkin/terraform-nomad/plans
|
||||
echo "Plans file extracted successfully."
|
||||
|
||||
- name: Show Plans
|
||||
run: |
|
||||
find /workspace -type f -name "*.plan"
|
||||
|
||||
- name: Install Packages
|
||||
run: |
|
||||
dnf install terraform terragrunt vault jq -y
|
||||
|
||||
- name: Run Terraform Apply
|
||||
env:
|
||||
VAULT_ROLEID: ${{ secrets.TERRAFORM_NOMAD_VAULT_ROLEID }}
|
||||
run: |
|
||||
make apply
|
||||
@@ -2,3 +2,5 @@
|
||||
.terraform.lock.hcl
|
||||
environments/*/*.tf
|
||||
plans
|
||||
.venv
|
||||
env
|
||||
|
||||
@@ -4,7 +4,14 @@ ENV_DIR = environments/$(ENVIRONMENT)
|
||||
PLAN_DIR = plans
|
||||
PLAN_FILE = ../../$(PLAN_DIR)/$(ENVIRONMENT).plan
|
||||
|
||||
.PHONY: clean
|
||||
.PHONY: clean init plan apply
|
||||
|
||||
define vault_env
|
||||
@export VAULT_ADDR="https://vault.service.consul:8200" && \
|
||||
export VAULT_TOKEN=$$(vault write -field=token auth/approle/login role_id=$$VAULT_ROLEID) && \
|
||||
export $$(vault read -format=json kv/data/service/terraform/nomad | jq -r '.data.data | to_entries[] | "\(.key)=\(.value)"')
|
||||
endef
|
||||
|
||||
clean:
|
||||
@echo "Cleaning Terraform files..."
|
||||
find environments -type f -name '*.tf' -exec rm -f "{}" \; && \
|
||||
@@ -12,15 +19,15 @@ clean:
|
||||
find environments -type d -name '.terraform' -exec rm -rf "{}" \; && \
|
||||
rm -rf plans
|
||||
|
||||
.PHONY: init
|
||||
init:
|
||||
$(call vault_env) && \
|
||||
terragrunt --terragrunt-working-dir $(ENV_DIR) init
|
||||
|
||||
.PHONY: plan
|
||||
plan: init
|
||||
@mkdir -p $(PLAN_DIR)
|
||||
$(call vault_env) && \
|
||||
terragrunt --terragrunt-working-dir $(ENV_DIR) plan -out=$(PLAN_FILE)
|
||||
|
||||
.PHONY: apply
|
||||
apply:
|
||||
$(call vault_env) && \
|
||||
terragrunt --terragrunt-working-dir $(ENV_DIR) apply $(PLAN_FILE)
|
||||
|
||||
Reference in New Issue
Block a user