59 lines (56 loc) · 2.52 KB
/
terraform-plan-env.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
---
name: Terraform plan (single env)
on:
workflow_call:
inputs:
environment:
required: true
type: string
jobs:
plan:
name: plan ( ${{ inputs.environment }} )
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
env:
KEY: "terraform.tfstate.${{ inputs.environment }}"
TF_VAR_cf_user: ${{ secrets.CF_USERNAME }}
TF_VAR_cf_password: ${{ secrets.CF_PASSWORD }}
TF_VAR_new_relic_license_key: ${{ secrets.NEW_RELIC_LICENSE_KEY }}
TF_VAR_pgrst_jwt_secret: ${{ secrets.PGRST_JWT_SECRET }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TERRAFORM_PRE_RUN: |
apt-get update
apt-get install -y zip python
# Install CF CLI
mkdir -p /etc/apt/keyrings/
wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | gpg --dearmor | tee /etc/apt/trusted.gpg.d/cf.gpg > /dev/null
echo "deb https://packages.cloudfoundry.org/debian stable main" | tee /etc/apt/sources.list.d/cloudfoundry-cli.list
apt-get update && DEBIAN_FRONTEND=noninteractive
apt-get install --assume-yes cf8-cli
cf api api.fr.cloud.gov
cf auth ${{ secrets.CF_USERNAME }} ${{ secrets.CF_PASSWORD }}
TF_VAR_postgrest_image: 'ghcr.io/gsa-tts/fac/postgrest:latest'
TF_VAR_clamav_image: 'ghcr.io/gsa-tts/fac/clamav:latest'
steps:
- name: Checkout
uses: actions/checkout@v4
# Plan output will be posted as a comment on the PR to aid with review.
# The post includes a link to the workflow run where the plan was
# generated, and the same comment will be updated each time a new commit
# on the PR branch triggers a re-plan.
- name: terraform plan ( ${{ inputs.environment }} )
uses: dflook/terraform-plan@v1
with:
path: terraform/${{ inputs.environment }}
label: ${{ inputs.environment }}
# These secrets grant access to the bucket with our remote Terraform
# state. They're located in the "Secrets > Actions > Repository
# Secrets" section of the repository settings, and are the same across
# all environments.
backend_config: >
access_key=${{ secrets.terraform_AWS_ACCESS_KEY_ID }},
secret_key=${{ secrets.terraform_AWS_SECRET_ACCESS_KEY }}
endpoint=https://${{ secrets.terraform_ENDPOINT }},
bucket=${{ secrets.terraform_BUCKET }},
region=${{ secrets.terraform_REGION }},
key=${{ env.KEY }},