GitHub Actions - Configure Access #262
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions - Configure Access | |
| on: | |
| ####---------------------------------------------------------------------------- | |
| workflow_dispatch: | |
| name: Manual Deployment | |
| description: 'Triggering Manual Deployment' | |
| inputs: | |
| logLevel: | |
| description: 'Log level' | |
| required: true | |
| default: 'warning' | |
| tags: | |
| description: 'Configure Access' | |
| ####---------------------------------------------------------------------------- | |
| push: | |
| branches: [ master ] | |
| paths: | |
| - action.yaml | |
| ####---------------------------------------------------------------------------- | |
| env: | |
| ## AWS Access/Secret (Credentials) | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_ACCOUNT: ${{ secrets.AWS_DEFAULT_ACCOUNT }} | |
| ## AWS + Terraform CLI components | |
| AWSCLI_CLI: ${{ vars.AWSCLI_CLI }} | |
| ## AWS Default [Account, Profile, Region] | |
| AWS_DEFAULT_PROFILE: ${{ vars.AWS_DEFAULT_PROFILE }} | |
| AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| ## Default/Custom toolset + Requirements | |
| CUSTOM_TOOLS: ${{ vars.CUSTOM_TOOLS }} | |
| DEFAULT_TOOLS: ${{ vars.DEFAULT_TOOLS }} | |
| ## Access Role/Account Name (devops) | |
| DEVOPS_ACCESS_ROLE: ${{ vars.DEVOPS_ACCESS_ROLE }} | |
| DEVOPS_ACCOUNT_NAME: ${{ vars.DEVOPS_ACCOUNT_NAME }} | |
| ## Private SSH Keypair items | |
| PRIVATE_KEYPAIR_FILE: ${{ vars.PRIVATE_KEYPAIR_FILE }} | |
| PRIVATE_KEYPAIR_NAME: ${{ vars.PRIVATE_KEYPAIR_NAME }} | |
| PRIVATE_KEYPAIR_SECRET: ${{ secrets.PRIVATE_KEYPAIR_SECRET }} | |
| ## Python Requirements | |
| PYTHON_REQUIREMENTS: ${{ vars.PYTHON_REQUIREMENTS }} | |
| ## Content Output Management | |
| SANITIZE_OUTPUT: ${{ vars.SANITIZE_OUTPUT }} | |
| ## Update/Upgrade -> Python + PIP | |
| UPDATE_PYTHON: ${{ vars.UPDATE_PYTHON }} | |
| UPDATE_PIP: ${{ vars.UPDATE_PIP }} | |
| ## Update/Upgrade -> System Components | |
| UPDATE_SYSTEM: ${{ vars.UPDATE_SYSTEM }} | |
| UPGRADE_SYSTEM: ${{ vars.UPGRADE_SYSTEM }} | |
| ## Debugger & Verbosity Mode | |
| DEBUGER_MODE: ${{ vars.DEBUGER_MODE }} | |
| VERBOSE_MODE: ${{ vars.VERBOSE_MODE }} | |
| ####---------------------------------------------------------------------------- | |
| jobs: | |
| configure-access: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| ####---------------------------------------------------------------------------- | |
| ## Environment Variables | |
| - name: Access Session Timestamp | |
| id: access-session-timestamp | |
| shell: bash | |
| run: | | |
| SESSION_TIMESTAMP="$(date +"%y%m%d%H%M%S")" ; | |
| echo "SESSION_TIMESTAMP=${SESSION_TIMESTAMP}" >> ${GITHUB_ENV} ; | |
| ####---------------------------------------------------------------------------- | |
| ## System Requirements | |
| - name: Access System Requirements | |
| id: access-system-requirements | |
| uses: emvaldes/system-requirements@master | |
| with: | |
| debuger-mode: ${DEBUGER_MODE} | |
| verbose-mode: ${VERBOSE_MODE} | |
| update-system: ${UPDATE_SYSTEM} | |
| upgrade-system: ${UPGRADE_SYSTEM} | |
| update-python-version: ${UPDATE_PYTHON} | |
| update-pip-version: ${UPDATE_PIP} | |
| install-default-tools: ${DEFAULT_TOOLS} | |
| install-custom-tools: ${CUSTOM_TOOLS} | |
| install-python-requirements: ${PYTHON_REQUIREMENTS} | |
| install-awscli-cli: ${AWSCLI_CLI} | |
| continue-on-error: false | |
| ####---------------------------------------------------------------------------- | |
| ## Installed Packages | |
| - name: Access Installed Packages | |
| id: access-installed-packages | |
| shell: bash | |
| run: | | |
| lsb_release -a ; | |
| echo -e ; | |
| jq --version 2>/dev/null ; | |
| tree --version 2>/dev/null ; | |
| echo -e ; | |
| python --version 2>/dev/null ; | |
| pip --version 2>/dev/null ; | |
| echo -e ; | |
| aws --version 2>/dev/null ; | |
| echo -e ; | |
| ####---------------------------------------------------------------------------- | |
| ## Generating Credentials | |
| - name: Generating Credentials | |
| uses: emvaldes/generate-credentials@master | |
| id: generate-credentials | |
| with: | |
| aws-access-key-id: ${AWS_ACCESS_KEY_ID} | |
| aws-secret-access-key: ${AWS_SECRET_ACCESS_KEY} | |
| aws-default-account: ${AWS_DEFAULT_ACCOUNT} | |
| aws-default-profile: ${AWS_DEFAULT_PROFILE} | |
| aws-default-region: ${AWS_DEFAULT_REGION} | |
| devops-access-role: ${DEVOPS_ACCESS_ROLE} | |
| devops-account-name: ${DEVOPS_ACCOUNT_NAME} | |
| session-timestamp: "DevOpsPipeline--${{ env.SESSION_TIMESTAMP }}" | |
| sanitize-output: ${SANITIZE_OUTPUT} | |
| continue-on-error: false | |
| ####---------------------------------------------------------------------------- | |
| ## Display IAM List-Users | |
| - name: Credentials IAM List-Users | |
| id: credentials-awsiam-listusers | |
| run: | | |
| aws --profile ${AWS_DEFAULT_PROFILE} \ | |
| --region ${AWS_DEFAULT_REGION} \ | |
| iam list-users \ | |
| --query 'Users[?UserName==`'${DEVOPS_ACCOUNT_NAME}'`]' \ | |
| | sed -e 's|\("UserId": "\)\(.*\)\("\)|\1***\3|' ; | |
| continue-on-error: false | |
| ####---------------------------------------------------------------------------- | |
| ## Display Environment | |
| - name: Display Credentials Environment | |
| id: display-credentials-environment | |
| run: | | |
| # echo "::add-mask::$AWS_ACCESS_KEY_ID" ; | |
| # echo "::add-mask::$AWS_SECRET_ACCESS_KEY" ; | |
| echo "::add-mask::$AWS_SESSION_TOKEN" ; | |
| ## Reporting configuration settings: | |
| echo -e "\nDisplaying Enviroment Settings ...\n" ; | |
| echo -e "AWS Config File: ${AWS_CONFIG_FILE}" ; | |
| echo -e "AWS Shared Credentials File: ${AWS_SHARED_CREDENTIALS_FILE}" ; | |
| echo -e "AWS Access Key-ID: ${AWS_ACCESS_KEY_ID}" ; | |
| echo -e "AWS Secret Access Key: ${AWS_SECRET_ACCESS_KEY}" ; | |
| echo -e "AWS Session Token: ${AWS_SESSION_TOKEN}" \ | |
| | sed -e 's|\(AWS_SESSION_TOKEN\=\)\(.*\)|\1***|' ; | |
| echo -e "AWS Token Expires: ${AWS_TOKEN_EXPIRES}" ; | |
| echo -e "AWS Default Account: ${AWS_DEFAULT_ACCOUNT}" ; | |
| echo -e "AWS Default Profile: ${AWS_DEFAULT_PROFILE}" ; | |
| echo -e "AWS Default Region: ${AWS_DEFAULT_REGION}" ; | |
| echo -e "AWS DevOps Account: ${DEVOPS_ACCOUNT_NAME}" ; | |
| echo -e "AWS Principal ARN: ${AWS_PRINCIPAL_ARN}" ; | |
| ####---------------------------------------------------------------------------- | |
| ## Configure Access KeyPair | |
| - name: Configure Access | |
| uses: ./ | |
| id: configure-access | |
| with: | |
| private-keypair-file: ${PRIVATE_KEYPAIR_FILE} | |
| private-keypair-name: ${PRIVATE_KEYPAIR_NAME} | |
| private-keypair-secret: ${PRIVATE_KEYPAIR_SECRET} | |
| continue-on-error: false | |
| ####---------------------------------------------------------------------------- | |
| ## Display Environment | |
| - name: Display Access Environment | |
| id: display-access-environment | |
| shell: bash | |
| run: | | |
| echo -e "Displaying Enviroment Settings ..." ; | |
| echo -e "Access KeyPair File: '${PRIVATE_KEYPAIR_FILE}'" ; | |
| echo -e "Access KeyPair Name: '${PRIVATE_KEYPAIR_NAME}'" ; | |
| echo -e "Access KeyPair Secret: '$( | |
| echo -en "${PRIVATE_KEYPAIR_SECRET}" | base64 --decode | |
| )'" ; | |
| ####---------------------------------------------------------------------------- |