release/d1c107317ba57d13366b34841e197431cc893ddb #525
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tardigrade terraform network mirror builder | |
| on: | |
| # Run on demand | |
| workflow_dispatch: | |
| # Run pull requests against the main branch | |
| pull_request: | |
| branches: [main] | |
| paths: | |
| - 'Dockerfile.tools' | |
| - '.github/workflows/build.yml' | |
| - '.github/workflows/dependabot_hack.yml' | |
| - 'providers/versions.tf' | |
| # Run when a release is created | |
| release: | |
| types: [released] | |
| permissions: | |
| id-token: write | |
| concurrency: | |
| group: ${{ github.head_ref || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| BuildMirror: | |
| name: build-mirror | |
| runs-on: ubuntu-latest | |
| env: | |
| AWS_DEFAULT_REGION: us-east-1 | |
| MIRROR_ENDPOINT: https://hashicorp-mirror.cloudarmor.io | |
| MIRROR_BUCKET: p3-hashicorp-mirror | |
| REPO_PATH: .mirror/repo | |
| steps: | |
| - name: Clone this git repository | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
| - name: Install aws-cli | |
| uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 | |
| - name: Download repo tools | |
| run: | | |
| make download-all | |
| - name: configure aws credentials | |
| if: github.event_name != 'pull_request' | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }} | |
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
| - name: Validate credential | |
| if: github.event_name != 'pull_request' | |
| run: aws sts get-caller-identity | |
| - name: Push repo tools to s3 bucket | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| aws s3 cp ./${{ env.REPO_PATH }}/ s3://${{ env.MIRROR_BUCKET }}/repo/ --recursive | |
| - name: Retrieve current terraform mirror | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| mkdir -p ./${{ env.REPO_PATH }}/terraform-registry | |
| aws s3 sync --no-sign-request --exact-timestamps --endpoint-url ${{ env.MIRROR_ENDPOINT }} s3://${{ env.MIRROR_BUCKET }}/repo/terraform-registry/ ./${{ env.REPO_PATH }}/terraform-registry/ | |
| - name: Create Terraform registry | |
| run: | | |
| terraform -chdir=./providers/ providers mirror \ | |
| -platform=linux_amd64 \ | |
| -platform=windows_amd64 \ | |
| -platform=darwin_amd64 \ | |
| ../${{ env.REPO_PATH }}/terraform-registry/ | |
| - name: Verify local terraform mirror | |
| run: | | |
| PWD=$(pwd) | |
| cat << EOF > "$HOME/.terraformrc" | |
| provider_installation { | |
| filesystem_mirror { | |
| path = "$PWD/${{ env.REPO_PATH }}/terraform-registry/" | |
| } | |
| } | |
| EOF | |
| terraform -chdir=./providers/ init | |
| - name: Push mirror to s3 bucket | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| aws s3 sync ./${{ env.REPO_PATH }}/terraform-registry/ s3://${{ env.MIRROR_BUCKET }}/repo/terraform-registry/ | |
| - name: Create cloudfront cache invalidation | |
| if: github.event_name != 'pull_request' | |
| run: | | |
| aws cloudfront create-invalidation --distribution-id ${{ secrets.HASHICORP_MIRROR_DISTRIBUTION }} --paths "/repo/*" |