Merge branch 'main' into codex/ensure-iac-modules-meet-idempotence-ljuyzg

2025-12-08 17:58:36 +08:00 · 2025-12-08 17:58:36 +08:00 · 888a5476be
commit 888a5476be
parent 46d1fb2c8b 05392ac4ee
4 changed files with 21 additions and 10 deletions
--- a/.github/workflows/terraform-standard-iac-pipeline-aws-global-bootstrap.yaml
+++ b/.github/workflows/terraform-standard-iac-pipeline-aws-global-bootstrap.yaml
@ -50,6 +50,13 @@ jobs:
        with:
          terraform_version: 1.9.5

+      - name: Restore Terraform state
+        uses: actions/download-artifact@v4
+        continue-on-error: true
+        with:
+          name: tfstate-${{ matrix.target }}
+          path: ${{ env.TF_WORKDIR }}/${{ matrix.target }}
+
      - name: AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
--- a/iac-template/terraform-hcl-standard/aws-cloud/bootstrap-iam/Makefile
+++ b/iac-template/terraform-hcl-standard/aws-cloud/bootstrap-iam/Makefile
@ -1,7 +1,7 @@
 account_name ?=
 region ?=
 role_name ?=
-	terraform_user_name ?=
+terraform_user_name ?=

 TF_VARS := $(if $(account_name),-var="account_name=$(account_name)") $(if $(region),-var="region=$(region)") $(if $(role_name),-var="role_name=$(role_name)") $(if $(terraform_user_name),-var="terraform_user_name=$(terraform_user_name)")

--- a/iac-template/terraform-hcl-standard/aws-cloud/bootstrap-iam/locals.tf
+++ b/iac-template/terraform-hcl-standard/aws-cloud/bootstrap-iam/locals.tf
@ -10,7 +10,10 @@ locals {
 }

 locals {
-  account = yamldecode(
-    file("${path.root}/../config/accounts/${local.config_account_name}.yaml")
-  )
+  account_file_path = "${path.root}/../config/accounts/${local.config_account_name}.yaml"
+  account = fileexists(local.account_file_path) ? yamldecode(file(local.account_file_path)) : {
+    account_id  = local.bootstrap.account_id
+    environment = local.environment
+    tags        = local.extra_tags
+  }
 }
--- a/iac-template/terraform-hcl-standard/aws-cloud/config/accounts/bootstrap.yaml
+++ b/iac-template/terraform-hcl-standard/aws-cloud/config/accounts/bootstrap.yaml
@ -1,16 +1,17 @@
 region: ap-northeast-1
 environment: bootstrap

-account_name: dev
+account_name: xzerolab
+account_id: 950604983695

 state:
-  bucket_name: svc-plus-iac-state
-  dynamodb_table_name: svc-plus-iac-state-dynamodb-lock
+  bucket_name: xzerolab-iac-state
+  dynamodb_table_name: xzerolab-iac-state-dynamodb-lock

 iam:
-  role_name: TerraformDeployRole-Dev
-  terraform_user_name: sit-ci-runner
+  role_name: XzerolabTerraformDeployRole
+  terraform_user_name: github-ci-runner

 tags:
  Owner: Platform
-  Project: modern-container-app
+  Project: CloudNeutral