ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add GCP Terraform matrix workflows

Browse Source
This commit is contained in:
cloudneutral 2025-12-09 10:16:44 +08:00
parent 407debac73
commit e19ca97aea
3 changed files with 275 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
.github/workflows/terraform-standard-iac-pipeline-gcp-account-matrix.yaml vendored Normal file
View File

@ -0,0 +1,77 @@
name: Terraform Standard - IAC Pipeline (GCP Account/Project Matrix)
on:
push:
paths:
- 'iac-template/terraform-hcl-standard/gcp-cloud/envs/dev-vpc/**'
- 'iac-template/terraform-hcl-standard/gcp-cloud/envs/dev-role/**'
- '.github/workflows/terraform-standard-iac-pipeline-gcp-account-matrix.yaml'
workflow_dispatch:
inputs:
dry_run:
type: choice
options: ['true', 'false']
default: 'true'
env:
BASE_DIR: iac-template/terraform-hcl-standard/gcp-cloud/envs
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
DRY_RUN: ${{ github.event.inputs.dry_run || 'true' }}
jobs:
terraform:
name: "${{ matrix.env }} :: pipeline (dry_run=${{ inputs.dry_run }})"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
env:
- dev-vpc
- dev-role
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- uses: terraform-linters/setup-tflint@v4
with:
tflint_version: v0.51.0
- name: Authenticate to GCP
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_TERRAFORM_CREDENTIALS }}
project_id: ${{ env.GCP_PROJECT_ID }}
export_environment_variables: true
create_credentials_file: true
- name: Set up gcloud CLI
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ env.GCP_PROJECT_ID }}
- name: Init
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
run: make init
- name: Plan
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
run: make plan
- name: Apply
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
if: ${{ env.DRY_RUN == 'false' }}
run: make apply
- name: Skip Apply (dry-run)
if: ${{ env.DRY_RUN == 'true' }}
run: echo "Dry run enabled → skip apply step."
- name: Output
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
if: ${{ env.DRY_RUN == 'false' }}
run: terraform output -json

121
.github/workflows/terraform-standard-iac-pipeline-gcp-global-landingzone-baseline.yaml vendored Normal file
View File

@ -0,0 +1,121 @@
name: Terraform Standard - GCP Global LandingZone Baseline
on:
push:
paths:
- 'iac-template/terraform-hcl-standard/gcp-cloud/**'
- '.github/workflows/terraform-standard-iac-pipeline-gcp-global-landingzone-baseline.yaml'
pull_request:
branches: [main]
workflow_dispatch:
inputs:
deploy_action:
description: "Deployment action"
type: choice
options: [plan, apply, destroy]
default: plan
deploy_dry_run:
description: "Dry-run mode"
type: choice
options: ['true', 'false']
default: 'true'
env:
TF_WORKDIR: iac-template/terraform-hcl-standard/gcp-cloud
DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
# -------------------------------
# SMTP settings (明文可接受)
# -------------------------------
SMTP_HOST: smtp.qq.com
SMTP_PORT: 465
SMTP_FROM: "XControl Account <manbuzhe2009@qq.com>"
SMTP_REPLY_TO: "no-reply@svc.plus"
TO_EMAIL: "manbuzhe2009@qq.com"
jobs:
# -------------------------------------------------------
# 1. Landing Zone Baseline Stage
# -------------------------------------------------------
landingzone:
name: "Deploy LandingZone Baseline"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- name: Authenticate to GCP
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_TERRAFORM_CREDENTIALS }}
project_id: ${{ secrets.GCP_PROJECT_ID }}
export_environment_variables: true
create_credentials_file: true
- name: Set up gcloud CLI
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Terraform Init (LandingZone)
working-directory: ${{ env.TF_WORKDIR }}/envs/dev-landingzone
run: terraform init -upgrade
- name: Terraform Plan (LandingZone)
id: tfplan
if: env.DEPLOY_ACTION == 'plan'
working-directory: ${{ env.TF_WORKDIR }}/envs/dev-landingzone
run: terraform plan -no-color > plan_output.txt
- name: Upload LandingZone Plan Artifact
uses: actions/upload-artifact@v4
with:
name: landingzone-plan
path: ${{ env.TF_WORKDIR }}/envs/dev-landingzone/plan_output.txt
- name: Terraform Apply (LandingZone)
if: env.DEPLOY_ACTION == 'apply'
working-directory: ${{ env.TF_WORKDIR }}/envs/dev-landingzone
run: terraform apply -auto-approve
# -------------------------------------------------------
# 2. Validation Stage
# -------------------------------------------------------
validation:
name: "Validate LandingZone Baseline"
needs: landingzone
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Validation Checks
run: |
echo "⚙️ Running LandingZone baseline validation..."
chmod +x scripts/validation/validate-landingzone.sh
scripts/validation/validate-landingzone.sh \
${{ env.TF_WORKDIR }}/envs/dev-landingzone
# -------------------------------------------------------
# 3. Delivery / Notification Stage
# -------------------------------------------------------
delivery:
name: "Delivery: Notify Rollout"
needs: validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Notify
env:
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} # <-- 仅密码从 secret
SMTP_USERNAME: "manbuzhe2009@qq.com"
run: |
echo "📣 Sending LandingZone rollout notification..."
chmod +x scripts/notifications/notify-landingzone.sh
./scripts/notifications/notify-landingzone.sh

77
.github/workflows/terraform-standard-iac-pipeline-gcp-resources-matrix.yaml vendored Normal file
View File

@ -0,0 +1,77 @@
name: Terraform Standard - IAC Pipeline (GCP Resources Matrix)
on:
push:
paths:
- 'iac-template/terraform-hcl-standard/gcp-cloud/envs/dev-object/**'
- 'iac-template/terraform-hcl-standard/gcp-cloud/envs/dev-ec2/**'
- '.github/workflows/terraform-standard-iac-pipeline-gcp-resources-matrix.yaml'
workflow_dispatch:
inputs:
dry_run:
type: choice
options: ['true', 'false']
default: 'true'
env:
BASE_DIR: iac-template/terraform-hcl-standard/gcp-cloud/envs
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
DRY_RUN: ${{ github.event.inputs.dry_run || 'true' }}
jobs:
terraform:
name: "${{ matrix.env }} :: pipeline (dry_run=${{ inputs.dry_run }})"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
env:
- dev-object
- dev-ec2
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- uses: terraform-linters/setup-tflint@v4
with:
tflint_version: v0.51.0
- name: Authenticate to GCP
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCP_TERRAFORM_CREDENTIALS }}
project_id: ${{ env.GCP_PROJECT_ID }}
export_environment_variables: true
create_credentials_file: true
- name: Set up gcloud CLI
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ env.GCP_PROJECT_ID }}
- name: Init
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
run: make init
- name: Plan
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
run: make plan
- name: Apply
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
if: ${{ env.DRY_RUN == 'false' }}
run: make apply
- name: Skip Apply (dry-run)
if: ${{ env.DRY_RUN == 'true' }}
run: echo "Dry run enabled → skip apply step."
- name: Output
working-directory: ${{ env.BASE_DIR }}/${{ matrix.env }}
if: ${{ env.DRY_RUN == 'false' }}
run: terraform output -json