From b03e9a4bf44fba493a16cefd58c451c50241c983 Mon Sep 17 00:00:00 2001
From: cloudneutral <haitaopanhq@gmail.com>
Date: Wed, 24 Dec 2025 12:57:14 +0800
Subject: [PATCH] Add gitops_repo_name input to AWS workflows

---
 ...ac-pipeline-aws-global-account-matrix.yaml | 15 +++++++++++--
 .../iac-pipeline-aws-global-bootstrap.yaml    | 21 +++++++++++++++++++
 ...eline-aws-global-landingzone-baseline.yaml | 16 ++++++++++++++
 ...-pipeline-aws-global-resources-matrix.yaml | 16 ++++++++++++++
 .../aws-cloud/bootstrap/README.md             |  2 +-
 .../bootstrap/identity/terragrunt.hcl         |  6 +++++-
 .../aws-cloud/bootstrap/lock/terragrunt.hcl   |  6 +++++-
 .../aws-cloud/bootstrap/state/terragrunt.hcl  |  6 +++++-
 8 files changed, 82 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/iac-pipeline-aws-global-account-matrix.yaml b/.github/workflows/iac-pipeline-aws-global-account-matrix.yaml
index c5c1b2fe..120bce80 100644
--- a/.github/workflows/iac-pipeline-aws-global-account-matrix.yaml
+++ b/.github/workflows/iac-pipeline-aws-global-account-matrix.yaml
@@ -13,6 +13,14 @@ on:
         type: choice
         options: [plan, apply, destroy]
         default: plan
+      gitops_repo_name:
+        description: "GitOps repository (URL or owner/repo)"
+        type: string
+        default: https://github.com/cloud-neutral-workshop/gitops.git
+      gitops_repo_ref:
+        description: "GitOps repo ref (branch/tag/sha) to use"
+        type: string
+        default: main
 
 permissions:
   id-token: write
@@ -25,6 +33,8 @@ env:
   CONFIG_FILES: |
     gitops/xzerolab/sit/aws-cloud/account/bootstrap.yaml
     gitops/xzerolab/sit/aws-cloud/resources/vpc.yaml
+  GITOPS_REPO_ROOT: gitops
+  GITOPS_BOOTSTRAP_CONFIG: gitops/xzerolab/sit/aws-cloud/account/bootstrap.yaml
 
 jobs:
   terraform:
@@ -44,8 +54,9 @@ jobs:
       - name: Checkout GitOps config
         uses: actions/checkout@v4
         with:
-          repository: cloud-neutral-workshop/gitops
-          path: gitops
+          repository: ${{ replace(replace(github.event.inputs.gitops_repo_name || 'https://github.com/cloud-neutral-workshop/gitops.git', 'https://github.com/', ''), '.git', '') }}
+          path: ${{ env.GITOPS_REPO_ROOT }}
+          ref: ${{ github.event.inputs.gitops_repo_ref || 'main' }}
 
       - uses: hashicorp/setup-terraform@v3
         with:
diff --git a/.github/workflows/iac-pipeline-aws-global-bootstrap.yaml b/.github/workflows/iac-pipeline-aws-global-bootstrap.yaml
index 553e6842..264e8779 100644
--- a/.github/workflows/iac-pipeline-aws-global-bootstrap.yaml
+++ b/.github/workflows/iac-pipeline-aws-global-bootstrap.yaml
@@ -16,11 +16,25 @@ on:
         type: choice
         options: [plan, apply, destroy]
         default: plan
+      gitops_repo_ref:
+        description: "GitOps repo ref (branch/tag/sha) to use"
+        type: string
+        default: main
+      gitops_repo_name:
+        description: "GitOps repository (URL or owner/repo)"
+        type: string
+        default: https://github.com/cloud-neutral-workshop/gitops.git
+      gitops_bootstrap_config:
+        description: "Path to bootstrap config file within the GitOps repo"
+        type: string
+        default: config/xzerolab/sit/aws-cloud/account/bootstrap.yaml
 
 env:
   TG_ROOT: terraform-hcl-standard/aws-cloud/bootstrap
   DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
   TG_VERSION: 0.67.14
+  GITOPS_REPO_ROOT: gitops
+  GITOPS_BOOTSTRAP_CONFIG: ${{ github.event.inputs.gitops_bootstrap_config || 'config/xzerolab/sit/aws-cloud/account/bootstrap.yaml' }}
 
 jobs:
   bootstrap:
@@ -30,6 +44,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Checkout GitOps config
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ replace(replace(github.event.inputs.gitops_repo_name || 'https://github.com/cloud-neutral-workshop/gitops.git', 'https://github.com/', ''), '.git', '') }}
+          path: ${{ env.GITOPS_REPO_ROOT }}
+          ref: ${{ github.event.inputs.gitops_repo_ref || 'main' }}
+
       - name: Document Bootstrap Scope
         run: |
           cat <<'SUMMARY' >> "$GITHUB_STEP_SUMMARY"
diff --git a/.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml b/.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml
index 2d4cb734..7d15f8b2 100644
--- a/.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml
+++ b/.github/workflows/iac-pipeline-aws-global-landingzone-baseline.yaml
@@ -20,12 +20,21 @@ on:
         type: choice
         options: ['true', 'false']
         default: 'true'
+      gitops_repo_name:
+        description: "GitOps repository (URL or owner/repo)"
+        type: string
+        default: https://github.com/cloud-neutral-workshop/gitops.git
+      gitops_repo_ref:
+        description: "GitOps repo ref (branch/tag/sha) to use"
+        type: string
+        default: main
 
 env:
   TF_WORKDIR: terraform-hcl-standard/aws-cloud
   DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
   AWS_REGION: ap-northeast-1
   AWS_ROLE_ARN: arn:aws:iam::950604983695:role/GithubAction_IAC_Deploy_Role
+  GITOPS_REPO_ROOT: gitops
 
 jobs:
   # -------------------------------------------------------
@@ -38,6 +47,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Checkout GitOps config
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ replace(replace(github.event.inputs.gitops_repo_name || 'https://github.com/cloud-neutral-workshop/gitops.git', 'https://github.com/', ''), '.git', '') }}
+          path: ${{ env.GITOPS_REPO_ROOT }}
+          ref: ${{ github.event.inputs.gitops_repo_ref || 'main' }}
+
       - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.9.5
diff --git a/.github/workflows/iac-pipeline-aws-global-resources-matrix.yaml b/.github/workflows/iac-pipeline-aws-global-resources-matrix.yaml
index 201b5fe6..98d4c136 100644
--- a/.github/workflows/iac-pipeline-aws-global-resources-matrix.yaml
+++ b/.github/workflows/iac-pipeline-aws-global-resources-matrix.yaml
@@ -13,6 +13,14 @@ on:
         type: choice
         options: [plan, apply, destroy]
         default: plan
+      gitops_repo_name:
+        description: "GitOps repository (URL or owner/repo)"
+        type: string
+        default: https://github.com/cloud-neutral-workshop/gitops.git
+      gitops_repo_ref:
+        description: "GitOps repo ref (branch/tag/sha) to use"
+        type: string
+        default: main
 
 permissions:
   id-token: write
@@ -23,6 +31,7 @@ env:
   AWS_REGION: ap-northeast-1
   DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
   AWS_ROLE_ARN: arn:aws:iam::950604983695:role/GithubAction_IAC_Deploy_Role
+  GITOPS_REPO_ROOT: gitops
 
 jobs:
   terraform:
@@ -39,6 +48,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Checkout GitOps config
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ replace(replace(github.event.inputs.gitops_repo_name || 'https://github.com/cloud-neutral-workshop/gitops.git', 'https://github.com/', ''), '.git', '') }}
+          path: ${{ env.GITOPS_REPO_ROOT }}
+          ref: ${{ github.event.inputs.gitops_repo_ref || 'main' }}
+
       - uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: 1.9.5
diff --git a/terraform-hcl-standard/aws-cloud/bootstrap/README.md b/terraform-hcl-standard/aws-cloud/bootstrap/README.md
index 65c31b2e..57f05fdd 100644
--- a/terraform-hcl-standard/aws-cloud/bootstrap/README.md
+++ b/terraform-hcl-standard/aws-cloud/bootstrap/README.md
@@ -21,7 +21,7 @@ Terragrunt `run-all` handles the ordering; no manual sequencing is required.
 
 - **Data plane**: S3 bucket enforces AES256 SSE, public access block, and versioning. DynamoDB enables server-side encryption and PITR for forensic recovery.
 - **Control plane**: IAM policies are externalized in `identity/policies/*.json` and rendered via `aws_iam_policy_document` to keep Terraform code lean and auditable.
-- **Config source of truth**: The GitOps repo (`https://github.com/cloud-neutral-workshop/gitops.git`) stores `config/accounts/bootstrap.yaml`, defining canonical names, regions, and tags. Terragrunt reads it via `GITOPS_REPO_ROOT` (defaults to `../gitops` relative to this repo).
+- **Config source of truth**: The GitOps repo (`https://github.com/cloud-neutral-workshop/gitops.git`) stores `config/accounts/bootstrap.yaml`, defining canonical names, regions, and tags. Terragrunt reads it via `GITOPS_REPO_ROOT` (defaults to `../gitops` relative to this repo). Clone that repository locally or set `GITOPS_REPO_ROOT` to your desired path to keep configuration and modules separated. You can also override the config file path with `GITOPS_BOOTSTRAP_CONFIG` (for example, `config/xzerolab/sit/aws-cloud/account/bootstrap.yaml` inside the GitOps repo).
 
 ## How to Run with Terragrunt
 
diff --git a/terraform-hcl-standard/aws-cloud/bootstrap/identity/terragrunt.hcl b/terraform-hcl-standard/aws-cloud/bootstrap/identity/terragrunt.hcl
index a2f98a5b..b6f1a1d6 100644
--- a/terraform-hcl-standard/aws-cloud/bootstrap/identity/terragrunt.hcl
+++ b/terraform-hcl-standard/aws-cloud/bootstrap/identity/terragrunt.hcl
@@ -16,9 +16,13 @@ locals {
     abspath("${get_parent_terragrunt_dir()}/../../../../../gitops")
   )
   config_root = "${local.gitops_repo_root}/config"
+  bootstrap_config_path = get_env(
+    "GITOPS_BOOTSTRAP_CONFIG",
+    "${local.config_root}/accounts/bootstrap.yaml"
+  )
 }
 
 inputs = {
-  bootstrap_config_path = "${local.config_root}/accounts/bootstrap.yaml"
+  bootstrap_config_path = local.bootstrap_config_path
   config_root           = local.gitops_repo_root
 }
diff --git a/terraform-hcl-standard/aws-cloud/bootstrap/lock/terragrunt.hcl b/terraform-hcl-standard/aws-cloud/bootstrap/lock/terragrunt.hcl
index ecfc9d73..ecfd94d4 100644
--- a/terraform-hcl-standard/aws-cloud/bootstrap/lock/terragrunt.hcl
+++ b/terraform-hcl-standard/aws-cloud/bootstrap/lock/terragrunt.hcl
@@ -16,9 +16,13 @@ locals {
     abspath("${get_parent_terragrunt_dir()}/../../../../../gitops")
   )
   config_root = "${local.gitops_repo_root}/config"
+  bootstrap_config_path = get_env(
+    "GITOPS_BOOTSTRAP_CONFIG",
+    "${local.config_root}/accounts/bootstrap.yaml"
+  )
 }
 
 inputs = {
-  bootstrap_config_path = "${local.config_root}/accounts/bootstrap.yaml"
+  bootstrap_config_path = local.bootstrap_config_path
   config_root           = local.gitops_repo_root
 }
diff --git a/terraform-hcl-standard/aws-cloud/bootstrap/state/terragrunt.hcl b/terraform-hcl-standard/aws-cloud/bootstrap/state/terragrunt.hcl
index cf486331..8697098a 100644
--- a/terraform-hcl-standard/aws-cloud/bootstrap/state/terragrunt.hcl
+++ b/terraform-hcl-standard/aws-cloud/bootstrap/state/terragrunt.hcl
@@ -12,9 +12,13 @@ locals {
     abspath("${get_parent_terragrunt_dir()}/../../../../../gitops")
   )
   config_root = "${local.gitops_repo_root}/config"
+  bootstrap_config_path = get_env(
+    "GITOPS_BOOTSTRAP_CONFIG",
+    "${local.config_root}/accounts/bootstrap.yaml"
+  )
 }
 
 inputs = {
-  bootstrap_config_path = "${local.config_root}/accounts/bootstrap.yaml"
+  bootstrap_config_path = local.bootstrap_config_path
   config_root           = local.gitops_repo_root
 }