ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9ae1d2bf84
iac_modules/.github/workflows/terraform-standard-iac-pipeline-aws-global-bootstrap.yaml

102 lines
2.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Terraform Standard - AWS Account Bootstrap
on:
push:
paths:
- 'iac-template/terraform-standard/**'
- '.github/workflows/terraform-standard-iac-pipeline-aws-global-bootstrap.yaml'
pull_request:
workflow_dispatch:
inputs:
deploy_action:
type: choice
options: [init, plan, apply, destroy]
default: plan
deploy_dry_run:
type: choice
options: ['true', 'false']
default: 'true'
env:
TF_WORKDIR: iac-template/terraform-standard
DRY_RUN: ${{ github.event.inputs.deploy_dry_run || 'true' }}
jobs:
bootstrap:
name: "Bootstrap Modules"
runs-on: ubuntu-latest
strategy:
matrix:
target: [bootstrap-dynamodb, bootstrap-s3, bootstrap-iam]
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_BOOTSTRAP_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_BOOTSTRAP_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-1
- name: Init
working-directory: ${{ env.TF_WORKDIR }}/${{ matrix.target }}
run: make init
- name: Plan
if: env.DRY_RUN == 'true'
working-directory: ${{ env.TF_WORKDIR }}/${{ matrix.target }}
run: make plan
- name: Apply
if: env.DRY_RUN == 'false'
working-directory: ${{ env.TF_WORKDIR }}/${{ matrix.target }}
run: make apply
- name: Save Outputs
if: env.DRY_RUN == 'false'
working-directory: ${{ env.TF_WORKDIR }}/${{ matrix.target }}
run: terraform output -json > ../../outputs_${{ matrix.target }}.json
- uses: actions/upload-artifact@v4
if: env.DRY_RUN == 'false'
with:
name: outputs-${{ matrix.target }}
path: iac-template/terraform-standard/outputs_${{ matrix.target }}.json
aggregate:
name: "Aggregate Bootstrap Outputs"
runs-on: ubuntu-latest
needs: bootstrap
# ❗ Job-level 不能用 env.DRY_RUN要用 github.event.inputs.*
if: ${{ github.event.inputs.deploy_dry_run == 'false' }}
steps:
- uses: actions/download-artifact@v4
with:
path: ./outputs
- name: Merge Outputs
run: |
echo "{" > final_bootstrap_outputs.json
f=true
for x in outputs/**/outputs_*.json; do
k=$(basename $x .json | sed 's/outputs_//')
[ "$f" = true ] && f=false || echo "," >> final_bootstrap_outputs.json
echo "\"$k\": $(cat $x)" >> final_bootstrap_outputs.json
done
echo "}" >> final_bootstrap_outputs.json
- run: cat final_bootstrap_outputs.json
- uses: actions/upload-artifact@v4
with:
name: bootstrap-final-output
path: final_bootstrap_outputs.json
Reference in New Issue View Git Blame Copy Permalink