ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a2c2b95558
iac_modules/.github/workflows/iac-pipeline-mutli-cloud-bootstrap..yaml
google-labs-jules[bot] a2c2b95558 Standardize cloud bootstrap destroy process 
- Added bootstrap destroy module structure for aws, ali, azure, gcp, and vultr.
- Moved AWS force destroy script to `terraform-hcl-standard/aws-cloud/modules/bootstrap-destroy/destroy.sh`.
- Updated `iac-pipeline-mutli-cloud-bootstrap..yaml` to dynamically invoke the destroy script based on the cloud provider.
- Added placeholders for other cloud providers.
2026-01-02 02:14:20 +00:00

122 lines
4.2 KiB
YAML
Raw Blame History

name: Multi Cloud Account Bootstrap
concurrency:
group: terraform-bootstrap-${{ github.ref }}
cancel-in-progress: false
on:
push:
pull_request:
paths:
- 'terraform-hcl-standard/**'
- '.github/workflows/iac-pipeline-mutli-cloud-bootstrap.yaml'
workflow_dispatch:
inputs:
deploy_action:
type: choice
options: [plan, apply, destroy]
default: plan
bootstrap_cloud:
description: "Path to bootstrap cloud"
type: string
default: terraform-hcl-standard/aws-cloud/bootstrap
gitops_repo_ref:
description: "GitOps repo ref (branch/tag/sha) to use"
type: string
default: main
gitops_repo_name:
description: "GitOps repository (URL or owner/repo)"
type: string
default: https://github.com/cloud-neutral-workshop/gitops.git
gitops_bootstrap_config:
description: "Path to bootstrap config file within the GitOps repo"
type: string
default: config/xzerolab/sit/aws-cloud/account/bootstrap.yaml
env:
TG_VERSION: 0.67.14
TG_ROOT: ${{ github.event.inputs.bootstrap_cloud }}
GITOPS_REPO: ${{ github.event.inputs.gitops_repo_name }}
DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
BOOTSTRAP_CONFIG_FILE: ${{ github.event.inputs.gitops_bootstrap_config }}
BOOTSTRAP_CONFIG_PATH: terraform-hcl-standard/aws-cloud/bootstrap/gitops/${{ github.event.inputs.gitops_bootstrap_config }}
jobs:
bootstrap:
name: "Bootstrap Modules"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Checkout GitOps config
run: |
git clone --branch "${{ github.event.inputs.gitops_repo_ref || 'main' }}" \
--depth 1 "${{ env.GITOPS_REPO }}" "${{ env.TG_ROOT }}/gitops"
- name: Document Bootstrap Scope
run: |
cat <<'SUMMARY' >> "$GITHUB_STEP_SUMMARY"
## Bootstrap scope
- IAM: create Terraform deploy role and automation user for DevOps
- S3: create remote state bucket (versioned + SSE + public access block)
- DynamoDB: create state lock table with encryption + PITR
Terragrunt orchestrates state → lock → identity. Resource names and regions follow terraform-hcl-standard/aws-cloud/config/accounts/bootstrap.yaml.
SUMMARY
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- name: Install Terragrunt
run: |
curl -L "https://github.com/gruntwork-io/terragrunt/releases/download/v${TG_VERSION}/terragrunt_linux_amd64" -o terragrunt
sudo install terragrunt /usr/local/bin/terragrunt
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_BOOTSTRAP_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_BOOTSTRAP_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-1
- name: Force Destroy Bootstrap Resources
if: env.DEPLOY_ACTION == 'destroy'
run: |
CLOUD_ROOT=$(dirname ${{ env.TG_ROOT }})
DESTROY_SCRIPT="${CLOUD_ROOT}/modules/bootstrap-destroy/destroy.sh"
if [ -f "$DESTROY_SCRIPT" ]; then
chmod +x "$DESTROY_SCRIPT"
"$DESTROY_SCRIPT"
else
echo "No destroy script found at $DESTROY_SCRIPT"
exit 1
fi
- name: Terragrunt Plan
if: env.DEPLOY_ACTION == 'plan'
working-directory: ${{ env.TG_ROOT }}
run: terragrunt run-all plan --terragrunt-non-interactive
- name: Terragrunt Apply
if: env.DEPLOY_ACTION == 'apply'
working-directory: ${{ env.TG_ROOT }}
run: terragrunt run-all apply --terragrunt-non-interactive
- name: Save Outputs
if: env.DEPLOY_ACTION == 'apply'
working-directory: ${{ env.TG_ROOT }}
run: |
mkdir -p outputs
for dir in state lock identity; do
terragrunt output -json --terragrunt-working-dir $dir > outputs/${dir}.json
done
- uses: actions/upload-artifact@v4
if: env.DEPLOY_ACTION == 'apply'
with:
name: bootstrap-outputs
path: ${{ env.TG_ROOT }}/outputs
retention-days: 30
Reference in New Issue View Git Blame Copy Permalink