ai-workspace-infra/iac_modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c3dcbd5a71
iac_modules/.github/workflows/iac-pipeline-mutli-cloud-account-matrix.yaml
Haitao Pan c3dcbd5a71 Update workflows
2026-01-02 11:11:11 +08:00

140 lines
4.4 KiB
YAML
Raw Blame History

name: Multi Cloud IAC Pipeline (Account/VPC Matrix)
on:
push:
pull_request:
paths:
- 'terraform-hcl-standard/**'
- '.github/workflows/iac-pipeline-aws-account-matrix.yaml'
workflow_dispatch:
inputs:
deploy_action:
type: choice
options: [plan, apply, destroy]
default: plan
gitops_repo_name:
description: "GitOps repository (URL or owner/repo)"
type: string
default: https://github.com/cloud-neutral-workshop/gitops.git
gitops_repo_ref:
description: "GitOps repo ref (branch/tag/sha) to use"
type: string
default: main
permissions:
id-token: write
contents: read
env:
BASE_DIR: terraform-hcl-standard/aws-cloud/component/
DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
CONFIG_DIR: gitops/xzerolab/sit/aws-cloud
CONFIG_FILES: |
gitops/xzerolab/sit/aws-cloud/account/bootstrap.yaml
gitops/xzerolab/sit/aws-cloud/resources/vpc.yaml
GITOPS_REPO_ROOT: gitops
GITOPS_BOOTSTRAP_CONFIG: gitops/xzerolab/sit/aws-cloud/account/bootstrap.yaml
jobs:
terraform:
name: "${{ matrix.component }} :: pipeline (action=${{ inputs.deploy_action }})"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
component:
- vpc
- role
steps:
- uses: actions/checkout@v4
- name: Normalize GitOps repo
id: gitops_repo
shell: bash
run: |
repo_input="${{ github.event.inputs.gitops_repo_name }}"
if [ -z "$repo_input" ]; then
repo_input="https://github.com/cloud-neutral-workshop/gitops.git"
fi
case "$repo_input" in
https://github.com/*) repo="${repo_input#https://github.com/}" ;;
git@github.com:*) repo="${repo_input#git@github.com:}" ;;
*) repo="$repo_input" ;;
esac
repo="${repo%.git}"
if [ -z "$repo" ]; then
echo "GitOps repo is empty after normalization." >&2
exit 1
fi
echo "repo=$repo" >> "$GITHUB_OUTPUT"
- name: Checkout GitOps config
uses: actions/checkout@v4
with:
repository: ${{ steps.gitops_repo.outputs.repo }}
path: ${{ env.GITOPS_REPO_ROOT }}
ref: ${{ github.event.inputs.gitops_repo_ref || 'main' }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.9.5
- uses: terraform-linters/setup-tflint@v4
with:
tflint_version: v0.51.0
- name: Load AWS config
run: |
ACCOUNT_FILE=$(printf "%s\n" "${CONFIG_FILES}" | head -n 1)
export ACCOUNT_FILE
python - <<'PY'
import os
import sys
from pathlib import Path
utils_dir = Path("iac-template/terraform-hcl-standard/utils").resolve()
sys.path.insert(0, str(utils_dir))
from config_loader import load_account_credentials
region, role_arn = load_account_credentials(os.environ["ACCOUNT_FILE"])
with Path(os.environ["GITHUB_ENV"]).open("a", encoding="utf-8") as handle:
handle.write(f"AWS_REGION={region}\n")
handle.write(f"AWS_ROLE_ARN={role_arn}\n")
PY
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.AWS_ROLE_ARN }}
- name: Init
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
run: make init CONFIG_DIR=${{ env.CONFIG_DIR }}
- name: Plan
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
run: make plan CONFIG_DIR=${{ env.CONFIG_DIR }}
- name: Apply
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
if: ${{ env.DEPLOY_ACTION == 'apply' }}
run: make apply CONFIG_DIR=${{ env.CONFIG_DIR }}
- name: Destroy
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
if: ${{ env.DEPLOY_ACTION == 'destroy' }}
run: make destroy CONFIG_DIR=${{ env.CONFIG_DIR }}
- name: Skip Apply/Destroy
if: ${{ env.DEPLOY_ACTION != 'apply' && env.DEPLOY_ACTION != 'destroy' }}
run: echo "Action set to plan → skipping apply/destroy steps."
- name: Output
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
if: ${{ env.DEPLOY_ACTION == 'apply' }}
run: terraform output -json
Reference in New Issue View Git Blame Copy Permalink