121 lines
3.9 KiB
YAML
121 lines
3.9 KiB
YAML
name: AWS Cloud IAC Pipeline (Account/VPC Matrix)
|
|
|
|
on:
|
|
push:
|
|
pull_request:
|
|
paths:
|
|
- 'terraform-hcl-standard/aws-cloud/component/vpc/**'
|
|
- 'terraform-hcl-standard/aws-cloud/component/role/**'
|
|
- '.github/workflows/iac-pipeline-aws-account-matrix.yaml'
|
|
workflow_dispatch:
|
|
inputs:
|
|
deploy_action:
|
|
type: choice
|
|
options: [plan, apply, destroy]
|
|
default: plan
|
|
gitops_repo_name:
|
|
description: "GitOps repository (URL or owner/repo)"
|
|
type: string
|
|
default: https://github.com/cloud-neutral-workshop/gitops.git
|
|
gitops_repo_ref:
|
|
description: "GitOps repo ref (branch/tag/sha) to use"
|
|
type: string
|
|
default: main
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: read
|
|
|
|
env:
|
|
BASE_DIR: terraform-hcl-standard/aws-cloud/component/
|
|
DEPLOY_ACTION: ${{ github.event.inputs.deploy_action || 'plan' }}
|
|
CONFIG_DIR: gitops/xzerolab/sit/aws-cloud
|
|
CONFIG_FILES: |
|
|
gitops/xzerolab/sit/aws-cloud/account/bootstrap.yaml
|
|
gitops/xzerolab/sit/aws-cloud/resources/vpc.yaml
|
|
GITOPS_REPO_ROOT: gitops
|
|
GITOPS_BOOTSTRAP_CONFIG: gitops/xzerolab/sit/aws-cloud/account/bootstrap.yaml
|
|
|
|
jobs:
|
|
terraform:
|
|
name: "${{ matrix.component }} :: pipeline (action=${{ inputs.deploy_action }})"
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
component:
|
|
- vpc
|
|
- role
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Checkout GitOps config
|
|
uses: actions/checkout@v4
|
|
with:
|
|
repository: ${{ replace(replace(github.event.inputs.gitops_repo_name || 'https://github.com/cloud-neutral-workshop/gitops.git', 'https://github.com/', ''), '.git', '') }}
|
|
path: ${{ env.GITOPS_REPO_ROOT }}
|
|
ref: ${{ github.event.inputs.gitops_repo_ref || 'main' }}
|
|
|
|
- uses: hashicorp/setup-terraform@v3
|
|
with:
|
|
terraform_version: 1.9.5
|
|
|
|
- uses: terraform-linters/setup-tflint@v4
|
|
with:
|
|
tflint_version: v0.51.0
|
|
|
|
- name: Load AWS config
|
|
run: |
|
|
ACCOUNT_FILE=$(printf "%s\n" "${CONFIG_FILES}" | head -n 1)
|
|
export ACCOUNT_FILE
|
|
python - <<'PY'
|
|
import os
|
|
import sys
|
|
from pathlib import Path
|
|
|
|
utils_dir = Path("iac-template/terraform-hcl-standard/utils").resolve()
|
|
sys.path.insert(0, str(utils_dir))
|
|
|
|
from config_loader import load_account_credentials
|
|
|
|
region, role_arn = load_account_credentials(os.environ["ACCOUNT_FILE"])
|
|
|
|
with Path(os.environ["GITHUB_ENV"]).open("a", encoding="utf-8") as handle:
|
|
handle.write(f"AWS_REGION={region}\n")
|
|
handle.write(f"AWS_ROLE_ARN={role_arn}\n")
|
|
PY
|
|
|
|
- uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
aws-region: ${{ env.AWS_REGION }}
|
|
role-to-assume: ${{ env.AWS_ROLE_ARN }}
|
|
|
|
- name: Init
|
|
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
|
|
run: make init CONFIG_DIR=${{ env.CONFIG_DIR }}
|
|
|
|
- name: Plan
|
|
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
|
|
run: make plan CONFIG_DIR=${{ env.CONFIG_DIR }}
|
|
|
|
- name: Apply
|
|
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
|
|
if: ${{ env.DEPLOY_ACTION == 'apply' }}
|
|
run: make apply CONFIG_DIR=${{ env.CONFIG_DIR }}
|
|
|
|
- name: Destroy
|
|
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
|
|
if: ${{ env.DEPLOY_ACTION == 'destroy' }}
|
|
run: make destroy CONFIG_DIR=${{ env.CONFIG_DIR }}
|
|
|
|
- name: Skip Apply/Destroy
|
|
if: ${{ env.DEPLOY_ACTION != 'apply' && env.DEPLOY_ACTION != 'destroy' }}
|
|
run: echo "Action set to plan → skipping apply/destroy steps."
|
|
|
|
- name: Output
|
|
working-directory: ${{ env.BASE_DIR }}/${{ matrix.component }}
|
|
if: ${{ env.DEPLOY_ACTION == 'apply' }}
|
|
run: terraform output -json
|