Deploy Infrastructure #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Infrastructure | |
| on: | |
| # push: | |
| # branches: | |
| # - main | |
| workflow_dispatch: | |
| inputs: | |
| AWS_REGION: | |
| description: 'AWS region in which to deploy the infrastructure' | |
| required: true | |
| default: 'eu-west-3' | |
| NAME_PREFIX: | |
| description: 'Prefix name for resources to be created: s3 bucket, vpc, ec2, etc.' | |
| required: true | |
| default: 'yor' | |
| EC2_INSTANCE_TYPE: | |
| description: 'ec2 instance type to use' | |
| required: true | |
| default: 't2.nano' | |
| PUBLIC_SSH_KEY: | |
| description: 'Public ssh key to connect to ec2 instance' | |
| required: true | |
| default: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzLnC7bnTFB8bEhWCUHh8B418rFwla7iJYclITd/59ZpZft3EdgeW9y/uLUfMH8f5P7be5j0NYLfD6jpou0VHdSkLymNJxaQDuvZBapW4jQI4luqRmN4xFeDIT+0BqT3sJotqU/n41NOGclEv/OMv6msulnC8A7wOBkrMJPzgNgs4a0+a8f/Slp9aAHpgKiWREwtFJDczFM0wUkQldEALg3QQt7qmpZgVx3KQi6u5YI0EqdjfMSP+qnY7Lk9yn2gQPPAR+NGgqz9d7bpsgqhggpw8k+Yw75bROdnk90Cc07zIg+lbBsyBoVNA+mRtejTC1IS9F1Pa+WdVtD3xpes7y0RCx6pxkTfLjB725FRs7EQ31lr031lC4fHB/bwfbU7QsCdHqrOJosKlNwG49qLc57LPS6qUKcJSCAjj3MZjTDNDuL8cxbdOy60fgI9n0YsDIY+5/YBItfsQStdJFzhLjsYN1oJx3HYF5ew+gngx8CzEGJ2s/fSpwducGMlFUcEjPAlVh94DpYubj06opOW1SM3w8U9BvUwC87uNhkI5Pn51kh7U2bOMJmxSnkl4RHmC6qj08HjCBQYaqzGEXstaoIExykTfHm3zFv4KiTMfH6fN5eaRpwvL3AYzAyAA6FbpXM2W8x35PM1lWgarrybg6iC3zYWDkjXlscD1Iu1uPYw== cley' | |
| jobs: | |
| deploy_and_yor_tag: | |
| name: Deploy and tag (yor) AWS infrastructure to host EC2 (VPC, EC2, S3, etc.) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # pin@v2 | |
| - name: Apply yor tag to IaC files | |
| uses: bridgecrewio/yor-action@main | |
| - name: Setup tool - install Terraform | |
| uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # pin@v2 | |
| with: | |
| terraform_version: 1.5.2 | |
| terraform_wrapper: false | |
| - name: Setup tool - install AWS cli | |
| uses: unfor19/install-aws-cli-action@457b7980b125044247e455d87b9a26fc2299b787 # pin@v1 | |
| - name: Prerequisite - Github actor name control to convert to the expected format (underscore and uppercase removed and size limited to 10 chars) | |
| id: github_name_control | |
| run: | | |
| ./github_actor_name_control.sh ${{ github.actor }} >> ACTOR | |
| cat ACTOR | |
| echo "ACTOR_PREFIX=$(cat ACTOR)" >> $GITHUB_ENV | |
| echo ${{ env.ACTOR_PREFIX }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| working-directory: ./scripts | |
| shell: bash | |
| - name: Prerequisite - Check if exists or Create S3 Bucket for tfstate | |
| id: s3 | |
| run: ./check_s3_bucket.sh ${{ github.event.inputs.NAME_PREFIX }} ${{ env.ACTOR_PREFIX }} ${{ github.event.inputs.AWS_REGION }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ github.event.inputs.AWS_REGION }} | |
| working-directory: ./scripts | |
| shell: bash | |
| - name: Init - Terraform Init | |
| id: init | |
| run: terraform init -backend-config="bucket=${{ github.event.inputs.NAME_PREFIX }}-${{ env.ACTOR_PREFIX }}-s3-tfstate" -backend-config="key=${{ github.event.inputs.NAME_PREFIX }}-infra.tfstate" -backend-config="region=${{ github.event.inputs.AWS_REGION }}" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ github.event.inputs.AWS_REGION }} | |
| working-directory: ./terraform/aws_infra | |
| shell: bash | |
| - name: Validate - Terraform Validate | |
| id: validate | |
| run: terraform validate | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ github.event.inputs.AWS_REGION }} | |
| working-directory: ./terraform/aws_infra | |
| shell: bash | |
| - name: Deploy infra - Terraform Apply | |
| id: apply | |
| run: | | |
| terraform apply -var="region=${{ github.event.inputs.AWS_REGION }}" -var="name_prefix=${{ github.event.inputs.NAME_PREFIX }}-${{ env.ACTOR_PREFIX }}" -var="instance_type=${{ github.event.inputs.EC2_INSTANCE_TYPE }}" -var="public_ssh_key=${{ github.event.inputs.PUBLIC_SSH_KEY }}" -auto-approve | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ github.event.inputs.AWS_REGION }} | |
| working-directory: ./terraform/aws_infra | |
| shell: bash |