From b2dd842ee8d5f0b7e9d55d9d43d76523b71291c9 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Fri, 10 Jan 2025 16:22:07 +0530 Subject: [PATCH 01/19] feat: Updated the workflow for azure --- .github/workflows/terraform.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 4764fd28..35c5a76a 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -27,6 +27,15 @@ on: AZURE_CREDENTIALS: required: false description: Azure Credentials to install Azure in github runner. + AZURE_CLIENT_ID: + required: false + description: 'Client ID for service principal in Azure.' + AZURE_SUBSCRIPTION_ID: + required: false + description: 'Subscription ID in Azure.' + AZURE_TENANT_ID: + required: false + description: 'Tenant ID of Azure.' AWS_ACCESS_KEY_ID: required: false description: AWS Access Key ID to install AWS CLI. @@ -46,13 +55,22 @@ on: required: false description: Terraform cloud token if your backend is terraform cloud. +#Special permissions required for OIDC authentication for Azure +permissions: + id-token: write + contents: read + pull-requests: write + jobs: terraform-checks: name: 'Terraform Validate, Init and Plan' runs-on: ubuntu-latest env: - # This is needed since we are running terraform with read-only permissions - ARM_SKIP_PROVIDER_REGISTRATION: true + # This is needed since we are running terraform with Azure + ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" + ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" + ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" + ARM_SKIP_PROVIDER_REGISTRATION: true outputs: tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }} From 1127911426bf40fc29de2647695215aaeb8e2aba Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Fri, 10 Jan 2025 21:36:48 +0530 Subject: [PATCH 02/19] feat: Updated the secrets for azure tf --- .github/workflows/terraform.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 35c5a76a..bb85f5fb 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -67,9 +67,9 @@ jobs: runs-on: ubuntu-latest env: # This is needed since we are running terraform with Azure - ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" - ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" - ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" + ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} ARM_SKIP_PROVIDER_REGISTRATION: true outputs: tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }} From fb85c7495644e8c9f43c308a7c6788f88a2b005a Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Mon, 13 Jan 2025 18:18:31 +0530 Subject: [PATCH 03/19] feat: updated terraform_workflow yml --- .github/workflows/terraform.yml | 24 +++----------------- .github/workflows/terraform_workflow.yml | 28 ++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 21 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index bb85f5fb..a2ec983f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -27,15 +27,6 @@ on: AZURE_CREDENTIALS: required: false description: Azure Credentials to install Azure in github runner. - AZURE_CLIENT_ID: - required: false - description: 'Client ID for service principal in Azure.' - AZURE_SUBSCRIPTION_ID: - required: false - description: 'Subscription ID in Azure.' - AZURE_TENANT_ID: - required: false - description: 'Tenant ID of Azure.' AWS_ACCESS_KEY_ID: required: false description: AWS Access Key ID to install AWS CLI. @@ -55,22 +46,13 @@ on: required: false description: Terraform cloud token if your backend is terraform cloud. -#Special permissions required for OIDC authentication for Azure -permissions: - id-token: write - contents: read - pull-requests: write - jobs: terraform-checks: name: 'Terraform Validate, Init and Plan' runs-on: ubuntu-latest env: - # This is needed since we are running terraform with Azure - ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} - ARM_SKIP_PROVIDER_REGISTRATION: true + # This is needed since we are running terraform with read-only permissions + ARM_SKIP_PROVIDER_REGISTRATION: true outputs: tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }} @@ -151,4 +133,4 @@ jobs: else exit 0 fi -... +... \ No newline at end of file diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index f1d850c2..3bc57bb0 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -70,6 +70,17 @@ on: AZURE_CREDENTIALS: required: false description: 'Azure Credentials to install Azure in github runner.' + AZURE_CLIENT_ID: + required: false + description: 'Client ID for service principal in Azure.' + AZURE_SUBSCRIPTION_ID: + required: false + description: 'Subscription ID in Azure.' + AZURE_TENANT_ID: + required: false + SUBSCRIPTION_ID: + required: false + description: 'Subscription ID of Azure.' AWS_ACCESS_KEY_ID: required: false description: 'AWS Access Key ID to install AWS CLI.' @@ -165,8 +176,13 @@ jobs: actions_subcommand: 'fmt' path: ${{ inputs.working_directory }} + - name: terraform init run: | + export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" cd ${{ inputs.working_directory }} terraform init @@ -182,6 +198,10 @@ jobs: run: | export exitcode=0 cd ${{ inputs.working_directory }} + export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" if [ "${{ inputs.destroy }}" = true ]; then if [ -n "${{ inputs.var_file }}" ]; then terraform plan -destroy -out tfplan --var-file=${{ inputs.var_file }} @@ -230,6 +250,10 @@ jobs: - name: terraform apply if: ${{ inputs.destroy != true }} run: | + export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} terraform apply -var-file="${{ inputs.var_file }}" -auto-approve @@ -260,6 +284,10 @@ jobs: if: ${{ inputs.destroy == true }} id: destroy run: | + export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} terraform destroy -var-file="${{ inputs.var_file }}" -auto-approve From 32e608059f4903e109623a06d6a8069384580b29 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Mon, 13 Jan 2025 18:28:40 +0530 Subject: [PATCH 04/19] feat: updated terraformworkflow yaml --- .github/workflows/terraform_workflow.yml | 37 ++++++++++++------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 3bc57bb0..361516d0 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -78,9 +78,10 @@ on: description: 'Subscription ID in Azure.' AZURE_TENANT_ID: required: false - SUBSCRIPTION_ID: + description: 'Tenant ID in Azure.' + AZURE_CLIENT_SECRET: required: false - description: 'Subscription ID of Azure.' + description: 'Client Secret for the Azure app registration.' AWS_ACCESS_KEY_ID: required: false description: 'AWS Access Key ID to install AWS CLI.' @@ -179,10 +180,10 @@ jobs: - name: terraform init run: | - export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" - export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" - export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" - export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" + export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" cd ${{ inputs.working_directory }} terraform init @@ -198,10 +199,10 @@ jobs: run: | export exitcode=0 cd ${{ inputs.working_directory }} - export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" - export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" - export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" - export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" + export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" if [ "${{ inputs.destroy }}" = true ]; then if [ -n "${{ inputs.var_file }}" ]; then terraform plan -destroy -out tfplan --var-file=${{ inputs.var_file }} @@ -250,10 +251,10 @@ jobs: - name: terraform apply if: ${{ inputs.destroy != true }} run: | - export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" - export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" - export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" - export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" + export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} terraform apply -var-file="${{ inputs.var_file }}" -auto-approve @@ -284,10 +285,10 @@ jobs: if: ${{ inputs.destroy == true }} id: destroy run: | - export ARM_CLIENT_ID="${{ secrets.CLIENT_ID }}" - export ARM_CLIENT_SECRET="${{ secrets.CLIENT_SECRET }}" - export ARM_TENANT_ID="${{ secrets.TENANT_ID }}" - export ARM_SUBSCRIPTION_ID="${{ secrets.SUBSCRIPTION_ID }}" + export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" + export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}" + export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}" + export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} terraform destroy -var-file="${{ inputs.var_file }}" -auto-approve From af90f87d0b0172ed8e53909227aded56d1f75183 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Wed, 15 Jan 2025 17:29:39 +0530 Subject: [PATCH 05/19] feat: removed checkout step --- .github/workflows/terraform_workflow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 361516d0..b3a1a5dd 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -117,8 +117,8 @@ jobs: tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }} steps: - - name: Checkout - uses: actions/checkout@v4 + # - name: Checkout + # uses: actions/checkout@v4 - name: Set environment variables run: | From ca1f647bbde95c1a6e50a4967b95493c6b2fe625 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Wed, 15 Jan 2025 23:29:42 +0530 Subject: [PATCH 06/19] feat: Added replace tokens --- .github/workflows/terraform_workflow.yml | 58 +++++++++++++++++++++++- 1 file changed, 56 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index b3a1a5dd..d45bae99 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -3,10 +3,44 @@ run-name: 'Terraform workflow' on: workflow_call: inputs: + replace_tokens: + required: true + type: boolean + default: true + description: 'Set true to replace tokens in the terraform files.' + environmentName: + required: false + type: string + default: "dev" + terraform_version: + required: false + type: string + default: "1.8.0" + region: + required: false + type: string + default: "canadaeast" working_directory: required: true type: string + default: "terraform/common" description: 'Root directory of the terraform where all resources exist.' + resourceName: + required: false + type: string + default: "moduletestref" + backend_rg_name: + required: false + type: string + default: "terraform-state-rg" + backend_sa_name: + required: false + type: string + default: "tfstatestorageaccountest" + backend_container_name: + required: false + type: string + default: "terraform-state" provider: required: true type: string @@ -117,8 +151,28 @@ jobs: tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }} steps: - # - name: Checkout - # uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@v4 + + - name: Update environment variables + if: ${{ inputs.replace_tokens == true }} + uses: cschleiden/replace-tokens@v1 + with: + tokenPrefix: '#{' + tokenSuffix: '}#' + files: '["${{ inputs.working_directory }}/main.tf", "${{ inputs.working_directory }}/backend.tf"]' + env: + RESOURCE_NAME: ${{ inputs.resourceName }} + SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" + ENV_NAME: ${{ inputs.environmentName }} + REPLACE_REGION: ${{ inputs.region }} + CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" + CLIENT_SECRET: "${{ secrets.AZURE_CLIENT_SECRET }}" + TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" + BACKEND_RG_NAME: ${{ inputs.backend_rg_name }} + BACKEND_SA_NAME: ${{ inputs.backend_sa_name }} + BACKEND_CONTAINER_NAME: ${{ inputs.backend_container_name }} + - name: Set environment variables run: | From 185e8495366a709db5dd8ccd814fe0115afe2bce Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 15:15:59 +0530 Subject: [PATCH 07/19] feat: removed unused values --- .github/workflows/terraform_workflow.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index d45bae99..491e2d75 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -6,7 +6,6 @@ on: replace_tokens: required: true type: boolean - default: true description: 'Set true to replace tokens in the terraform files.' environmentName: required: false @@ -23,7 +22,6 @@ on: working_directory: required: true type: string - default: "terraform/common" description: 'Root directory of the terraform where all resources exist.' resourceName: required: false From 2fce5d34b5a036de97b88541df390ec8fc6e2c62 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 15:20:04 +0530 Subject: [PATCH 08/19] feat: removed unused values --- .github/workflows/terraform_workflow.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 491e2d75..1782c580 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -229,7 +229,6 @@ jobs: actions_subcommand: 'fmt' path: ${{ inputs.working_directory }} - - name: terraform init run: | export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}" From b7800d464dc6386d60b0d075c3d81bc2d7850b1e Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 15:23:53 +0530 Subject: [PATCH 09/19] feat: removed duplicate variable --- .github/workflows/terraform_workflow.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 1782c580..4b6b8a0a 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -11,10 +11,6 @@ on: required: false type: string default: "dev" - terraform_version: - required: false - type: string - default: "1.8.0" region: required: false type: string From 7605daa5e7de1ed49786ec5a47c0e03ddf8b5102 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 15:52:04 +0530 Subject: [PATCH 10/19] feat: removed the artificat upload to the directory --- .github/workflows/terraform_workflow.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 4b6b8a0a..59dc96e7 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -264,11 +264,11 @@ jobs: fi fi - - name: Publish Terraform Plan - uses: actions/upload-artifact@v4 - with: - name: tfplan - path: ${{ inputs.working_directory }}/tfplan + # - name: Publish Terraform Plan + # uses: actions/upload-artifact@v4 + # with: + # name: tfplan + # path: ${{ inputs.working_directory }}/tfplan - name: Create String Output id: tf-plan-string From ab9765cf090752042e84f3a5fd75bcff24630696 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 16:10:25 +0530 Subject: [PATCH 11/19] feat: Added min approvals --- .github/workflows/terraform_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 59dc96e7..dfd033d9 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -72,7 +72,7 @@ on: description: 'Timeout for approval step' minimum-approvals: required: false - type: string + type: number default: 1 description: 'Minimum approvals required to accept the plan' token_format: From b984d9afab8cd7d1f03349ca9dac58dbe8a79e47 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 16:23:20 +0530 Subject: [PATCH 12/19] feat: updated default value of min approvers to 0 --- .github/workflows/terraform_workflow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index dfd033d9..1bf07c2e 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -73,7 +73,7 @@ on: minimum-approvals: required: false type: number - default: 1 + default: 0 description: 'Minimum approvals required to accept the plan' token_format: required: false From 76de57588ed4b3329d292da2cd8cfe347aef251c Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 16:31:25 +0530 Subject: [PATCH 13/19] feat: added skip_approval parameter --- .github/workflows/terraform_workflow.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 1bf07c2e..33ac6c5d 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -73,8 +73,13 @@ on: minimum-approvals: required: false type: number - default: 0 + default: 1 description: 'Minimum approvals required to accept the plan' + skip_approval: + required: false + type: boolean + default: false + description: 'Set true to skip approval step' token_format: required: false type: string @@ -287,6 +292,7 @@ jobs: echo "${delimiter}" >> $GITHUB_OUTPUT - name: "Accept plan or deny" + if: ${{ inputs.skip_approval == false }} uses: trstringer/manual-approval@v1 timeout-minutes: ${{ inputs.timeout }} with: From de96951b441930749a59760fb41eca5c4e40bfe3 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 18:57:35 +0530 Subject: [PATCH 14/19] feat: removed replace tokens and unused code --- .github/workflows/terraform_workflow.yml | 53 ------------------------ 1 file changed, 53 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 33ac6c5d..efa504ce 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -3,38 +3,10 @@ run-name: 'Terraform workflow' on: workflow_call: inputs: - replace_tokens: - required: true - type: boolean - description: 'Set true to replace tokens in the terraform files.' - environmentName: - required: false - type: string - default: "dev" - region: - required: false - type: string - default: "canadaeast" working_directory: required: true type: string description: 'Root directory of the terraform where all resources exist.' - resourceName: - required: false - type: string - default: "moduletestref" - backend_rg_name: - required: false - type: string - default: "terraform-state-rg" - backend_sa_name: - required: false - type: string - default: "tfstatestorageaccountest" - backend_container_name: - required: false - type: string - default: "terraform-state" provider: required: true type: string @@ -153,26 +125,6 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Update environment variables - if: ${{ inputs.replace_tokens == true }} - uses: cschleiden/replace-tokens@v1 - with: - tokenPrefix: '#{' - tokenSuffix: '}#' - files: '["${{ inputs.working_directory }}/main.tf", "${{ inputs.working_directory }}/backend.tf"]' - env: - RESOURCE_NAME: ${{ inputs.resourceName }} - SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" - ENV_NAME: ${{ inputs.environmentName }} - REPLACE_REGION: ${{ inputs.region }} - CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" - CLIENT_SECRET: "${{ secrets.AZURE_CLIENT_SECRET }}" - TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" - BACKEND_RG_NAME: ${{ inputs.backend_rg_name }} - BACKEND_SA_NAME: ${{ inputs.backend_sa_name }} - BACKEND_CONTAINER_NAME: ${{ inputs.backend_container_name }} - - - name: Set environment variables run: | ( @@ -269,11 +221,6 @@ jobs: fi fi - # - name: Publish Terraform Plan - # uses: actions/upload-artifact@v4 - # with: - # name: tfplan - # path: ${{ inputs.working_directory }}/tfplan - name: Create String Output id: tf-plan-string From ffe5de0c03f91d7c025859ac14f6524593394622 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 19:09:43 +0530 Subject: [PATCH 15/19] feat: Added slack webhook support --- .github/workflows/terraform_workflow.yml | 27 ++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index efa504ce..6805c9ef 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -114,6 +114,9 @@ on: SERVICE_ACCOUNT: required: false description: 'The service account to be used' + SLACK_WEBHOOK: + description: "Slack webhook URL" + required: true jobs: terraform-workflow: @@ -296,4 +299,28 @@ jobs: cd ${{ inputs.working_directory }} terraform destroy -auto-approve fi + + - name: Notify Slack + if: ${{ always() }} + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + run: | + if [ "${{ job.status }}" == "success" ]; then + STATUS="Success ✅" + COLOR="good" + MESSAGE="Terraform deployment completed successfully." + else + STATUS="Failed ❌" + COLOR="danger" + MESSAGE="Terraform deployment failed. Check logs for details." + fi + + RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + + curl -X POST -H 'Content-type: application/json' \ + --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ + --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ + --arg run_url "$RUN_URL" \ + '{attachments: [{color: $color, title: ("Terraform Deployment: " + $status), text: $message, fields: [{title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ + $SLACK_WEBHOOK_URL ... From fee58ed3d05f772de9a541cbad00d78b9e3b47fc Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 23:18:59 +0530 Subject: [PATCH 16/19] feat: Added slack notif support for both apply and destroy --- .github/workflows/terraform_workflow.yml | 77 +++++++++++++++++------- 1 file changed, 56 insertions(+), 21 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 6805c9ef..ef7ee058 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -300,27 +300,62 @@ jobs: terraform destroy -auto-approve fi - - name: Notify Slack - if: ${{ always() }} - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - run: | - if [ "${{ job.status }}" == "success" ]; then - STATUS="Success ✅" - COLOR="good" - MESSAGE="Terraform deployment completed successfully." - else - STATUS="Failed ❌" - COLOR="danger" - MESSAGE="Terraform deployment failed. Check logs for details." - fi + # - name: Notify Slack + # if: ${{ always() }} + # env: + # SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + # run: | + # if [ "${{ job.status }}" == "success" ]; then + # STATUS="Success ✅" + # COLOR="good" + # MESSAGE="Terraform deployment completed successfully." + # else + # STATUS="Failed ❌" + # COLOR="danger" + # MESSAGE="Terraform deployment failed. Check logs for details." + # fi + + # RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + # curl -X POST -H 'Content-type: application/json' \ + # --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ + # --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ + # --arg run_url "$RUN_URL" \ + # '{attachments: [{color: $color, title: ("Terraform Deployment: " + $status), text: $message, fields: [{title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ + # $SLACK_WEBHOOK_URL - curl -X POST -H 'Content-type: application/json' \ - --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ - --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ - --arg run_url "$RUN_URL" \ - '{attachments: [{color: $color, title: ("Terraform Deployment: " + $status), text: $message, fields: [{title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ - $SLACK_WEBHOOK_URL + - name: Notify Slack + if: ${{ always() }} + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + run: | + # Determine the operation type (apply or destroy) using a custom environment variable or flag + if [[ "${{ inputs.destroy }}" == "true" ]]; then + OPERATION="Destroy" + else + OPERATION="Apply" + fi + + # Check the job status + if [ "${{ job.status }}" == "success" ]; then + STATUS="Success ✅" + COLOR="good" + MESSAGE="Terraform $OPERATION completed successfully." + else + STATUS="Failed ❌" + COLOR="danger" + MESSAGE="Terraform $OPERATION failed. Check logs for details." + fi + + # Create the Run URL + RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + + # Send the notification to Slack + curl -X POST -H 'Content-type: application/json' \ + --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ + --arg operation "$OPERATION" --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ + --arg run_url "$RUN_URL" \ + '{attachments: [{color: $color, title: ("Terraform " + $operation + ": " + $status), text: $message, fields: [{title: "Operation", value: $operation, short: true}, {title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ + $SLACK_WEBHOOK_URL + ... From 81a95d7e5570eba07de4c0f901ea94a262332931 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 23:21:21 +0530 Subject: [PATCH 17/19] feat: fixed indentation --- .github/workflows/terraform_workflow.yml | 66 ++++++++++++------------ 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index ef7ee058..b87f9690 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -325,37 +325,37 @@ jobs: # $SLACK_WEBHOOK_URL - name: Notify Slack - if: ${{ always() }} - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - run: | - # Determine the operation type (apply or destroy) using a custom environment variable or flag - if [[ "${{ inputs.destroy }}" == "true" ]]; then - OPERATION="Destroy" - else - OPERATION="Apply" - fi - - # Check the job status - if [ "${{ job.status }}" == "success" ]; then - STATUS="Success ✅" - COLOR="good" - MESSAGE="Terraform $OPERATION completed successfully." - else - STATUS="Failed ❌" - COLOR="danger" - MESSAGE="Terraform $OPERATION failed. Check logs for details." - fi - - # Create the Run URL - RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - - # Send the notification to Slack - curl -X POST -H 'Content-type: application/json' \ - --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ - --arg operation "$OPERATION" --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ - --arg run_url "$RUN_URL" \ - '{attachments: [{color: $color, title: ("Terraform " + $operation + ": " + $status), text: $message, fields: [{title: "Operation", value: $operation, short: true}, {title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ - $SLACK_WEBHOOK_URL - + if: ${{ always() }} + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} + run: | + # Determine the operation type (apply or destroy) using a custom environment variable or flag + if [[ "${{ inputs.destroy }}" == "true" ]]; then + OPERATION="Destroy" + else + OPERATION="Apply" + fi + + # Check the job status + if [ "${{ job.status }}" == "success" ]; then + STATUS="Success ✅" + COLOR="good" + MESSAGE="Terraform $OPERATION completed successfully." + else + STATUS="Failed ❌" + COLOR="danger" + MESSAGE="Terraform $OPERATION failed. Check logs for details." + fi + + # Create the Run URL + RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" + + # Send the notification to Slack + curl -X POST -H 'Content-type: application/json' \ + --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ + --arg operation "$OPERATION" --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ + --arg run_url "$RUN_URL" \ + '{attachments: [{color: $color, title: ("Terraform " + $operation + ": " + $status), text: $message, fields: [{title: "Operation", value: $operation, short: true}, {title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ + $SLACK_WEBHOOK_URL + ... From 3f24d206d03d2286253821ccc0fe558e52e5030b Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Thu, 16 Jan 2025 23:33:43 +0530 Subject: [PATCH 18/19] feat: Removed unused workflow code --- .github/workflows/terraform_workflow.yml | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index b87f9690..c10f1e5f 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -300,30 +300,6 @@ jobs: terraform destroy -auto-approve fi - # - name: Notify Slack - # if: ${{ always() }} - # env: - # SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }} - # run: | - # if [ "${{ job.status }}" == "success" ]; then - # STATUS="Success ✅" - # COLOR="good" - # MESSAGE="Terraform deployment completed successfully." - # else - # STATUS="Failed ❌" - # COLOR="danger" - # MESSAGE="Terraform deployment failed. Check logs for details." - # fi - - # RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - - # curl -X POST -H 'Content-type: application/json' \ - # --data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \ - # --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \ - # --arg run_url "$RUN_URL" \ - # '{attachments: [{color: $color, title: ("Terraform Deployment: " + $status), text: $message, fields: [{title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \ - # $SLACK_WEBHOOK_URL - - name: Notify Slack if: ${{ always() }} env: From 51db62587d8185db23afea987dd0a37147da7b02 Mon Sep 17 00:00:00 2001 From: Tanishdrove Date: Fri, 17 Jan 2025 00:10:38 +0530 Subject: [PATCH 19/19] feat: Added parallelism parameter for tf apply and destroy --- .github/workflows/terraform_workflow.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index c10f1e5f..5164b08a 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -260,10 +260,10 @@ jobs: export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} - terraform apply -var-file="${{ inputs.var_file }}" -auto-approve + terraform apply -var-file="${{ inputs.var_file }}" -auto-approve -parallelism=5 else cd ${{ inputs.working_directory }} - terraform apply -auto-approve + terraform apply -auto-approve -parallelism=5 fi - name: Find Errored Terraform State @@ -294,10 +294,10 @@ jobs: export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}" if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} - terraform destroy -var-file="${{ inputs.var_file }}" -auto-approve + terraform destroy -var-file="${{ inputs.var_file }}" -auto-approve -parallelism=5 else cd ${{ inputs.working_directory }} - terraform destroy -auto-approve + terraform destroy -auto-approve -parallelism=5 fi - name: Notify Slack