From 4f25818d54ee187164ffd3885a632678e9d69c8e Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Sun, 5 Jan 2025 19:50:24 +0100 Subject: [PATCH 01/52] initialize --- README.md | 4 ++-- terraform/terraform.tf | 6 +++--- terraform/variables.tf | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index dcd659f7e..911542785 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ -# Terraform code +# Terraform code ## Maintain vpc & eks with terraform for vprofile project ## Tools required Terraform version 1.6.3 -### Steps +### Steps from scratch * terraform init * terraform fmt -check * terraform validate diff --git a/terraform/terraform.tf b/terraform/terraform.tf index 67b75c673..a7e965cb6 100644 --- a/terraform/terraform.tf +++ b/terraform/terraform.tf @@ -27,9 +27,9 @@ terraform { } backend "s3" { - bucket = "gitopsterrastate" - key = "terraform.tfstate" - region = "us-east-2" + bucket = "vprofileaction3" + key = "dev/terraform.tfstate" + region = "us-east-1" } required_version = "~> 1.6.3" diff --git a/terraform/variables.tf b/terraform/variables.tf index a41d982a0..d19424a8e 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -1,11 +1,11 @@ variable "region" { description = "AWS region" type = string - default = "us-east-2" + default = "us-east-1" } variable "clusterName" { description = "Name of the EKS cluster" type = string - default = "kitops-eks" + default = "vprofile-eks" } From 3c4e8a355c3035ffee8addc6641b554caa3522f1 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Sun, 5 Jan 2025 21:05:00 +0100 Subject: [PATCH 02/52] add github action folder --- .github/workflows/terraform.yaml | 57 ++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/terraform.yaml diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml new file mode 100644 index 000000000..560416f96 --- /dev/null +++ b/.github/workflows/terraform.yaml @@ -0,0 +1,57 @@ +name: "Vprofile IAC" + +on: + push: + branches: + - main + - stage + paths: + - terraform/** + pull_request: + branches: + - main + paths: + - terraform/** +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks + +jobs: + terraform: + name: "Apply terraform code changes" + runs-on: ubuntu-latest + defaults: + run: + shell: bash + working-directory: ./terraform + steps: + - name: Checkout source code + uses: actions/checkout@v4 + - name: Setup terraform with specified version on the runner + uses: hashicorp/setup-terraform@v1 + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check + - name: Terraform validate + id: validate + run: terraform validate + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false -out plan.out + continue-on-error: true + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + From 4686681a743078887075b3affd1f4220a74cd86e Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Sun, 5 Jan 2025 21:06:30 +0100 Subject: [PATCH 03/52] add github action folder --- .github/workflows/{terraform.yaml => terraform.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{terraform.yaml => terraform.yml} (100%) diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yml similarity index 100% rename from .github/workflows/terraform.yaml rename to .github/workflows/terraform.yml From f0c1882fe6ec5e440265ad9a108e181dd8760c6a Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 21:13:32 +0100 Subject: [PATCH 04/52] Create main.yml --- .github/workflows/main.yml | 57 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 000000000..560416f96 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,57 @@ +name: "Vprofile IAC" + +on: + push: + branches: + - main + - stage + paths: + - terraform/** + pull_request: + branches: + - main + paths: + - terraform/** +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks + +jobs: + terraform: + name: "Apply terraform code changes" + runs-on: ubuntu-latest + defaults: + run: + shell: bash + working-directory: ./terraform + steps: + - name: Checkout source code + uses: actions/checkout@v4 + - name: Setup terraform with specified version on the runner + uses: hashicorp/setup-terraform@v1 + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check + - name: Terraform validate + id: validate + run: terraform validate + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false -out plan.out + continue-on-error: true + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + From 725b946a8858287a5770a9ca3cd0b1d7cc3eb27e Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 21:14:47 +0100 Subject: [PATCH 05/52] Delete .github/workflows directory --- .github/workflows/main.yml | 57 -------------------------------------- 1 file changed, 57 deletions(-) delete mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 560416f96..000000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: "Vprofile IAC" - -on: - push: - branches: - - main - - stage - paths: - - terraform/** - pull_request: - branches: - - main - paths: - - terraform/** -env: - AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} - BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} - AWS_REGION: us-east-1 - EKS_CLUSTER: vprofile-eks - -jobs: - terraform: - name: "Apply terraform code changes" - runs-on: ubuntu-latest - defaults: - run: - shell: bash - working-directory: ./terraform - steps: - - name: Checkout source code - uses: actions/checkout@v4 - - name: Setup terraform with specified version on the runner - uses: hashicorp/setup-terraform@v1 - - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - id: init - run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - id: fmt - run: terraform fmt -check - - name: Terraform validate - id: validate - run: terraform validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - id: plan - run: terraform plan -no-color -input=false -out plan.out - continue-on-error: true - - name: Terraform plan status - if: steps.plan.outcome == 'failure' - run: exit 1 - From 723e7cd82746aadc72e6a7dab0f393389987b1ab Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:13:48 +0100 Subject: [PATCH 06/52] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 911542785..1fcc8949f 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Terraform version 1.6.3 * terraform init * terraform fmt -check * terraform validate -* terraform plan -out planfile +* terraform plan -no-color -out planfile * terraform apply -auto-approve -input=false -parallelism=1 planfile #### ##### From 2c6263b4081b1e3d62c069be086f1d0a18b91e3e Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:16:18 +0100 Subject: [PATCH 07/52] Create terraform.yml --- .github/workflows/terraform.yml | 93 +++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 000000000..540e8040b --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,93 @@ +# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file +# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run +# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events +# to the "main" branch, `terraform apply` will be executed. +# +# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform +# +# To use this workflow, you will need to complete the following setup steps. +# +# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. +# Example `main.tf`: +# # The configuration for the `remote` backend. +# terraform { +# backend "remote" { +# # The name of your Terraform Cloud organization. +# organization = "example-organization" +# +# # The name of the Terraform Cloud workspace to store Terraform state files in. +# workspaces { +# name = "example-workspace" +# } +# } +# } +# +# # An example resource that does nothing. +# resource "null_resource" "example" { +# triggers = { +# value = "A example resource that does nothing!" +# } +# } +# +# +# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. +# Documentation: +# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html +# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets +# +# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. +# Example: +# - name: Setup Terraform +# uses: hashicorp/setup-terraform@v1 +# with: +# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + +name: 'Terraform' + +on: + push: + branches: [ "main" ] + pull_request: + +permissions: + contents: read + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + environment: production + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + defaults: + run: + shell: bash + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v4 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: terraform init + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + run: terraform fmt -check + + # Generates an execution plan for Terraform + - name: Terraform Plan + run: terraform plan -input=false + + # On push to "main", build or change infrastructure according to Terraform configuration files + # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks + - name: Terraform Apply + if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false From 4f99cffed888d0d812b6ef561c15e7e6e0d8b22e Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:25:42 +0100 Subject: [PATCH 08/52] Update terraform.yml --- .github/workflows/terraform.yml | 128 ++++++++++++-------------------- 1 file changed, 46 insertions(+), 82 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 540e8040b..74d3d97a2 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,93 +1,57 @@ -# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file -# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run -# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events -# to the "main" branch, `terraform apply` will be executed. -# -# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform -# -# To use this workflow, you will need to complete the following setup steps. -# -# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. -# Example `main.tf`: -# # The configuration for the `remote` backend. -# terraform { -# backend "remote" { -# # The name of your Terraform Cloud organization. -# organization = "example-organization" -# -# # The name of the Terraform Cloud workspace to store Terraform state files in. -# workspaces { -# name = "example-workspace" -# } -# } -# } -# -# # An example resource that does nothing. -# resource "null_resource" "example" { -# triggers = { -# value = "A example resource that does nothing!" -# } -# } -# -# -# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. -# Documentation: -# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html -# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets -# -# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. -# Example: -# - name: Setup Terraform -# uses: hashicorp/setup-terraform@v1 -# with: -# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - -name: 'Terraform' +name: "Vprofile IAC" on: + push: - branches: [ "main" ] - pull_request: - -permissions: - contents: read + branches: + - main + - stage + paths: + - terraform/** + pull_request: + branches: + - main + paths: + - terraform/** +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks jobs: terraform: - name: 'Terraform' + name: "Apply terraform code changes" runs-on: ubuntu-latest - environment: production - - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash - + working-directory: ./terraform steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v4 - - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - run: terraform init - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - run: terraform fmt -check - - # Generates an execution plan for Terraform - - name: Terraform Plan - run: terraform plan -input=false - - # On push to "main", build or change infrastructure according to Terraform configuration files - # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - - name: Terraform Apply - if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false + - name: Checkout source code + uses: actions/checkout@v4 + - name: Setup terraform with specified version on the runner + uses: hashicorp/setup-terraform@v1 + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check + - name: Terraform validate + id: validate + run: terraform validate + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false -out plan.out + continue-on-error: true + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + From cc684210b3caaabdd002989ce9b39cc6914323d7 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:26:13 +0100 Subject: [PATCH 09/52] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dcd659f7e..90c39dcac 100644 --- a/README.md +++ b/README.md @@ -11,5 +11,5 @@ Terraform version 1.6.3 * terraform validate * terraform plan -out planfile * terraform apply -auto-approve -input=false -parallelism=1 planfile -#### +##### ##### From 83d1b345b8fedcad3a1f4a89cea7917b527772c6 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:31:14 +0100 Subject: [PATCH 10/52] Update terraform.yml --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 74d3d97a2..085cb580f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,4 +1,4 @@ -name: "Vprofile IAC" +name: "Vprofile-IAC" on: From 993b28642339443921af8c7013ee2e42c4b9ac27 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:37:46 +0100 Subject: [PATCH 11/52] Delete .github/workflows directory --- .github/workflows/terraform.yml | 57 --------------------------------- 1 file changed, 57 deletions(-) delete mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 085cb580f..000000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: "Vprofile-IAC" - -on: - - push: - branches: - - main - - stage - paths: - - terraform/** - pull_request: - branches: - - main - paths: - - terraform/** -env: - AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} - BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} - AWS_REGION: us-east-1 - EKS_CLUSTER: vprofile-eks - -jobs: - terraform: - name: "Apply terraform code changes" - runs-on: ubuntu-latest - defaults: - run: - shell: bash - working-directory: ./terraform - steps: - - name: Checkout source code - uses: actions/checkout@v4 - - name: Setup terraform with specified version on the runner - uses: hashicorp/setup-terraform@v1 - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - id: init - run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - id: fmt - run: terraform fmt -check - - name: Terraform validate - id: validate - run: terraform validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - id: plan - run: terraform plan -no-color -input=false -out plan.out - continue-on-error: true - - name: Terraform plan status - if: steps.plan.outcome == 'failure' - run: exit 1 - From 5d78cc06dbeb0711267794ba1675a9c8886cdc80 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:40:25 +0100 Subject: [PATCH 12/52] Create terraform.yml --- .github/workflows/terraform.yml | 107 ++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 000000000..8521b0b34 --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,107 @@ +# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file +# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run +# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events +# to the "main" branch, `terraform apply` will be executed. +# +# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform +# +# To use this workflow, you will need to complete the following setup steps. +# +# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. +# Example `main.tf`: +# # The configuration for the `remote` backend. +# terraform { +# backend "remote" { +# # The name of your Terraform Cloud organization. +# organization = "example-organization" +# +# # The name of the Terraform Cloud workspace to store Terraform state files in. +# workspaces { +# name = "example-workspace" +# } +# } +# } +# +# # An example resource that does nothing. +# resource "null_resource" "example" { +# triggers = { +# value = "A example resource that does nothing!" +# } +# } +# +# +# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. +# Documentation: +# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html +# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets +# +# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. +# Example: +# - name: Setup Terraform +# uses: hashicorp/setup-terraform@v1 +# with: +# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + +name: 'Terraform' +on: + + push: + branches: + - main + - stage + paths: + - terraform/** + pull_request: + branches: + - main + paths: + - terraform/** +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks + +jobs: + terraform: + name: "Apply terraform code changes" + runs-on: ubuntu-latest + defaults: + run: + shell: bash + working-directory: ./terraform + steps: + - name: Checkout source code + uses: actions/checkout@v4 + - name: Setup terraform with specified version on the runner + uses: hashicorp/setup-terraform@v1 + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check + - name: Terraform validate + id: validate + run: terraform validate + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false -out plan.out + continue-on-error: true + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + + + + # On push to "main", build or change infrastructure according to Terraform configuration files + # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks + - name: Terraform Apply + if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false From 22c374f98a427fbb2ed1f48b4ec5d3d16b38941c Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:41:26 +0100 Subject: [PATCH 13/52] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 90c39dcac..236af885e 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Tools required Terraform version 1.6.3 -### Steps +#### Steps * terraform init * terraform fmt -check * terraform validate From b3d2a5941da079d1514e5b6c2b1e43cae84365cb Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:45:02 +0100 Subject: [PATCH 14/52] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 236af885e..c7e3011c8 100644 --- a/README.md +++ b/README.md @@ -11,5 +11,5 @@ Terraform version 1.6.3 * terraform validate * terraform plan -out planfile * terraform apply -auto-approve -input=false -parallelism=1 planfile -##### +###### ##### From b9fe28a7bdc6d6b8fde6c7daa4797b44fb51234a Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:45:47 +0100 Subject: [PATCH 15/52] Delete .github/workflows directory --- .github/workflows/terraform.yml | 107 -------------------------------- 1 file changed, 107 deletions(-) delete mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 8521b0b34..000000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,107 +0,0 @@ -# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file -# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run -# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events -# to the "main" branch, `terraform apply` will be executed. -# -# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform -# -# To use this workflow, you will need to complete the following setup steps. -# -# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. -# Example `main.tf`: -# # The configuration for the `remote` backend. -# terraform { -# backend "remote" { -# # The name of your Terraform Cloud organization. -# organization = "example-organization" -# -# # The name of the Terraform Cloud workspace to store Terraform state files in. -# workspaces { -# name = "example-workspace" -# } -# } -# } -# -# # An example resource that does nothing. -# resource "null_resource" "example" { -# triggers = { -# value = "A example resource that does nothing!" -# } -# } -# -# -# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. -# Documentation: -# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html -# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets -# -# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. -# Example: -# - name: Setup Terraform -# uses: hashicorp/setup-terraform@v1 -# with: -# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - -name: 'Terraform' -on: - - push: - branches: - - main - - stage - paths: - - terraform/** - pull_request: - branches: - - main - paths: - - terraform/** -env: - AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} - BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} - AWS_REGION: us-east-1 - EKS_CLUSTER: vprofile-eks - -jobs: - terraform: - name: "Apply terraform code changes" - runs-on: ubuntu-latest - defaults: - run: - shell: bash - working-directory: ./terraform - steps: - - name: Checkout source code - uses: actions/checkout@v4 - - name: Setup terraform with specified version on the runner - uses: hashicorp/setup-terraform@v1 - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - id: init - run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - id: fmt - run: terraform fmt -check - - name: Terraform validate - id: validate - run: terraform validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - id: plan - run: terraform plan -no-color -input=false -out plan.out - continue-on-error: true - - name: Terraform plan status - if: steps.plan.outcome == 'failure' - run: exit 1 - - - - # On push to "main", build or change infrastructure according to Terraform configuration files - # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - - name: Terraform Apply - if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false From 729cd041683bba1b047588dda4c9a926f88b8117 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:46:21 +0100 Subject: [PATCH 16/52] Create terraform.yml --- .github/workflows/terraform.yml | 93 +++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml new file mode 100644 index 000000000..540e8040b --- /dev/null +++ b/.github/workflows/terraform.yml @@ -0,0 +1,93 @@ +# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file +# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run +# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events +# to the "main" branch, `terraform apply` will be executed. +# +# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform +# +# To use this workflow, you will need to complete the following setup steps. +# +# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. +# Example `main.tf`: +# # The configuration for the `remote` backend. +# terraform { +# backend "remote" { +# # The name of your Terraform Cloud organization. +# organization = "example-organization" +# +# # The name of the Terraform Cloud workspace to store Terraform state files in. +# workspaces { +# name = "example-workspace" +# } +# } +# } +# +# # An example resource that does nothing. +# resource "null_resource" "example" { +# triggers = { +# value = "A example resource that does nothing!" +# } +# } +# +# +# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. +# Documentation: +# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html +# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets +# +# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. +# Example: +# - name: Setup Terraform +# uses: hashicorp/setup-terraform@v1 +# with: +# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + +name: 'Terraform' + +on: + push: + branches: [ "main" ] + pull_request: + +permissions: + contents: read + +jobs: + terraform: + name: 'Terraform' + runs-on: ubuntu-latest + environment: production + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + defaults: + run: + shell: bash + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v4 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: terraform init + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + run: terraform fmt -check + + # Generates an execution plan for Terraform + - name: Terraform Plan + run: terraform plan -input=false + + # On push to "main", build or change infrastructure according to Terraform configuration files + # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks + - name: Terraform Apply + if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false From 2f97ff52177f7b7730b7ec87a01e6e51c7b21975 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:46:59 +0100 Subject: [PATCH 17/52] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7e3011c8..e1c513cc0 100644 --- a/README.md +++ b/README.md @@ -12,4 +12,4 @@ Terraform version 1.6.3 * terraform plan -out planfile * terraform apply -auto-approve -input=false -parallelism=1 planfile ###### -##### +###### From f5a358918ee5222d45feb39ceed140a63bfdbaa2 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:48:52 +0100 Subject: [PATCH 18/52] Update terraform.yml --- .github/workflows/terraform.yml | 78 ++++++++++++++------------------- 1 file changed, 32 insertions(+), 46 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 560416f96..a86d977cd 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,57 +1,43 @@ -name: "Vprofile IAC" +name: 'Terraform' on: push: - branches: - - main - - stage - paths: - - terraform/** - pull_request: - branches: - - main - paths: - - terraform/** -env: - AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} - BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} - AWS_REGION: us-east-1 - EKS_CLUSTER: vprofile-eks + branches: [ "main" ] + pull_request: + +permissions: + contents: read jobs: terraform: - name: "Apply terraform code changes" + name: 'Terraform' runs-on: ubuntu-latest + environment: production + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash - working-directory: ./terraform + steps: - - name: Checkout source code - uses: actions/checkout@v4 - - name: Setup terraform with specified version on the runner - uses: hashicorp/setup-terraform@v1 - - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - id: init - run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - id: fmt - run: terraform fmt -check - - name: Terraform validate - id: validate - run: terraform validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - id: plan - run: terraform plan -no-color -input=false -out plan.out - continue-on-error: true - - name: Terraform plan status - if: steps.plan.outcome == 'failure' - run: exit 1 - + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v4 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: terraform init + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + run: terraform fmt -check + + # Generates an execution plan for Terraform + - name: Terraform Plan + run: terraform plan -input=false From 762c0248d963b4eda35162974778defcd00bfd24 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:49:50 +0100 Subject: [PATCH 19/52] Update terraform.yml --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 540e8040b..dac86113a 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -46,7 +46,7 @@ name: 'Terraform' on: push: - branches: [ "main" ] + branches: [ "main","stage" ] pull_request: permissions: From 25fe8ee42726602b9792b505c01e6b51a4936dd6 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:50:36 +0100 Subject: [PATCH 20/52] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1fcc8949f..755372123 100644 --- a/README.md +++ b/README.md @@ -11,5 +11,5 @@ Terraform version 1.6.3 * terraform validate * terraform plan -no-color -out planfile * terraform apply -auto-approve -input=false -parallelism=1 planfile -#### +##### ##### From 27e9796f5726049fef340afe3e5ede2be9e8a6be Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:51:35 +0100 Subject: [PATCH 21/52] Update terraform.yml --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index a86d977cd..40edde339 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -2,7 +2,7 @@ name: 'Terraform' on: push: - branches: [ "main" ] + branches: [ "main","stage" ] pull_request: permissions: From d0ef3e086542ab693ce1e4068dba9dc2e0eb8a62 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Sun, 5 Jan 2025 23:54:19 +0100 Subject: [PATCH 22/52] update the terraform.yml file --- .github/workflows/terraform.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 560416f96..60eb0baad 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,15 +1,13 @@ name: "Vprofile IAC" on: + push: - branches: - - main - - stage + branches: ["main","stage"] paths: - terraform/** pull_request: - branches: - - main + branches: ["main"] paths: - terraform/** env: @@ -32,7 +30,6 @@ jobs: uses: actions/checkout@v4 - name: Setup terraform with specified version on the runner uses: hashicorp/setup-terraform@v1 - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init id: init From dc902c5ccbb359728f6ed0861a46d7e1eb91ada2 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Sun, 5 Jan 2025 23:56:11 +0100 Subject: [PATCH 23/52] Delete .github/workflows directory --- .github/workflows/terraform.yml | 43 --------------------------------- 1 file changed, 43 deletions(-) delete mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index 40edde339..000000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: 'Terraform' - -on: - push: - branches: [ "main","stage" ] - pull_request: - -permissions: - contents: read - -jobs: - terraform: - name: 'Terraform' - runs-on: ubuntu-latest - environment: production - - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest - defaults: - run: - shell: bash - - steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v4 - - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - run: terraform init - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - run: terraform fmt -check - - # Generates an execution plan for Terraform - - name: Terraform Plan - run: terraform plan -input=false From fa3e80df9edad0fae61f83072c5192daab146b11 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:02:12 +0100 Subject: [PATCH 24/52] update --- .github/workflows/terraform.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 60eb0baad..a25659028 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -16,11 +16,13 @@ env: BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} AWS_REGION: us-east-1 EKS_CLUSTER: vprofile-eks - +permissions: + contents: read jobs: terraform: name: "Apply terraform code changes" runs-on: ubuntu-latest + environment: production defaults: run: shell: bash From 44da52194cb13132fcd92fdcdf0d1be178a6cae8 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:03:21 +0100 Subject: [PATCH 25/52] update --- .github/workflows/terraform.yml | 181 ++++++++++++++++++++++++-------- 1 file changed, 138 insertions(+), 43 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index a25659028..88e465755 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,56 +1,151 @@ -name: "Vprofile IAC" +# name: "Vprofile IAC" -on: +# on: +# push: +# branches: ["main","stage"] +# paths: +# - terraform/** +# pull_request: +# branches: ["main"] +# paths: +# - terraform/** +# env: +# AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} +# AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} +# BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} +# AWS_REGION: us-east-1 +# EKS_CLUSTER: vprofile-eks +# permissions: +# contents: read +# jobs: +# terraform: +# name: "Apply terraform code changes" +# runs-on: ubuntu-latest +# environment: production +# defaults: +# run: +# shell: bash +# working-directory: ./terraform +# steps: +# - name: Checkout source code +# uses: actions/checkout@v4 +# - name: Setup terraform with specified version on the runner +# uses: hashicorp/setup-terraform@v1 +# # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. +# - name: Terraform Init +# id: init +# run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + +# # Checks that all Terraform configuration files adhere to a canonical format +# - name: Terraform Format +# id: fmt +# run: terraform fmt -check +# - name: Terraform validate +# id: validate +# run: terraform validate + +# # Generates an execution plan for Terraform +# - name: Terraform Plan +# id: plan +# run: terraform plan -no-color -input=false -out plan.out +# continue-on-error: true +# - name: Terraform plan status +# if: steps.plan.outcome == 'failure' +# run: exit 1 + + + +# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file +# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run +# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events +# to the "main" branch, `terraform apply` will be executed. +# +# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform +# +# To use this workflow, you will need to complete the following setup steps. +# +# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. +# Example `main.tf`: +# # The configuration for the `remote` backend. +# terraform { +# backend "remote" { +# # The name of your Terraform Cloud organization. +# organization = "example-organization" +# +# # The name of the Terraform Cloud workspace to store Terraform state files in. +# workspaces { +# name = "example-workspace" +# } +# } +# } +# +# # An example resource that does nothing. +# resource "null_resource" "example" { +# triggers = { +# value = "A example resource that does nothing!" +# } +# } +# +# +# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. +# Documentation: +# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html +# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets +# +# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. +# Example: +# - name: Setup Terraform +# uses: hashicorp/setup-terraform@v1 +# with: +# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + +name: 'Terraform' + +on: push: - branches: ["main","stage"] - paths: - - terraform/** - pull_request: - branches: ["main"] - paths: - - terraform/** -env: - AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} - BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} - AWS_REGION: us-east-1 - EKS_CLUSTER: vprofile-eks + branches: [ "main","stage" ] + pull_request: + permissions: contents: read + jobs: terraform: - name: "Apply terraform code changes" + name: 'Terraform' runs-on: ubuntu-latest environment: production + + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash - working-directory: ./terraform + steps: - - name: Checkout source code - uses: actions/checkout@v4 - - name: Setup terraform with specified version on the runner - uses: hashicorp/setup-terraform@v1 - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - id: init - run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - id: fmt - run: terraform fmt -check - - name: Terraform validate - id: validate - run: terraform validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - id: plan - run: terraform plan -no-color -input=false -out plan.out - continue-on-error: true - - name: Terraform plan status - if: steps.plan.outcome == 'failure' - run: exit 1 - + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v4 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: terraform init + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + run: terraform fmt -check + + # Generates an execution plan for Terraform + - name: Terraform Plan + run: terraform plan -input=false + + # On push to "main", build or change infrastructure according to Terraform configuration files + # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks + - name: Terraform Apply + if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false \ No newline at end of file From 9ebc54b9647c569514ce9b8200ed7551f17a3932 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:06:02 +0100 Subject: [PATCH 26/52] update --- .github/workflows/terraform.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 88e465755..89d577699 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -109,6 +109,12 @@ on: permissions: contents: read +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks jobs: terraform: From e4a5bca20d6a5f0ea73098eb00484eafdaba594c Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:11:14 +0100 Subject: [PATCH 27/52] update --- .github/workflows/terraform.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 89d577699..59026674e 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -135,12 +135,13 @@ jobs: # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v1 - with: - cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + # with: + # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init + working-directory: ./terraform # Checks that all Terraform configuration files adhere to a canonical format - name: Terraform Format From e686909f3551c17304e325b437b621a053002f08 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:12:51 +0100 Subject: [PATCH 28/52] update --- .github/workflows/terraform.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 59026674e..c34c6806b 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -137,6 +137,8 @@ jobs: uses: hashicorp/setup-terraform@v1 # with: # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + with: + terraform_version: 1.6.3 # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init From 1e11732a14f686b8b253f6440c2efe79e3893e76 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:16:03 +0100 Subject: [PATCH 29/52] update --- .github/workflows/terraform.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index c34c6806b..ce0a0d424 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -121,11 +121,13 @@ jobs: name: 'Terraform' runs-on: ubuntu-latest environment: production + # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash + working-directory: ./terraform steps: # Checkout the repository to the GitHub Actions runner @@ -143,7 +145,7 @@ jobs: # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init run: terraform init - working-directory: ./terraform + # working-directory: ./terraform # Checks that all Terraform configuration files adhere to a canonical format - name: Terraform Format From 0d7560c7059b6848761ba449c367a94a6e3d8ff7 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:17:42 +0100 Subject: [PATCH 30/52] update --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index ce0a0d424..1d8b8f057 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -120,7 +120,7 @@ jobs: terraform: name: 'Terraform' runs-on: ubuntu-latest - environment: production + # environment: production # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest From 1380b04ff78a6aee59ecdc895bf693401fb5ded5 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:22:30 +0100 Subject: [PATCH 31/52] update --- .github/workflows/terraform.yml | 186 +++++++------------------------- 1 file changed, 40 insertions(+), 146 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 1d8b8f057..90b5c96c8 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -1,162 +1,56 @@ -# name: "Vprofile IAC" - -# on: - -# push: -# branches: ["main","stage"] -# paths: -# - terraform/** -# pull_request: -# branches: ["main"] -# paths: -# - terraform/** -# env: -# AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} -# AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} -# BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} -# AWS_REGION: us-east-1 -# EKS_CLUSTER: vprofile-eks -# permissions: -# contents: read -# jobs: -# terraform: -# name: "Apply terraform code changes" -# runs-on: ubuntu-latest -# environment: production -# defaults: -# run: -# shell: bash -# working-directory: ./terraform -# steps: -# - name: Checkout source code -# uses: actions/checkout@v4 -# - name: Setup terraform with specified version on the runner -# uses: hashicorp/setup-terraform@v1 -# # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. -# - name: Terraform Init -# id: init -# run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" - -# # Checks that all Terraform configuration files adhere to a canonical format -# - name: Terraform Format -# id: fmt -# run: terraform fmt -check -# - name: Terraform validate -# id: validate -# run: terraform validate - -# # Generates an execution plan for Terraform -# - name: Terraform Plan -# id: plan -# run: terraform plan -no-color -input=false -out plan.out -# continue-on-error: true -# - name: Terraform plan status -# if: steps.plan.outcome == 'failure' -# run: exit 1 - - - -# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file -# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run -# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events -# to the "main" branch, `terraform apply` will be executed. -# -# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform -# -# To use this workflow, you will need to complete the following setup steps. -# -# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. -# Example `main.tf`: -# # The configuration for the `remote` backend. -# terraform { -# backend "remote" { -# # The name of your Terraform Cloud organization. -# organization = "example-organization" -# -# # The name of the Terraform Cloud workspace to store Terraform state files in. -# workspaces { -# name = "example-workspace" -# } -# } -# } -# -# # An example resource that does nothing. -# resource "null_resource" "example" { -# triggers = { -# value = "A example resource that does nothing!" -# } -# } -# -# -# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. -# Documentation: -# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html -# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets -# -# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. -# Example: -# - name: Setup Terraform -# uses: hashicorp/setup-terraform@v1 -# with: -# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - -name: 'Terraform' +name: "Vprofile IAC" on: + push: - branches: [ "main","stage" ] - pull_request: - + branches: ["main","stage"] + pull_request: + branches: ["main"] +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks permissions: contents: read -env: - AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} - AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} - BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} - AWS_REGION: us-east-1 - EKS_CLUSTER: vprofile-eks - + jobs: terraform: - name: 'Terraform' + name: "Apply terraform code changes" runs-on: ubuntu-latest - # environment: production - - - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + environment: production defaults: run: shell: bash working-directory: ./terraform - steps: - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v4 - - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - # with: - # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - with: - terraform_version: 1.6.3 - - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - run: terraform init - # working-directory: ./terraform + - name: Checkout source code + uses: actions/checkout@v4 + - name: Setup terraform with specified version on the runner + uses: hashicorp/setup-terraform@v1 + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check + - name: Terraform validate + id: validate + run: terraform validate + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false -out plan.out + continue-on-error: true + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - run: terraform fmt -check - # Generates an execution plan for Terraform - - name: Terraform Plan - run: terraform plan -input=false - # On push to "main", build or change infrastructure according to Terraform configuration files - # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - - name: Terraform Apply - if: github.ref == 'refs/heads/"main"' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false \ No newline at end of file From bb005176690fc46538dbdeabbd9e3fe2d7642853 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:25:56 +0100 Subject: [PATCH 32/52] Implement the github action --- .github/workflows/terraform.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 90b5c96c8..92007797d 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -12,6 +12,7 @@ env: BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} AWS_REGION: us-east-1 EKS_CLUSTER: vprofile-eks + TF_VERSION: 1.6.3 permissions: contents: read @@ -29,6 +30,8 @@ jobs: uses: actions/checkout@v4 - name: Setup terraform with specified version on the runner uses: hashicorp/setup-terraform@v1 + with: + terraform_version: $TF_VERSION # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init id: init From 74530602a59f87c2221c62ad5c7143e580ce7f49 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:28:07 +0100 Subject: [PATCH 33/52] Implement the github action --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 92007797d..79e49252d 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -31,7 +31,7 @@ jobs: - name: Setup terraform with specified version on the runner uses: hashicorp/setup-terraform@v1 with: - terraform_version: $TF_VERSION + terraform_version: "$TF_VERSION" # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init id: init From a2cfb8060f53ba1cfd4b7a47b9c897c978d00368 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:30:08 +0100 Subject: [PATCH 34/52] Implement the github action --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 79e49252d..b3f95b716 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -31,7 +31,7 @@ jobs: - name: Setup terraform with specified version on the runner uses: hashicorp/setup-terraform@v1 with: - terraform_version: "$TF_VERSION" + terraform_version: "${{env.TF_VERSION}}" # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init id: init From 15d090773c86316472f2413911d0eda591a1ccca Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 00:49:03 +0100 Subject: [PATCH 35/52] Add aws credentials --- .github/workflows/terraform.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index b3f95b716..220afa436 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -28,6 +28,7 @@ jobs: steps: - name: Checkout source code uses: actions/checkout@v4 + - name: Setup terraform with specified version on the runner uses: hashicorp/setup-terraform@v1 with: @@ -41,6 +42,7 @@ jobs: - name: Terraform Format id: fmt run: terraform fmt -check + - name: Terraform validate id: validate run: terraform validate @@ -50,9 +52,23 @@ jobs: id: plan run: terraform plan -no-color -input=false -out plan.out continue-on-error: true + - name: Terraform plan status if: steps.plan.outcome == 'failure' run: exit 1 + + - name: Terraform apply + id: appl + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false -parallelism=1 plan.out + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{env.AWS_REGION}} + aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} + aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} + From a969b090965afa637895d1c3bba4eef678bdc674 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 01:09:36 +0100 Subject: [PATCH 36/52] Configure eks and add Ingress --- .github/workflows/terraform.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 220afa436..a1e419c69 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -69,6 +69,14 @@ jobs: aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} + - name: Get K8s config file + id: getconfig + if: steps.appl.outcome == 'success' + run: aws eks update-kubeconfig --region ${{env.AWS_REGION}} --name ${{env.EKS_CLUSTER}} + + - name: Install ingress controller + if: steps.appl.outcome == 'success' && steps.getconfig.outcome == 'success' + run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml From f299d4b5c9d9f6092f1f5e91de7f2bd513a75379 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 02:16:49 +0100 Subject: [PATCH 37/52] add checkov to scan terraform code --- .github/workflows/terraform.yml | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index a1e419c69..6998f97ee 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -17,10 +17,27 @@ permissions: contents: read jobs: - terraform: + scan-terraform-config: + name: "Scan terraform with Checkov" + runs-on: ubuntu-latest + + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Run Checkov + id: checkov + uses: bridgecrewio/checkov-action@master + with: + directory: ./terraform + soft_fail: true + + + + deploy-infra-terraform: name: "Apply terraform code changes" runs-on: ubuntu-latest - environment: production + #environment: production defaults: run: shell: bash From 433bb5067f4a633db9d477da1c271a06a0337807 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 02:21:36 +0100 Subject: [PATCH 38/52] add checkov to scan terraform code --- .github/workflows/terraform.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 6998f97ee..a200ab6f4 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -37,7 +37,8 @@ jobs: deploy-infra-terraform: name: "Apply terraform code changes" runs-on: ubuntu-latest - #environment: production + environment: production + needs: [scan-terraform-config] defaults: run: shell: bash From 3d3166d19937cb5b554da824f973f5d3edfca739 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 03:13:54 +0100 Subject: [PATCH 39/52] add checkov to scan terraform code --- .github/workflows/terraform.yml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index a200ab6f4..1fb2830a3 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -38,7 +38,7 @@ jobs: name: "Apply terraform code changes" runs-on: ubuntu-latest environment: production - needs: [scan-terraform-config] + needs: [scan-terraform-config] # create the dependance for the job 01 defaults: run: shell: bash @@ -75,6 +75,35 @@ jobs: if: steps.plan.outcome == 'failure' run: exit 1 + - name: Add terraform plan comment + id: comment + uses: actions/github-script@v6 + if: github.event_name == 'push' + env: + PLAN: "terraform\n${{steps.plan.outputs.stdout}}" + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }} + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`${process.env.PLAN}\`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform apply id: appl if: github.ref == 'refs/heads/main' && github.event_name == 'push' From decb74b766d2d9a886c41bcb7b1a65621efb858a Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 20:40:19 +0100 Subject: [PATCH 40/52] merging --- .github/workflows/terraform.yml | 130 ++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index e69de29bb..1fb2830a3 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -0,0 +1,130 @@ +name: "Vprofile IAC" + +on: + + push: + branches: ["main","stage"] + pull_request: + branches: ["main"] +env: + AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}} + AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}} + BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}} + AWS_REGION: us-east-1 + EKS_CLUSTER: vprofile-eks + TF_VERSION: 1.6.3 +permissions: + contents: read + +jobs: + scan-terraform-config: + name: "Scan terraform with Checkov" + runs-on: ubuntu-latest + + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Run Checkov + id: checkov + uses: bridgecrewio/checkov-action@master + with: + directory: ./terraform + soft_fail: true + + + + deploy-infra-terraform: + name: "Apply terraform code changes" + runs-on: ubuntu-latest + environment: production + needs: [scan-terraform-config] # create the dependance for the job 01 + defaults: + run: + shell: bash + working-directory: ./terraform + steps: + - name: Checkout source code + uses: actions/checkout@v4 + + - name: Setup terraform with specified version on the runner + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: "${{env.TF_VERSION}}" + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + id: init + run: terraform init -backend-config="bucket=$BUCKET_TF_STATE" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: Terraform Format + id: fmt + run: terraform fmt -check + + - name: Terraform validate + id: validate + run: terraform validate + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color -input=false -out plan.out + continue-on-error: true + + - name: Terraform plan status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Add terraform plan comment + id: comment + uses: actions/github-script@v6 + if: github.event_name == 'push' + env: + PLAN: "terraform\n${{steps.plan.outputs.stdout}}" + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }} + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`${process.env.PLAN}\`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + - name: Terraform apply + id: appl + if: github.ref == 'refs/heads/main' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false -parallelism=1 plan.out + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{env.AWS_REGION}} + aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} + aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} + + - name: Get K8s config file + id: getconfig + if: steps.appl.outcome == 'success' + run: aws eks update-kubeconfig --region ${{env.AWS_REGION}} --name ${{env.EKS_CLUSTER}} + + - name: Install ingress controller + if: steps.appl.outcome == 'success' && steps.getconfig.outcome == 'success' + run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml + + + + From 477a9833b8514052297d8362a5a691f720cabcd3 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 21:28:46 +0100 Subject: [PATCH 41/52] merging --- .github/workflows/terraform.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 1fb2830a3..04fdeb592 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -83,6 +83,7 @@ jobs: PLAN: "terraform\n${{steps.plan.outputs.stdout}}" with: github-token: ${{secrets.GITHUB_TOKEN}} + # , Working Directory: \`${{ env.tf_actions_working_dir }}\` script: | const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` @@ -95,7 +96,7 @@ jobs: - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, From 8f6bcabf421e8a34d00a9853d83bc03a9a5aaa7c Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 22:01:13 +0100 Subject: [PATCH 42/52] merging --- .github/workflows/terraform.yml | 12 ++++++++---- terraform/main.tf | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 04fdeb592..43a09932f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -13,6 +13,7 @@ env: AWS_REGION: us-east-1 EKS_CLUSTER: vprofile-eks TF_VERSION: 1.6.3 + WORKING_DIRECTORY: terraform permissions: contents: read @@ -29,7 +30,7 @@ jobs: id: checkov uses: bridgecrewio/checkov-action@master with: - directory: ./terraform + directory: ${{env.WORKING_DIRECTORY}} soft_fail: true @@ -42,7 +43,8 @@ jobs: defaults: run: shell: bash - working-directory: ./terraform + working-directory: ${{env.WORKING_DIRECTORY}} + steps: - name: Checkout source code uses: actions/checkout@v4 @@ -68,7 +70,9 @@ jobs: # Generates an execution plan for Terraform - name: Terraform Plan id: plan - run: terraform plan -no-color -input=false -out plan.out + # -input=false -out plan.out + if: github.event_name == 'pull-request' + run: terraform plan -no-color continue-on-error: true - name: Terraform plan status @@ -78,7 +82,7 @@ jobs: - name: Add terraform plan comment id: comment uses: actions/github-script@v6 - if: github.event_name == 'push' + if: github.event_name == 'pull-request' env: PLAN: "terraform\n${{steps.plan.outputs.stdout}}" with: diff --git a/terraform/main.tf b/terraform/main.tf index 94b6fc75a..c34b12c20 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -13,4 +13,4 @@ locals { cluster_name = var.clusterName } -## \ No newline at end of file +### \ No newline at end of file From 79e6ddc2c98d55fb0efabfb2c78a1aa631549eed Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Mon, 6 Jan 2025 22:54:05 +0100 Subject: [PATCH 43/52] merging --- .github/workflows/terraform.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 43a09932f..7fe653067 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -71,7 +71,7 @@ jobs: - name: Terraform Plan id: plan # -input=false -out plan.out - if: github.event_name == 'pull-request' + if: github.event_name == 'pull_request' run: terraform plan -no-color continue-on-error: true @@ -82,7 +82,7 @@ jobs: - name: Add terraform plan comment id: comment uses: actions/github-script@v6 - if: github.event_name == 'pull-request' + if: github.event_name == 'pull_request' env: PLAN: "terraform\n${{steps.plan.outputs.stdout}}" with: @@ -112,7 +112,8 @@ jobs: - name: Terraform apply id: appl if: github.ref == 'refs/heads/main' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false -parallelism=1 plan.out + run: terraform apply -auto-approve + # -input=false -parallelism=1 plan.out - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 From 20efbdab0e82bf2f4a9dc90bec440a5fa820b3cd Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Tue, 7 Jan 2025 00:16:36 +0100 Subject: [PATCH 44/52] merging --- .github/workflows/terraform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 7fe653067..4bc8bffd3 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -14,8 +14,8 @@ env: EKS_CLUSTER: vprofile-eks TF_VERSION: 1.6.3 WORKING_DIRECTORY: terraform -permissions: - contents: read +# permissions: +# contents: read jobs: scan-terraform-config: From 91c9050ae155e64265373133e20eafce8e9607c1 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Tue, 7 Jan 2025 01:29:08 +0100 Subject: [PATCH 45/52] merging --- .github/workflows/terraform.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 4bc8bffd3..7fe653067 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -14,8 +14,8 @@ env: EKS_CLUSTER: vprofile-eks TF_VERSION: 1.6.3 WORKING_DIRECTORY: terraform -# permissions: -# contents: read +permissions: + contents: read jobs: scan-terraform-config: From 0e4f792d1d98ac31fa7853222977c8771f9a2be7 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Tue, 7 Jan 2025 01:30:37 +0100 Subject: [PATCH 46/52] merging --- .github/workflows/terraform.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 7fe653067..d3a016455 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -15,7 +15,9 @@ env: TF_VERSION: 1.6.3 WORKING_DIRECTORY: terraform permissions: - contents: read + issues: write + contents: read + pull-requests: write jobs: scan-terraform-config: From f70dcc16c399584fa8159354cd11e9bd642915af Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Tue, 7 Jan 2025 09:56:43 +0100 Subject: [PATCH 47/52] update date --- .github/workflows/terraform.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index d3a016455..9ca51e70f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -67,7 +67,7 @@ jobs: - name: Terraform validate id: validate - run: terraform validate + run: terraform validate -no-color # Generates an execution plan for Terraform - name: Terraform Plan @@ -91,8 +91,8 @@ jobs: github-token: ${{secrets.GITHUB_TOKEN}} # , Working Directory: \`${{ env.tf_actions_working_dir }}\` script: | - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }} #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` From 6168e3076e0adee51772b161c66c9354417f6ff1 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Tue, 7 Jan 2025 11:14:37 +0100 Subject: [PATCH 48/52] update date --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 9ca51e70f..b876e1500 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -69,7 +69,7 @@ jobs: id: validate run: terraform validate -no-color - # Generates an execution plan for Terraform + # Generates an execution plan for Terraform - name: Terraform Plan id: plan # -input=false -out plan.out From 629f3d6ef967924ea6c760f9bff8457b67a48ad1 Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Tue, 7 Jan 2025 11:19:59 +0100 Subject: [PATCH 49/52] data --- .github/workflows/terraform.yml | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 1fb2830a3..b876e1500 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -13,8 +13,11 @@ env: AWS_REGION: us-east-1 EKS_CLUSTER: vprofile-eks TF_VERSION: 1.6.3 + WORKING_DIRECTORY: terraform permissions: - contents: read + issues: write + contents: read + pull-requests: write jobs: scan-terraform-config: @@ -29,7 +32,7 @@ jobs: id: checkov uses: bridgecrewio/checkov-action@master with: - directory: ./terraform + directory: ${{env.WORKING_DIRECTORY}} soft_fail: true @@ -42,7 +45,8 @@ jobs: defaults: run: shell: bash - working-directory: ./terraform + working-directory: ${{env.WORKING_DIRECTORY}} + steps: - name: Checkout source code uses: actions/checkout@v4 @@ -63,12 +67,14 @@ jobs: - name: Terraform validate id: validate - run: terraform validate + run: terraform validate -no-color - # Generates an execution plan for Terraform + # Generates an execution plan for Terraform - name: Terraform Plan id: plan - run: terraform plan -no-color -input=false -out plan.out + # -input=false -out plan.out + if: github.event_name == 'pull_request' + run: terraform plan -no-color continue-on-error: true - name: Terraform plan status @@ -78,14 +84,15 @@ jobs: - name: Add terraform plan comment id: comment uses: actions/github-script@v6 - if: github.event_name == 'push' + if: github.event_name == 'pull_request' env: PLAN: "terraform\n${{steps.plan.outputs.stdout}}" with: github-token: ${{secrets.GITHUB_TOKEN}} + # , Working Directory: \`${{ env.tf_actions_working_dir }}\` script: | - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }} #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` @@ -95,7 +102,7 @@ jobs: - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -107,7 +114,8 @@ jobs: - name: Terraform apply id: appl if: github.ref == 'refs/heads/main' && github.event_name == 'push' - run: terraform apply -auto-approve -input=false -parallelism=1 plan.out + run: terraform apply -auto-approve + # -input=false -parallelism=1 plan.out - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 From c534b11cc249359968954e15898b6ecd0dbfd8be Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Tue, 7 Jan 2025 11:53:20 +0100 Subject: [PATCH 50/52] Update README.md --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4f377662a..b43b15667 100644 --- a/README.md +++ b/README.md @@ -10,15 +10,14 @@ Terraform version 1.6.3 ======= ### Steps from scratch >>>>>>> stage -* terraform init +* terraform init * terraform fmt -check * terraform validate * terraform plan -no-color -out planfile * terraform apply -auto-approve -input=false -parallelism=1 planfile -<<<<<<< HEAD + ###### ###### -======= + ##### ##### ->>>>>>> stage From e942c86a7c253c583fcd780ab51d1db3e32fa554 Mon Sep 17 00:00:00 2001 From: geofLegrand <81974903+geofLegrand@users.noreply.github.com> Date: Tue, 7 Jan 2025 12:19:50 +0100 Subject: [PATCH 51/52] Update terraform.yml --- .github/workflows/terraform.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index b876e1500..63b4da632 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -114,7 +114,7 @@ jobs: - name: Terraform apply id: appl if: github.ref == 'refs/heads/main' && github.event_name == 'push' - run: terraform apply -auto-approve + run: terraform destroy -auto-approve # -input=false -parallelism=1 plan.out - name: Configure AWS credentials From a25097e56b6d7be4d88d919caf6c5d87c5a0d67f Mon Sep 17 00:00:00 2001 From: geofLegrand Date: Fri, 10 Jan 2025 22:13:08 +0100 Subject: [PATCH 52/52] show checkov result on the windows --- .github/workflows/terraform.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index b876e1500..c1b90c08f 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -35,7 +35,9 @@ jobs: directory: ${{env.WORKING_DIRECTORY}} soft_fail: true - + outputs: + checkov_report: ${{ steps.checkov.outputs.results }} + deploy-infra-terraform: name: "Apply terraform code changes"