Stage

.github/workflows/terraform.yml

@@ -0,0 +1,142 @@
+name: "Vprofile IAC"
+
+on:
+
+  push:
+    branches: ["main","stage"]
+  pull_request: 
+    branches: ["main"]
+env:
+  AWS_ACCESS_KEY_ID : ${{secrets.AWS_ACCESS_KEY_ID}}
+  AWS_SECRET_ACCESS_KEY: ${{secrets.AWS_SECRET_ACCESS_KEY}}
+  BUCKET_TF_STATE: ${{secrets.BUCKET_TF_STATE}}
+  AWS_REGION: us-east-1
+  EKS_CLUSTER: vprofile-eks
+  TF_VERSION: 1.6.3
+  WORKING_DIRECTORY: terraform
+permissions:
+    issues: write
+    contents: read
+    pull-requests: write
+
+jobs:
+  scan-terraform-config:
+    name: "Scan terraform with Checkov"
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Run Checkov
+        id: checkov
+        uses: bridgecrewio/checkov-action@master
+        with:
+          directory: ${{env.WORKING_DIRECTORY}}
+          soft_fail: true
+
+    outputs:
+      checkov_report: ${{ steps.checkov.outputs.results }}
+
+
+  deploy-infra-terraform:
+    name: "Apply terraform code changes"
+    runs-on: ubuntu-latest
+    environment: production
+    needs: [scan-terraform-config] # create the dependance for the job 01
+    defaults:
+      run:
+        shell: bash
+        working-directory: ${{env.WORKING_DIRECTORY}}
+
+    steps:
+      - name: Checkout source code
+        uses: actions/checkout@v4
+
+      - name: Setup terraform with specified version on the runner
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: "${{env.TF_VERSION}}"
+            # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
+      - name: Terraform Init
+        id: init
+        run: terraform init -backend-config="bucket=$BUCKET_TF_STATE"
+
+          # Checks that all Terraform configuration files adhere to a canonical format
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check  
+
+      - name: Terraform validate
+        id: validate
+        run: terraform validate -no-color
+
+        # Generates an execution plan for Terraform
+      - name: Terraform Plan
+        id: plan
+        # -input=false -out plan.out
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color 
+        continue-on-error: true
+
+      - name: Terraform plan status
+        if: steps.plan.outcome == 'failure'
+        run: exit 1
+
+      - name: Add terraform plan comment
+        id: comment
+        uses: actions/github-script@v6
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{steps.plan.outputs.stdout}}"
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+        #   , Working Directory: \`${{ env.tf_actions_working_dir }}\`
+          script: |
+            const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` 
+            #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Validation 🤖${{ steps.validate.outputs.stdout }}
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`${process.env.PLAN}\`\`\`
+
+            </details>
+
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Workflow: \`${{ github.workflow }}\`*`; 
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })
+
+      - name: Terraform apply
+        id: appl
+        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+
+        run: terraform apply -auto-approve 
+
+        # -input=false -parallelism=1 plan.out
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: ${{env.AWS_REGION}}
+          aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
+          aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
+
+      - name: Get K8s config file
+        id: getconfig
+        if: steps.appl.outcome == 'success'
+        run: aws eks update-kubeconfig --region ${{env.AWS_REGION}} --name ${{env.EKS_CLUSTER}}
+
+      - name: Install ingress controller
+        if: steps.appl.outcome == 'success' && steps.getconfig.outcome == 'success'
+        run: kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.3/deploy/static/provider/aws/deploy.yaml
+
+
+
+

README.md

@@ -1,15 +1,23 @@
-# Terraform code 
+# Terraform code
 
 ## Maintain vpc & eks with terraform for vprofile project
 
 ## Tools required
 Terraform version 1.6.3
 
-### Steps
-* terraform init
+<<<<<<< HEAD
+#### Steps
+=======
+### Steps from scratch
+>>>>>>> stage
+* terraform init 
 * terraform fmt -check
 * terraform validate
-* terraform plan -out planfile
+* terraform plan -no-color -out planfile 
 * terraform apply -auto-approve -input=false -parallelism=1 planfile
-####
+
+######
+######
+
+#####
 #####

terraform/main.tf

@@ -13,4 +13,4 @@ locals {
   cluster_name = var.clusterName
 }
 
-##
+###

terraform/terraform.tf

@@ -27,9 +27,9 @@ terraform {
   }
 
   backend "s3" {
-    bucket = "gitopsterrastate"
-    key    = "terraform.tfstate"
-    region = "us-east-2"
+    bucket = "vprofileaction3"
+    key    = "dev/terraform.tfstate"
+    region = "us-east-1"
   }
 
   required_version = "~> 1.6.3"

terraform/variables.tf

@@ -1,11 +1,11 @@
 variable "region" {
   description = "AWS region"
   type        = string
-  default     = "us-east-2"
+  default     = "us-east-1"
 }
 
 variable "clusterName" {
   description = "Name of the EKS cluster"
   type        = string
-  default     = "kitops-eks"
+  default     = "vprofile-eks"
 }