diff --git a/.github/workflows/terraform_aws-labs_vpc.yml b/.github/workflows/terraform_aws-labs_vpc.yml new file mode 100644 index 0000000..681d74e --- /dev/null +++ b/.github/workflows/terraform_aws-labs_vpc.yml @@ -0,0 +1,227 @@ +name: 'Terraform_aws_vpc' + +on: + push: + branches: [ "git_actions" ] + paths: + - 'terraform-provider-aws/create-vpc/*tf' +env: + TF_VAR_aws_region: "${{ vars.AWS_REGION }}" + STACK_DIR: ${{ vars.TF_STACK_DIR }} + +permissions: + id-token: write + +jobs: + # ############ + # INIT + # ############ + terraform_setup: + name: 'Terraform Init-Validate' + runs-on: ubuntu-latest + environment: aws-labs + # Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.0.3 + terraform_wrapper: false + # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} --> Terraform cloud + + # Create a cache for the terraform pluggin and copy tf binary + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + terra_bin=`which terraform` + cp $terra_bin . + + # Initialize a new or existing Terraform working directory(creating initial files, loading any remote state, downloading modules..) + - name: Terraform Init + id: init + run: | + echo ====== INITIALIZE terraform provider plugins : $GITHUB_WORKSPACE/${{ vars.TF_STACK_DIR }} ====== + pwd + echo terra_bin=$terra_bin >> "$GITHUB_OUTPUT" + # echo the temp directory path is : $RUNNER_TEMP + terraform init + terraform -v + - name: Terraform format + run: | + echo ====== FORMAT the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform fmt + - name: Terraform Validate + run: | + echo ====== VALIDATE the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform validate + # Authenticate with AWS using OIDC Workload Federated Identiry + - name: 'Configure AWS credentials' + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + # arn:aws:iam::1234567890:role/example-role + role-session-name: MySessionName #${{ secrets.My_sessionName }} + aws-region: ${{ vars.AWS_REGION }} + - name: Print assumed Role + run: aws sts get-caller-identity + +# PLAN + - name: Terraform Plan + id: plan + run: | + echo ====== PLAN execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform plan -input=false -no-color -out tf.plan + + # Save all plugin files and working Directory in a cache + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # ${{ hashFiles('**/.terraform.lock.hcl') }} + outputs: + terra_path: ${{ steps.init.outputs.terra_bin }} + # ############ + # APPLY + # ############ + Terraform_Apply: + name: 'Terraform Apply' + runs-on: ubuntu-latest + environment: aws-labs + needs: [terraform_setup] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner not necessary. The cache has it + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + + # terraform init not needed here . int files are already in the cache + # TERRAPATH="${{ needs.terraform_setup.outputs.terra_path }}" + # echo old terraform binary location: $TERRAPATH + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Configure AWS credentials' + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + # arn:aws:iam::1234567890:role/example-role + role-session-name: MySessionName #${{ secrets.My_sessionName }} + aws-region: ${{ vars.AWS_REGION }} +# APPLY + - name: Terraform Apply + id: plan + if: github.event_name == 'push' + run: | + echo ====== APPLY execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + echo "== Reusing cached version of terraform ==" + sudo cp ./terraform /usr/local/bin/ + terraform -v + terraform plan -input=false -no-color -out tf.plan + terraform apply --auto-approve tf.plan + # Create a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-aws-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply-${{ github.run_id }} + # ############ + # DESTROY + # ############ + Terraform_Destroy: + name: 'Terraform Destroy' + runs-on: ubuntu-latest + environment: aws-labs + permissions: write-all + needs: [Terraform_Apply] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner not necessary. The cache has it + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + # Restore a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-aws-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply + # terraform init not needed here . int files are already in the cache + # ls terraform.tfstate + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Configure AWS credentials' + uses: aws-actions/configure-aws-credentials@v2 + with: + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + # arn:aws:iam::1234567890:role/example-role + role-session-name: MySessionName #${{ secrets.My_sessionName }} + aws-region: ${{ vars.AWS_REGION }} + # clean terraform cache after destroy completion +# DESTROY + - name: Terraform Destroy + id: destroy + run: | + echo ====== Destroy the Terraform configuration in ${{ env.STACK_DIR }} ====== + echo "== Reusing cached version of terraform ==" + sudo cp ./terraform /usr/local/bin/ + terraform -v + terraform destroy --auto-approve + # clean terraform cache after destroy completion + - name: clean cache + id: cache_deletion + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh extension install actions/gh-actions-cache + echo " deleting tfstate caches" + gh actions-cache list + gh actions-cache delete ${{ runner.os }}-terraform-apply-aws-${{ github.run_id }} --confirm + gh actions-cache delete ${{ runner.os }}-terraform-${{ env.STACK_DIR }} --confirm diff --git a/.github/workflows/terraform_azure-labs_vnet.yml b/.github/workflows/terraform_azure-labs_vnet.yml new file mode 100644 index 0000000..5139d50 --- /dev/null +++ b/.github/workflows/terraform_azure-labs_vnet.yml @@ -0,0 +1,227 @@ +name: 'Terraform_azure_vnet' + +on: + push: + branches: [ "git_actions" ] + paths: + - 'terraform-provider-azure/create-vnet/*tf' +env: + #ARM_USE_MSI: true + #ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + #ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" + #ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + TF_VAR_az_location: "${{ vars.az_location }}" + TF_VAR_prefix: "${{ vars.TF_APP_PREFIX }}" + STACK_DIR: ${{ vars.TF_STACK_DIR }} + +permissions: + id-token: write + +jobs: + # ############ + # INIT + # ############ + terraform_setup: + name: 'Terraform Init-Validate' + runs-on: ubuntu-latest + environment: az-labs + # Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.0.3 + terraform_wrapper: false + # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} --> Terraform cloud + + # Create a cache for the terraform pluggin and copy tf binary + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + terra_bin=`which terraform` + cp $terra_bin . + + # Initialize a new or existing Terraform working directory(creating initial files, loading any remote state, downloading modules..) + - name: Terraform Init + id: init + run: | + echo ====== INITIALIZE terraform provider plugins : $GITHUB_WORKSPACE/${{ vars.TF_STACK_DIR }} ====== + pwd + echo terra_bin=$terra_bin >> "$GITHUB_OUTPUT" + # echo the temp directory path is : $RUNNER_TEMP + terraform init + terraform -v + - name: Terraform format + run: | + echo ====== FORMAT the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform fmt + - name: Terraform Validate + run: | + echo ====== VALIDATE the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform validate + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Az CLI login' + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + +# PLAN + - name: Terraform Plan + id: plan + run: | + echo ====== PLAN execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform plan -input=false -no-color -out tf.plan + + # Save all plugin files and working Directory in a cache + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # ${{ hashFiles('**/.terraform.lock.hcl') }} + outputs: + terra_path: ${{ steps.init.outputs.terra_bin }} + # ############ + # APPLY + # ############ + Terraform_Apply: + name: 'Terraform Apply' + runs-on: ubuntu-latest + environment: az-labs + needs: [terraform_setup] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner not necessary. The cache has it + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + + # terraform init not needed here . int files are already in the cache + # TERRAPATH="${{ needs.terraform_setup.outputs.terra_path }}" + # echo old terraform binary location: $TERRAPATH + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Az CLI login' + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} +# APPLY + - name: Terraform Apply + id: plan + if: github.event_name == 'push' + run: | + echo ====== APPLY execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + echo "== Reusing cached version of terraform ==" + sudo cp ./terraform /usr/local/bin/ + terraform -v + terraform plan -input=false -no-color -out tf.plan + terraform apply --auto-approve tf.plan + # Create a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply-${{ github.run_id }} + # ############ + # DESTROY + # ############ + Terraform_Destroy: + name: 'Terraform Destroy' + runs-on: ubuntu-latest + environment: az-labs + permissions: write-all + needs: [Terraform_Apply] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner not necessary. The cache has it + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + # Restore a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply + # terraform init not needed here . int files are already in the cache + # ls terraform.tfstate + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Az CLI login' + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + # clean terraform cache after destroy completion +# DESTROY + - name: Terraform Destroy + id: destroy + run: | + echo ====== Destroy the Terraform configuration in ${{ env.STACK_DIR }} ====== + echo "== Reusing cached version of terraform ==" + sudo cp ./terraform /usr/local/bin/ + terraform -v + terraform destroy --auto-approve + # clean terraform cache after destroy completion + - name: clean cache + id: cache_deletion + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh extension install actions/gh-actions-cache + echo " deleting tfstate caches" + gh actions-cache list + gh actions-cache delete ${{ runner.os }}-terraform-apply-${{ github.run_id }} --confirm + gh actions-cache delete ${{ runner.os }}-terraform-${{ env.STACK_DIR }} --confirm diff --git a/.github/workflows/terraform_gcp-labs_vpc.yml b/.github/workflows/terraform_gcp-labs_vpc.yml new file mode 100644 index 0000000..4950843 --- /dev/null +++ b/.github/workflows/terraform_gcp-labs_vpc.yml @@ -0,0 +1,244 @@ +name: 'Terraform_gcp_vpc' + +on: + push: + branches: [ "git_actions" ] + paths: + - 'terraform-provider-gcp/create-vpc/*tf' +env: + #TF_VAR_region: "${{ vars.REGION }}" + STACK_DIR: ${{ vars.TF_STACK_DIR }} + +permissions: + id-token: write + +jobs: + # ############# + # INIT + # ############ + terraform_setup: + name: 'Terraform Init-Validate' + runs-on: ubuntu-latest + environment: gcp-labs + # Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + + - uses: 'github/actions-oidc-debugger@main' + with: + audience: 'https://iam.googleapis.com/projects/{{secrets.PROJECT_ID}}/locations/global/workloadIdentityPools/github-pool/providers/gitactions-oidc-provider' + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: Setup Terraform + uses: hashicorp/setup-terraform@v1 + with: + terraform_version: 1.0.3 + terraform_wrapper: false + # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} --> Terraform cloud + + # Create a cache for the terraform pluggin and copy tf binary + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + terra_bin=`which terraform` + cp $terra_bin . + + # Initialize a new or existing Terraform working directory(creating initial files, loading any remote state, downloading modules..) + - name: Terraform Init + id: init + run: | + echo ====== INITIALIZE terraform provider plugins : $GITHUB_WORKSPACE/${{ vars.TF_STACK_DIR }} ====== + pwd + echo terra_bin=$terra_bin >> "$GITHUB_OUTPUT" + # echo the temp directory path is : $RUNNER_TEMP + terraform init + terraform -v + - name: Terraform format + run: | + echo ====== FORMAT the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform fmt + - name: Terraform Validate + run: | + echo ====== VALIDATE the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform validate + # Authenticate with GCP using OIDC Workload Federated Identiry + - name: 'Authenticate to Google Cloud' + id: auth + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: ${{ secrets.WORKLOAD_ID_PROVIDER }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + token_format: 'access_token' + - name: Add GCP projet masks + run: | + echo "::add-mask::${CLOUDSDK_CORE_PROJECT}" + echo "::add-mask::${CLOUDSDK_PROJECT}" + echo "::add-mask::${GCLOUD_PROJECT}" + echo "::add-mask::${GCP_PROJECT}" + echo "::add-mask::${GOOGLE_CLOUD_PROJECT}" + + # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`. + - name: 'Set up Cloud SDK' + uses: 'google-github-actions/setup-gcloud@v1' + - id: 'gcloud' + name: 'gcloud' + run: gcloud services list + +# PLAN + - name: Terraform Plan + id: plan + run: | + echo ====== PLAN execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform plan -input=false -no-color -out tf.plan + + # Save all plugin files and working Directory in a cache + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # ${{ hashFiles('**/.terraform.lock.hcl') }} + outputs: + terra_path: ${{ steps.init.outputs.terra_bin }} + # ############ + # APPLY + # ############ + Terraform_Apply: + name: 'Terraform Apply' + runs-on: ubuntu-latest + environment: gcp-labs + needs: [terraform_setup] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner not necessary. The cache has it + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + + # terraform init not needed here . int files are already in the cache + # TERRAPATH="${{ needs.terraform_setup.outputs.terra_path }}" + # echo old terraform binary location: $TERRAPATH + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Authenticate to Google Cloud' + id: auth + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: ${{ secrets.WORKLOAD_ID_PROVIDER }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + - run: echo "GOOGLE_OAUTH_ACCESS_TOKEN=${{ steps.auth.outputs.access_token }}" >> $GITHUB_ENV + +# APPLY + - name: Terraform Apply + id: plan + if: github.event_name == 'push' + run: | + echo ====== APPLY execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + echo "== Reusing cached version of terraform ==" + export TF_VAR_project=${GCLOUD_PROJECT} + sudo cp ./terraform /usr/local/bin/ + terraform -v + terraform plan -input=false -no-color -out tf.plan + terraform apply --auto-approve tf.plan + # Create a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-gcp-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply-${{ github.run_id }} + # ############ + # DESTROY + # ############ + Terraform_Destroy: + name: 'Terraform Destroy' + runs-on: ubuntu-latest + environment: gcp-labs + permissions: write-all + needs: [Terraform_Apply] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner not necessary. The cache has it + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + restore-keys: | + ${{ runner.os }}-terraform-${{ env.STACK_DIR }} + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + # Restore a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-gcp-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply + # terraform init not needed here . int files are already in the cache + # ls terraform.tfstate + # Authenticate with Azure using OIDC Workload Federated Identiry (i.e User Manged Identity) + - name: 'Authenticate to Google Cloud' + uses: 'google-github-actions/auth@v1' + with: + workload_identity_provider: ${{ secrets.WORKLOAD_ID_PROVIDER }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + + # clean terraform cache after destroy completion +# DESTROY + - name: Terraform Destroy + id: destroy + run: | + echo ====== Destroy the Terraform configuration in ${{ env.STACK_DIR }} ====== + echo "== Reusing cached version of terraform ==" + export TF_VAR_project=${GCLOUD_PROJECT} + sudo cp ./terraform /usr/local/bin/ + terraform -v + terraform destroy --auto-approve + # clean terraform cache after destroy completion + - name: clean cache + id: cache_deletion + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh extension install actions/gh-actions-cache + echo " deleting tfstate caches" + gh actions-cache list + gh actions-cache delete ${{ runner.os }}-terraform-apply-gcp-${{ github.run_id }} --confirm + gh actions-cache delete ${{ runner.os }}-terraform-${{ env.STACK_DIR }} --confirm diff --git a/.github/workflows/terraform_oci-labs_vcn.yml b/.github/workflows/terraform_oci-labs_vcn.yml index 7c33f5e..20b1c52 100644 --- a/.github/workflows/terraform_oci-labs_vcn.yml +++ b/.github/workflows/terraform_oci-labs_vcn.yml @@ -1,85 +1,46 @@ -# This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file -# with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run -# `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events -# to the "master" branch, `terraform apply` will be executed. -# -# Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform -# -# To use this workflow, you will need to complete the following setup steps. -# -# 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. -# Example `main.tf`: -# # The configuration for the `remote` backend. -# terraform { -# backend "remote" { -# # The name of your Terraform Cloud organization. -# organization = "example-organization" -# -# # The name of the Terraform Cloud workspace to store Terraform state files in. -# workspaces { -# name = "example-workspace" -# } -# } -# } -# -# # An example resource that does nothing. -# resource "null_resource" "example" { -# triggers = { -# value = "A example resource that does nothing!" -# } -# } -# -# -# 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. -# Documentation: -# - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html -# - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets -# -# 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. -# Example: -# - name: Setup Terraform -# uses: hashicorp/setup-terraform@v1 -# with: -# cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - name: 'Terraform_oci_vcn' on: push: branches: [ "git_actions" ] paths: - - 'terraform-provider-oci/create-vcn/**.tf' + - 'terraform-provider-oci/create-vcn/*tf' env: - DAY_OF_WEEK: Monday - TF_VAR_tenancy_ocid: ${{ secrets.TENANCY_OCID }} - TF_VAR_user_ocid: ${{ secrets.USER_OCID }} + TF_VAR_tenancy_ocid: "${{ secrets.TENANCY_OCID }}" + TF_VAR_user_ocid: "${{ secrets.USER_OCID }}" TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} - TF_VAR_ssh_public_key: ${{ secrets.SSH_PUBLIC_KEY }} - TF_VAR_compartment_ocid: ${{ secrets.USER_OCID }} - TF_VAR_fingerprint: ${{ secrets.FINGERPRINT }} -defaults: - run: - working-directory: ./terraform-provider-oci/create-vcn - + TF_VAR_ssh_public_key: "${{ secrets.SSH_PUBLIC_KEY }}" + TF_VAR_compartment_ocid: "${{ secrets.COMPARTMENT_OCID }}" + TF_VAR_fingerprint: "${{ secrets.FINGERPRINT }}" + TF_VAR_region: "${{ vars.TF_VAR_region }}" + STACK_DIR: ${{ vars.TF_STACK_DIR }} + +#defaults: +# run: +# shell: bash +# working-directory: $STACK_DIR +# >> An error occurred trying to start process '/usr/bin/bash' with working directory ../$STACK_DIR No such file or directory # permissions: # contents: read jobs: + # ############ + # INIT + # ############ terraform_setup: - name: 'Terraform' + name: 'Terraform Init-Fmt-Validate' runs-on: ubuntu-latest environment: oci-labs - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest + # Use default shell and working directory regardless of the os of the GitHub Actions runner defaults: - run: - shell: bash + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} steps: # Checkout the repository to the GitHub Actions runner - name: Checkout - - id: checkout uses: actions/checkout@v3 - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform @@ -87,25 +48,164 @@ jobs: with: terraform_version: 1.0.3 terraform_wrapper: false - # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} - + # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} --> Terraform cloud + + # Create a cache for the terraform pluggin + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + terra_bin=`which terraform` + cp $terra_bin . + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} + restore-keys: | + ${{ runner.os }}-terraform- + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init + id: init run: | - echo ' the current directort is $PWD ' + echo ====== INITIALIZE terraform provider plugins : $GITHUB_WORKSPACE/${{ vars.TF_STACK_DIR }} ====== + pwd + echo terra_bin=$terra_bin >> "$GITHUB_OUTPUT" + # echo the temp directory path is : $RUNNER_TEMP + terraform init - - # Checks that all Terraform configuration files adhere to a canonical format - - name: Terraform Format - run: terraform fmt -check - - # Generates an execution plan for Terraform + terraform -v + - name: Terraform format + run: | + echo ====== FORMAT the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform fmt + - name: Terraform Validate + run: | + echo ====== VALIDTAE the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform validate - name: Terraform Plan + id: plan run: | + echo ====== PLAN execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== terraform plan -input=false -no-color -out tf.plan - cat tf.plan - # On push to "master", build or change infrastructure according to Terraform configuration files - # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - # - name: Terraform Apply - # if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' - # run: terraform apply -auto-approve -input=false + outputs: + terra_path: ${{ steps.init.outputs.terra_bin }} + + # ############ + # APPLY + # ############ + Terraform_Apply: + name: 'Terraform Apply' + runs-on: ubuntu-latest + environment: oci-labs + needs: [terraform_setup] + # Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + # Create a cache for the terraform pluggin + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} + restore-keys: | + ${{ runner.os }}-terraform- + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: | + echo ====== INITIALIZE terraform provider plugins : $GITHUB_WORKSPACE/${{ vars.TF_STACK_DIR }} ====== + #pwd + # TERRAPATH="${{ needs.terraform_setup.outputs.terra_path }}" + # echo old terraform binary location: $TERRAPATH + echo "== Reusing cached version of terraform ==" + sudo cp ./terraform /usr/local/bin/ + terraform -v + - name: Terraform Apply + id: plan + if: github.event_name == 'push' + run: | + echo ====== APPLY execution for the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform plan -input=false -no-color -out tf.plan + terraform apply --auto-approve tf.plan + # Create a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply- + # ############ + # DESTROY + # ############ + Terraform_Destroy: + name: 'Terraform Destroy' + runs-on: ubuntu-latest + environment: oci-labs + needs: [Terraform_Apply] +# Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + working-directory: ${{ env.STACK_DIR }} + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + # Restore a cache for the terraform pluggin + - name: Cache Terraform + uses: actions/cache@v3 + with: + path: | + ~/.terraform.d/plugin-cache + ./* + key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} + restore-keys: | + ${{ runner.os }}-terraform- + # Configure terraform pluggin in the new runner + - name: Config Terraform plugin cache + run: | + echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc + mkdir --parents ~/.terraform.d/plugin-cache + # Restore a cache for the terraform state file + - name: Cache Terraform statefile + uses: actions/cache@v3 + with: + path: | + ${{ env.STACK_DIR }}/terraform.tfstate + key: ${{ runner.os }}-terraform-apply-${{ github.run_id }} + restore-keys: | + ${{ runner.os }}-terraform-apply + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: Terraform Init + run: | + echo ====== INITIALIZE terraform provider plugins : $GITHUB_WORKSPACE/${{ vars.TF_STACK_DIR }} ====== + pwd + # TERRAPATH="${{ needs.terraform_setup.outputs.terra_path }}" + # echo old terraform binary location: $TERRAPATH + ls terraform.tfstate + echo "== Reusing cached version of terraform ==" + sudo cp ./terraform /usr/local/bin/ + terraform -v + - name: Terraform Destroy + id: destroy + run: | + echo ====== Destroy the Terraform configuration in ${{ env.STACK_DIR }} ====== + terraform destroy --auto-approve diff --git a/.github/workflows/test_secret.yml b/.github/workflows/test_secret.yml new file mode 100644 index 0000000..5b3c665 --- /dev/null +++ b/.github/workflows/test_secret.yml @@ -0,0 +1,36 @@ +name: 'My_secret_test_Workflow' +on: + push: + branches: [ "git_actions" ] + paths: + - '.github/workflows/test_secret.yml' + +jobs: + job_test_secrets: + # name: 'test secrets jobs' + runs-on: ubuntu-latest + environment: test-labs + # Use default shell and working directory regardless of the os of the GitHub Actions runner + defaults: + run: + shell: bash + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: actions/checkout@v3 + # Show how to print unmasked GitHub secrets to the console + - name: Step 1 - Echo out a GitHub Actions Secret to the logs + run: | + echo ${{ secrets.TEST_SECRET }} + # ==> this will show ****** + echo "Trick to echo GitHub Actions Secret: " + # ===> this will show the real content with space 'M Y P a s s w o r d' + echo ${{secrets.TEST_SECRET}} | sed 's/./& /g' + +# job2: +# runs-on: ubuntu-latest +# environment: test-labs +# steps: +# # Checkout the repository to the GitHub Actions runner +# - name: Checkout +# uses: actions/checkout@v3 diff --git a/terraform-provider-aws/create-vpc/outputs.tf b/terraform-provider-aws/create-vpc/outputs.tf index 7ec1344..de26730 100644 --- a/terraform-provider-aws/create-vpc/outputs.tf +++ b/terraform-provider-aws/create-vpc/outputs.tf @@ -1,5 +1,5 @@ output "vpc_Name" { - description = "Name of created VPC. " + description = "Name of created VPC." value = "${lookup(aws_vpc.terra_vpc.tags, "Name")}" } output "vpc_id" { diff --git a/terraform-provider-aws/create-vpc/variables.tf b/terraform-provider-aws/create-vpc/variables.tf index b82d468..92c43e6 100644 --- a/terraform-provider-aws/create-vpc/variables.tf +++ b/terraform-provider-aws/create-vpc/variables.tf @@ -2,11 +2,11 @@ #variable "aws_access_key" {} #variable "aws_secret_key" {} variable "aws_region" { - default = "us-east-1" + default = "us-east-1" } -# VPC INFO +# VPC INFO : variable "vpc_name" { - default = "Terravpc" + default = "Terravpc" } variable "vpc_cidr" { diff --git a/terraform-provider-aws/create-vpc/vpc.tf b/terraform-provider-aws/create-vpc/vpc.tf index cbe26e1..f2c7256 100644 --- a/terraform-provider-aws/create-vpc/vpc.tf +++ b/terraform-provider-aws/create-vpc/vpc.tf @@ -1,7 +1,7 @@ terraform { required_version = ">= 0.12.0" } -# Provider specific configs +# Provider specific configs : provider "aws" { # access_key = "${var.aws_access_key}" # secret_key = "${var.aws_secret_key}" diff --git a/terraform-provider-azure/create-vnet/outputs.tf b/terraform-provider-azure/create-vnet/outputs.tf index ff8c8bc..c9f088a 100644 --- a/terraform-provider-azure/create-vnet/outputs.tf +++ b/terraform-provider-azure/create-vnet/outputs.tf @@ -1,5 +1,5 @@ output "vnet_name" { - description = "The Name of the newly created vNet" + description = "The Name of the newly created vNet " value = azurerm_virtual_network.terra_vnet.name } output "vnet_id" { diff --git a/terraform-provider-azure/create-vnet/variables.tf b/terraform-provider-azure/create-vnet/variables.tf index 0eb65fe..15c5f75 100644 --- a/terraform-provider-azure/create-vnet/variables.tf +++ b/terraform-provider-azure/create-vnet/variables.tf @@ -1,11 +1,11 @@ # Azure account region and authentication variable "prefix" { - description = "The prefix used for all resources in this example" -} + description = "The prefix used for all resources in this example" + } -variable "az_location" { +variable "az_location" { default = "eastus" -} + } # VPC INFO variable "vnet_name" { default = "Terravnet" diff --git a/terraform-provider-azure/create-vnet/vnet.tf b/terraform-provider-azure/create-vnet/vnet.tf index c570d3b..398e9c5 100644 --- a/terraform-provider-azure/create-vnet/vnet.tf +++ b/terraform-provider-azure/create-vnet/vnet.tf @@ -1,9 +1,9 @@ terraform { required_version = ">= 1.0.3" - } + } provider "azurerm" { - features { - } + features { + } } ################# # RESOURCE GROUP @@ -55,7 +55,7 @@ resource "azurerm_network_security_group" "terra_nsg" { destination_address_prefix = "*" } security_rule { - name = "Inbound HTTP access" + name = "Inbound_HTTP_access" priority = 100 direction = "Inbound" access = "Allow" @@ -77,4 +77,4 @@ tags = { resource "azurerm_subnet_network_security_group_association" "nsg_sub" { subnet_id = azurerm_subnet.terra_sub.id network_security_group_id = azurerm_network_security_group.terra_nsg.id -} \ No newline at end of file +} diff --git a/terraform-provider-gcp/create-vpc/outputs.tf b/terraform-provider-gcp/create-vpc/outputs.tf index 1d0e154..945bbf0 100644 --- a/terraform-provider-gcp/create-vpc/outputs.tf +++ b/terraform-provider-gcp/create-vpc/outputs.tf @@ -1,10 +1,10 @@ output "vpc_name" { - description = "The Name of the newly created vpc" - value = google_compute_network.terra_vpc.name -} -#output "vpc_id" { -# description = "id of created vpc. " -# value = google_compute_network.terra_vpc.id + description = "The Name of the newly created vpc " + value = google_compute_network.terra_vpc.name + } +# output "vpc_id" { +# description = "id of created vpc." +# value = google_compute_network.terra_vpc.id # } output "Subnet_Name" { @@ -30,7 +30,7 @@ output "fire_wall_rules" { value = google_compute_firewall.web-server.allow } -output "secondary_sub_ip_range" +output "secondary_sub_ip_range" { description = "Shows ingress rules of the Security group " value = google_compute_subnetwork.terra_sub.secondary_ip_range } diff --git a/terraform-provider-gcp/create-vpc/variables.tf b/terraform-provider-gcp/create-vpc/variables.tf index bff6514..faf71fe 100644 --- a/terraform-provider-gcp/create-vpc/variables.tf +++ b/terraform-provider-gcp/create-vpc/variables.tf @@ -1,14 +1,14 @@ # GCP Service account region and authentication # variable "prefix" { # description = "The prefix used for all resources in this example" -#} -variable "gcp_credentials"{ - description = "default location of your service account json key file" - default = "~/gcp-key.json" + #} + variable "gcp_credentials"{ + description = "default location of your service account json key file" + default = "~/gcp-key.json" } variable "project" { - default = "playground-s-11-83a5e4fc" + default = "playground-s-11-83a5e4fc" #CHANGE-ME } variable "region" { default = "us-east1" diff --git a/terraform-provider-gcp/create-vpc/vpc.tf b/terraform-provider-gcp/create-vpc/vpc.tf index c0bb08d..68f30b7 100644 --- a/terraform-provider-gcp/create-vpc/vpc.tf +++ b/terraform-provider-gcp/create-vpc/vpc.tf @@ -1,5 +1,5 @@ provider "google" { - credentials = file(var.gcp_credentials) + # credentials = file(var.gcp_credentials) project = var.project region = var.region zone = var.zone @@ -84,4 +84,4 @@ resource "google_compute_firewall" "web-server" { output "project" { value = "${data.google_client_config.current.project}" -} \ No newline at end of file +} diff --git a/terraform-provider-oci/create-vcn/outputs.tf b/terraform-provider-oci/create-vcn/outputs.tf index 4e8c2d0..7447a63 100644 --- a/terraform-provider-oci/create-vcn/outputs.tf +++ b/terraform-provider-oci/create-vcn/outputs.tf @@ -1,5 +1,5 @@ - output "vcn_id" { + output "vcn_id" { description = "OCID of created VCN. " value = oci_core_vcn.vcnterra.id } @@ -28,4 +28,4 @@ description = "ocid of subnet ids. " value = oci_core_subnet.terrasub.*.id } - \ No newline at end of file + diff --git a/terraform-provider-oci/create-vcn/variables.tf b/terraform-provider-oci/create-vcn/variables.tf index 0877dd4..4b0fb3c 100644 --- a/terraform-provider-oci/create-vcn/variables.tf +++ b/terraform-provider-oci/create-vcn/variables.tf @@ -3,13 +3,14 @@ variable "compartment_ocid" {} variable "tenancy_ocid" {} variable "user_ocid" {} variable "fingerprint" {} -variable "private_key_path" {} +# variable "private_key_path" { } +variable "private_key" {} variable "region" {} variable "availability_domain_name" { default = "" description = "Availability Domain" -} + } variable "vcn_display_name" { default = "Terravcn" diff --git a/terraform-provider-oci/create-vcn/vcn.tf b/terraform-provider-oci/create-vcn/vcn.tf index da4e3a8..cbc3cf9 100644 --- a/terraform-provider-oci/create-vcn/vcn.tf +++ b/terraform-provider-oci/create-vcn/vcn.tf @@ -4,18 +4,18 @@ terraform { required_providers { oci = { source = "oracle/oci" - } - } - } + } + } + } provider "oci" { region = var.region tenancy_ocid = var.tenancy_ocid user_ocid = var.user_ocid fingerprint = var.fingerprint - private_key_path = var.private_key_path + private_key = var.private_key } -################# +################## # VCN #################