renew the workflow.

mazgi · Sep 8, 2022 · 0dff602 · 0dff602
1 parent 6e63048
commit 0dff602
Showing 1 changed file with 83 additions and 20 deletions.
diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml
@@ -2,33 +2,96 @@ name: default
 
 on:
  push:
+ workflow_dispatch:
 
 jobs:
  provisioning:
+ timeout-minutes: 10
  runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ backend:
+ - azurerm
+ - gcs
+ - s3
  steps:
- - uses: actions/checkout@v2
- - run: |
+ - uses: actions/checkout@v3
+ - name: Set up environment variables
+ run: |
  cat<<EOE > .env
- AWS_ACCOUNT_ID=YOUR_AWS_ACCOUNT_ID
- AWS_DEFAULT_REGION=us-east-1
- CLOUDSDK_CORE_PROJECT=YOUR_GCP_PROJECT_ID
- PROJECT_UNIQUE_ID=YOUR_GCP_PROJECT_UNIZUE_ID
+ # Todo https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses
+ TF_VAR_allowed_ipaddr_list=["0.0.0.0/0"]
  EOE
- - run: |
  echo "UID=$(id -u)" >> .env
  echo "GID=$(id -g)" >> .env
  echo "DOCKER_GID=$(getent group docker | cut -d : -f 3)" >> .env
- # - run: |
- # echo "AWS_ACCESS_KEY_ID=${PROVISIONING_AWS_ACCESS_KEY_ID}" >> .env
- # echo "AWS_SECRET_ACCESS_KEY=${PROVISIONING_AWS_SECRET_ACCESS_KEY}" >> .env
- # env:
- # PROVISIONING_AWS_ACCESS_KEY_ID: ${{ secrets.PROVISIONING_AWS_ACCESS_KEY_ID }}
- # PROVISIONING_AWS_SECRET_ACCESS_KEY: ${{ secrets.PROVISIONING_AWS_SECRET_ACCESS_KEY }}
- # PROVISIONING_GOOGLE_SA_KEY: ${{ secrets.PROVISIONING_GOOGLE_SA_KEY }}
- # - run: docker-compose build
- # - run: docker-compose up
- # - run: docker-compose run provisioning terraform fmt -check
- # - run: docker-compose run provisioning terraform plan
- # - run: docker-compose run provisioning terraform apply -auto-approve
- # if: github.ref == 'refs/heads/main'
+ - name: Export credentials
+ run: |
+ echo "PROJECT_UNIQUE_ID=${PROJECT_UNIQUE_ID}" >> .env
+ echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}" >> .env
+ echo "AWS_ACCOUNT_ID=${AWS_ACCOUNT_ID}" >> .env
+ echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> .env
+ echo "ARM_CLIENT_ID=${ARM_CLIENT_ID}" >> .env
+ echo "ARM_CLIENT_SECRET=${ARM_CLIENT_SECRET}" >> .env
+ echo "ARM_SUBSCRIPTION_ID=${ARM_SUBSCRIPTION_ID}" >> .env
+ echo "ARM_TENANT_ID=${ARM_TENANT_ID}" >> .env
+ echo "CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT}" >> .env
+ env:
+ PROJECT_UNIQUE_ID: ${{ secrets.PROJECT_UNIQUE_ID }}
+ AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+ AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
+ ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
+ ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
+ ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+ CLOUDSDK_CORE_PROJECT: ${{ secrets.CLOUDSDK_CORE_PROJECT }}
+ - name: Export GOOGLE_SA_KEY
+ run: |
+ echo ${GOOGLE_SA_KEY} > config/credentials/google-cloud-keyfile.provisioning-owner.json
+ jq -e '. | select(.type=="service_account")' config/credentials/google-cloud-keyfile.provisioning-owner.json > /dev/null
+ env:
+ GOOGLE_SA_KEY: ${{ secrets.GOOGLE_SA_KEY }}
+ - name: (debug)Check services
+ run: |
+ docker compose --profile=${{ matrix.backend }} config
+ - name: Build containers
+ timeout-minutes: 4
+ run: |
+ docker compose --profile=${{ matrix.backend }} build
+ - name: Start the service
+ timeout-minutes: 4
+ run: |
+ docker compose --profile=${{ matrix.backend }} up --detach
+ while :
+ do
+ docker compose --profile=${{ matrix.backend }} ps --format=json provisioning-${{ matrix.backend }}-backend\
+ | jq -e '.[] | select(.Health=="healthy")' 2> /dev/null\
+ && break
+ sleep 1
+ done
+ - name: Show service logs
+ timeout-minutes: 1
+ run: |
+ docker compose --profile=${{ matrix.backend }} logs
+ - name: Exec Terraform - check the format for each tf file
+ run: |
+ docker compose --profile=${{ matrix.backend }} exec provisioning-${{ matrix.backend }}-backend terraform fmt -check
+ - name: Exec Terraform - validate
+ run: |
+ docker compose --profile=${{ matrix.backend }} exec provisioning-${{ matrix.backend }}-backend terraform validate
+ - name: Exec Terraform - dry-run
+ timeout-minutes: 1
+ run: |
+ docker compose --profile=${{ matrix.backend }} exec provisioning-${{ matrix.backend }}-backend terraform plan
+ - name: Exec Terraform - apply
+ timeout-minutes: 1
+ if: github.ref == 'refs/heads/main'
+ run: |
+ docker compose --profile=${{ matrix.backend }} exec provisioning-${{ matrix.backend }}-backend terraform apply -auto-approve
+ - name: Stop the service
+ timeout-minutes: 1
+ run: |
+ rm -rf tmp/run/container-*/
+ sleep 2
+ docker compose down --remove-orphans