Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Updated terraform_workflow for azure #165

Open
wants to merge 19 commits into
base: master
Choose a base branch
from
Open

feat: Updated terraform_workflow for azure #165

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
b2dd842
feat: Updated the workflow for azure
Tanishdrove Jan 10, 2025
1127911
feat: Updated the secrets for azure tf
Tanishdrove Jan 10, 2025
fb85c74
feat: updated terraform_workflow yml
Tanishdrove Jan 13, 2025
32e6080
feat: updated terraformworkflow yaml
Tanishdrove Jan 13, 2025
af90f87
feat: removed checkout step
Tanishdrove Jan 15, 2025
ca1f647
feat: Added replace tokens
Tanishdrove Jan 15, 2025
185e849
feat: removed unused values
Tanishdrove Jan 16, 2025
2fce5d3
feat: removed unused values
Tanishdrove Jan 16, 2025
b7800d4
feat: removed duplicate variable
Tanishdrove Jan 16, 2025
7605daa
feat: removed the artificat upload to the directory
Tanishdrove Jan 16, 2025
ab9765c
feat: Added min approvals
Tanishdrove Jan 16, 2025
b984d9a
feat: updated default value of min approvers to 0
Tanishdrove Jan 16, 2025
76de575
feat: added skip_approval parameter
Tanishdrove Jan 16, 2025
de96951
feat: removed replace tokens and unused code
Tanishdrove Jan 16, 2025
ffe5de0
feat: Added slack webhook support
Tanishdrove Jan 16, 2025
fee58ed
feat: Added slack notif support for both apply and destroy
Tanishdrove Jan 16, 2025
81a95d7
feat: fixed indentation
Tanishdrove Jan 16, 2025
3f24d20
feat: Removed unused workflow code
Tanishdrove Jan 16, 2025
51db625
feat: Added parallelism parameter for tf apply and destroy
Tanishdrove Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/terraform.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,4 +133,4 @@ jobs:
else
exit 0
fi
...
...
87 changes: 77 additions & 10 deletions .github/workflows/terraform_workflow.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,14 @@ on:
description: 'Timeout for approval step'
minimum-approvals:
required: false
type: string
type: number
default: 1
description: 'Minimum approvals required to accept the plan'
skip_approval:
required: false
type: boolean
default: false
description: 'Set true to skip approval step'
token_format:
required: false
type: string
Expand All @@ -70,6 +75,18 @@ on:
AZURE_CREDENTIALS:
required: false
description: 'Azure Credentials to install Azure in github runner.'
AZURE_CLIENT_ID:
required: false
description: 'Client ID for service principal in Azure.'
AZURE_SUBSCRIPTION_ID:
required: false
description: 'Subscription ID in Azure.'
AZURE_TENANT_ID:
required: false
description: 'Tenant ID in Azure.'
AZURE_CLIENT_SECRET:
required: false
description: 'Client Secret for the Azure app registration.'
AWS_ACCESS_KEY_ID:
required: false
description: 'AWS Access Key ID to install AWS CLI.'
Expand Down Expand Up @@ -97,6 +114,9 @@ on:
SERVICE_ACCOUNT:
required: false
description: 'The service account to be used'
SLACK_WEBHOOK:
description: "Slack webhook URL"
required: true

jobs:
terraform-workflow:
Expand Down Expand Up @@ -167,6 +187,10 @@ jobs:

- name: terraform init
run: |
export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}"
export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}"
export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}"
export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
cd ${{ inputs.working_directory }}
terraform init

Expand All @@ -182,6 +206,10 @@ jobs:
run: |
export exitcode=0
cd ${{ inputs.working_directory }}
export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}"
export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}"
export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}"
export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
if [ "${{ inputs.destroy }}" = true ]; then
if [ -n "${{ inputs.var_file }}" ]; then
terraform plan -destroy -out tfplan --var-file=${{ inputs.var_file }}
Expand All @@ -196,11 +224,6 @@ jobs:
fi
fi

- name: Publish Terraform Plan
uses: actions/upload-artifact@v4
with:
name: tfplan
path: ${{ inputs.working_directory }}/tfplan

- name: Create String Output
id: tf-plan-string
Expand All @@ -219,6 +242,7 @@ jobs:
echo "${delimiter}" >> $GITHUB_OUTPUT

- name: "Accept plan or deny"
if: ${{ inputs.skip_approval == false }}
uses: trstringer/manual-approval@v1
timeout-minutes: ${{ inputs.timeout }}
with:
Expand All @@ -230,12 +254,16 @@ jobs:
- name: terraform apply
if: ${{ inputs.destroy != true }}
run: |
export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}"
export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}"
export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}"
export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
if [ -n "${{ inputs.var_file }}" ]; then
cd ${{ inputs.working_directory }}
terraform apply -var-file="${{ inputs.var_file }}" -auto-approve
terraform apply -var-file="${{ inputs.var_file }}" -auto-approve -parallelism=5
else
cd ${{ inputs.working_directory }}
terraform apply -auto-approve
terraform apply -auto-approve -parallelism=5
fi

- name: Find Errored Terraform State
Expand All @@ -260,11 +288,50 @@ jobs:
if: ${{ inputs.destroy == true }}
id: destroy
run: |
export ARM_CLIENT_ID="${{ secrets.AZURE_CLIENT_ID }}"
export ARM_CLIENT_SECRET="${{ secrets.AZURE_CLIENT_SECRET }}"
export ARM_TENANT_ID="${{ secrets.AZURE_TENANT_ID }}"
export ARM_SUBSCRIPTION_ID="${{ secrets.AZURE_SUBSCRIPTION_ID }}"
if [ -n "${{ inputs.var_file }}" ]; then
cd ${{ inputs.working_directory }}
terraform destroy -var-file="${{ inputs.var_file }}" -auto-approve
terraform destroy -var-file="${{ inputs.var_file }}" -auto-approve -parallelism=5
else
cd ${{ inputs.working_directory }}
terraform destroy -auto-approve
terraform destroy -auto-approve -parallelism=5
fi

- name: Notify Slack
if: ${{ always() }}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
run: |
# Determine the operation type (apply or destroy) using a custom environment variable or flag
if [[ "${{ inputs.destroy }}" == "true" ]]; then
OPERATION="Destroy"
else
OPERATION="Apply"
fi

# Check the job status
if [ "${{ job.status }}" == "success" ]; then
STATUS="Success ✅"
COLOR="good"
MESSAGE="Terraform $OPERATION completed successfully."
else
STATUS="Failed ❌"
COLOR="danger"
MESSAGE="Terraform $OPERATION failed. Check logs for details."
fi

# Create the Run URL
RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"

# Send the notification to Slack
curl -X POST -H 'Content-type: application/json' \
--data "$(jq -n --arg color "$COLOR" --arg status "$STATUS" --arg message "$MESSAGE" \
--arg operation "$OPERATION" --arg repo "$GITHUB_REPOSITORY" --arg branch "$GITHUB_REF_NAME" --arg sha "$GITHUB_SHA" \
--arg run_url "$RUN_URL" \
'{attachments: [{color: $color, title: ("Terraform " + $operation + ": " + $status), text: $message, fields: [{title: "Operation", value: $operation, short: true}, {title: "Repository", value: $repo, short: true}, {title: "Branch", value: $branch, short: true}, {title: "Commit", value: $sha, short: true}, {title: "Run URL", value: $run_url, short: false}]}]}')" \
$SLACK_WEBHOOK_URL

...
Loading