Skip to content

Fix env vars/secrets for golden image IDs comp workflow (#87) #200

Fix env vars/secrets for golden image IDs comp workflow (#87)

Fix env vars/secrets for golden image IDs comp workflow (#87) #200

Workflow file for this run

name: Infrastructure CD
on:
push:
branches:
- master
paths-ignore:
- 'machine-images/**'
pull_request:
repository_dispatch:
types:
- golden-image-ci
workflow_dispatch:
permissions:
contents: write
jobs:
infrastructure-cd:
runs-on: ubuntu-latest
defaults:
run:
shell: bash
env:
TF_VAR_tenancy_ocid: ${{ vars.TF_VAR_TENANCY_OCID }}
TF_VAR_user_ocid: ${{ vars.TF_VAR_USER_OCID }}
TF_VAR_private_key: ${{ secrets.TF_VAR_PRIVATE_KEY }}
TF_VAR_fingerprint: ${{ vars.TF_VAR_FINGERPRINT }}
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
if: |
github.event_name == 'push' ||
github.event_name == 'pull_request' ||
(github.event_name == 'repository_dispatch' && github.event.client_payload.flag == 'true') ||
github.event_name == 'workflow_dispatch'
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up provisioning tool
uses: hashicorp/setup-terraform@v3
- name: Initialize provisioning tool
run: terraform init
- name: Plan infrastructure changes
env:
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
OCI_INSTANCES_SSH_PUBLIC_KEY: ${{ vars.OCI_INSTANCES_SSH_PUBLIC_KEY }}
TF_VAR_KEY_VALUE_STORE_PASSWORD: ${{ secrets.KEY_VALUE_STORE_PASSWORD }}
TF_VAR_vault_cert_private_key: ${{ secrets.VAULT_PRIVATE_KEY }}
run: |
echo "${CERTIFICATE}" > ./certificates/cert.pem
echo "${PRIVATE_KEY}" > ./certificates/key.pem
echo -n "${OCI_INSTANCES_SSH_PUBLIC_KEY}" > ./certificates/ssh-key-2024-03-16.key.pub
echo -n "${OCI_PRIVATE_KEY}" > ./certificates/[email protected]_2024-03-02T19_23_13.049Z.pem
terraform plan \
-input=false
- name: Provision infrastructure
if: |
github.event_name == 'push' ||
github.event_name == 'repository_dispatch' ||
github.event_name == 'workflow_dispatch'
id: provisioning-infrastructure
env:
CERTIFICATE: ${{ secrets.CERTIFICATE }}
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
OCI_INSTANCES_SSH_PUBLIC_KEY: ${{ vars.OCI_INSTANCES_SSH_PUBLIC_KEY }}
TF_VAR_KEY_VALUE_STORE_PASSWORD: ${{ secrets.KEY_VALUE_STORE_PASSWORD }}
TF_VAR_vault_cert_private_key: ${{ secrets.VAULT_PRIVATE_KEY }}
run: |
echo "${CERTIFICATE}" > ./certificates/cert.pem
echo "${PRIVATE_KEY}" > ./certificates/key.pem
echo -n "${OCI_INSTANCES_SSH_PUBLIC_KEY}" > ./certificates/ssh-key-2024-03-16.key.pub
echo -n "${OCI_PRIVATE_KEY}" > ./certificates/[email protected]_2024-03-02T19_23_13.049Z.pem
terraform apply \
-auto-approve \
-input=false
- name: Commit imported variables
if: steps.provisioning-infrastructure.conclusion == 'success'
continue-on-error: true
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add machine-images/imported-vars.pkr.hcl
git commit -m "github-actions[bot]: Updated imported variables for machine images"
- name: Push changes
if: steps.provisioning-infrastructure.conclusion == 'success'
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.PUSH_TOKEN }}