feat: Backup host related resources #136
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - Pull Request | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| env: | |
| TF_WORKSPACE: prod | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install pre-requisites | |
| run: | | |
| yarn | |
| sudo wget -O /usr/bin/sops https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64 | |
| sudo chmod a+x /usr/bin/sops | |
| - name: Setup Terraform | |
| uses: hashicorp/[email protected] | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TERRAFORM_CLOUD_TOKEN }} | |
| - name: Terraform Init | |
| run: yarn run init | |
| - name: Verify Terraform formatting | |
| run: yarn run format:check | |
| - name: Validate Terraform | |
| run: yarn run validate | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }} | |
| # - name: Dump secrets | |
| # run: | | |
| # echo "export SOPS_AGE_KEY='$SOPS_AGE_KEY'" > /tmp/.env | |
| # echo "export TF_VAR_aad_credentials='$TF_VAR_aad_credentials'" >> /tmp/.env | |
| # echo "export TF_VAR_cloudflare_api_token='$TF_VAR_cloudflare_api_token'" >> /tmp/.env | |
| # echo "export TF_VAR_pagerduty_api_token='$TF_VAR_pagerduty_api_token'" >> /tmp/.env | |
| # shell: bash | |
| # env: | |
| # SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }} | |
| # TF_VAR_aad_credentials: ${{ secrets.AZUREAD_CREDENTIALS_PROD }} | |
| # TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| # TF_VAR_pagerduty_api_token: '${{ secrets.PAGERDUTY_API_TOKEN_PROD }}' | |
| # - name: Setup upterm session | |
| # uses: lhotari/action-upterm@v1 | |
| # with: | |
| # limit-access-to-actor: true | |
| # limit-access-to-users: lholota | |
| - name: Apply terraform | |
| uses: nick-fields/retry@v3 | |
| env: | |
| SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_PRIVATE_KEY }} | |
| TF_VAR_aad_credentials: ${{ secrets.AZUREAD_CREDENTIALS_PROD }} | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| TF_VAR_pagerduty_api_token: '${{ secrets.PAGERDUTY_API_TOKEN_PROD }}' | |
| with: | |
| timeout_minutes: 20 | |
| max_attempts: 3 | |
| shell: bash | |
| command: yarn run apply | |