Adding additional tags to workflows (#440)

* added tags map support in dsf_poc_cli
imperva · Oct 30, 2024 · 2f4e136 · 2f4e136
1 parent 58f0fed
commit 2f4e136
Show file tree

Hide file tree

Showing 8 changed files with 53 additions and 13 deletions.
diff --git a/.github/workflows/dsf_poc_cli.yml b/.github/workflows/dsf_poc_cli.yml
@@ -9,6 +9,7 @@ on:
       explicit_ref:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -20,6 +21,8 @@ on:
         required: true
       ALLOWED_SSH_CIDRS:
         required: true
+      DEPLOYMENT_TAGS:
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -31,7 +34,6 @@ on:
         type: boolean
         default: false
         required: false
-
   push:
     branches:
       - 'dev'
@@ -63,6 +65,7 @@ env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   DESTROY_DELAY_SECONDS: 1800
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
 
 permissions:
   contents: read
@@ -205,7 +208,7 @@ jobs:
     - name: Terraform Plan
       run: |
         terraform -chdir=$EXAMPLE_DIR workspace list
-        terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv
+        terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv 
 
       # On push to "main", build or change infrastructure according to Terraform configuration files
       # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks

diff --git a/.github/workflows/dsf_single_account_cli.yml b/.github/workflows/dsf_single_account_cli.yml
@@ -9,6 +9,7 @@ on:
       branch:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -24,6 +25,8 @@ on:
         required: true
       DAM_LICENSE:
         required: true
+      DEPLOYMENT_TAGS :
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -80,6 +83,7 @@ env:
   JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
   AWS_KEY_PATH: "jump_server_key.cer"
   DESTROY_DELAY_SECONDS: 1800
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
 
 permissions:
   contents: read

diff --git a/.github/workflows/nightly_manager.yml b/.github/workflows/nightly_manager.yml
@@ -18,6 +18,7 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   dev_basic_poc:
     uses: imperva/dsfkit/.github/workflows/nightly_sonar_poc_basic_cli.yml@dev
@@ -28,6 +29,7 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   master_single_account:
     uses: imperva/dsfkit/.github/workflows/sonar_single_account_cli.yml@master
@@ -38,6 +40,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
       JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   dev_single_account:
     uses: imperva/dsfkit/.github/workflows/sonar_single_account_cli.yml@dev
@@ -48,6 +51,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
       JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   master_multi_account:
     uses: imperva/dsfkit/.github/workflows/sonar_multi_account_cli.yml@master
@@ -60,6 +64,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
       JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   # dev waits for master since they use the same constant resources - NAT, VPC, etc.
   # In addition, dev can't run if master fails since master resources may still be up if the failure happened after
@@ -76,6 +81,7 @@ jobs:
       AWS_SECRET_ACCESS_KEY_STAGE: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }}
       JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   master_dsf_single_account:
     uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@master
@@ -89,6 +95,7 @@ jobs:
       JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   dev_dsf_single_account:
     uses: imperva/dsfkit/.github/workflows/dsf_single_account_cli.yml@dev
@@ -102,18 +109,20 @@ jobs:
       JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   master_dsf_poc:
-      uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@master
-      with:
-        use_modules_from_terraform_registry: true
-        explicit_ref: master
-      secrets:
-        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-        DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
-        ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }}
+    uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@master
+    with:
+      use_modules_from_terraform_registry: true
+      explicit_ref: master
+    secrets:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
+      ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   dev_dsf_poc:
     uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@dev
@@ -126,6 +135,7 @@ jobs:
       SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
       DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
       ALLOWED_SSH_CIDRS: ${{secrets.ALLOWED_SSH_CIDRS }}
+      DEPLOYMENT_TAGS: ${{ secrets.DEPLOYMENT_TAGS }}
 
   master_dsf_poc_azure:
     uses: imperva/dsfkit/.github/workflows/dsf_poc_cli_azure.yml@master
@@ -171,4 +181,4 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       DAM_LICENSE: ${{ secrets.DAM_LICENSE }}
-      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/nightly_sonar_poc_basic_cli.yml b/.github/workflows/nightly_sonar_poc_basic_cli.yml
@@ -9,6 +9,7 @@ on:
       workspace:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -18,6 +19,8 @@ on:
         required: true
       JUMP_SERVER_KEY:
         required: false
+      DEPLOYMENT_TAGS:
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -40,6 +43,7 @@ env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   TF_WORKSPACE: ${{ inputs.workspace }}
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
 
 permissions:
   contents: read

diff --git a/.github/workflows/sonar_multi_account_cli.yml b/.github/workflows/sonar_multi_account_cli.yml
@@ -9,6 +9,7 @@ on:
       branch:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -22,6 +23,8 @@ on:
         required: true
       JUMP_SERVER_KEY:
         required: true
+      DEPLOYMENT_TAGS:
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -46,6 +49,7 @@ env:
   JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }}
   AWS_KEY_PATH: "jump_server_key.cer"
   DESTROY_DELAY_SECONDS: 1800
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
 
 permissions:
   contents: read

diff --git a/.github/workflows/sonar_poc_cli.yml b/.github/workflows/sonar_poc_cli.yml
@@ -9,6 +9,7 @@ on:
       explicit_ref:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -18,6 +19,8 @@ on:
         required: true
       ALLOWED_SSH_CIDRS:
         required: true
+      DEPLOYMENT_TAGS:
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -30,6 +33,7 @@ on:
         default: false
         required: false
 
+
   push:
     branches:
       - 'dev'
@@ -57,6 +61,7 @@ env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
   DESTROY_DELAY_SECONDS: 1800
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
 
 permissions:
   contents: read

diff --git a/.github/workflows/sonar_single_account_cli.yml b/.github/workflows/sonar_single_account_cli.yml
@@ -9,6 +9,7 @@ on:
       branch:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID_STAGE:
         required: true
@@ -18,6 +19,8 @@ on:
         required: true
       JUMP_SERVER_KEY:
         required: true
+      DEPLOYMENT_TAGS:
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -40,6 +43,7 @@ env:
   AWS_REGION: ap-southeast-1
   TF_WORKSPACE: sonar_single_account_cli
   DESTROY_DELAY_SECONDS: 1800
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
 
 permissions:
   contents: read

diff --git a/.github/workflows/sonar_upgrade.yml b/.github/workflows/sonar_upgrade.yml
@@ -9,6 +9,7 @@ on:
       explicit_ref:
         required: true
         type: string
+
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
@@ -18,6 +19,8 @@ on:
         required: true
       DAM_LICENSE:
         required: true
+      DEPLOYMENT_TAGS:
+        required: true
 
   workflow_dispatch:
     inputs:
@@ -31,6 +34,8 @@ env:
   TF_VAR_agentless_gw_count: 1
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }}
+
 
 permissions:
   contents: read
@@ -64,6 +69,7 @@ jobs:
       TF_VAR_hub_hadr: ${{ matrix.hub_hadr }}
       TF_VAR_agentless_gw_hadr: ${{ matrix.agentless_gw_hadr }}
       TF_VAR_simulation_db_types_for_agentless: ${{ matrix.simulation_db_types_for_agentless }}
+
     environment: test
 
     # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest