From cdbb4afe262a607b9f1e9a865f3583431576fb31 Mon Sep 17 00:00:00 2001 From: Roi Klorin Date: Wed, 13 Nov 2024 21:32:34 +0200 Subject: [PATCH] changed Set IP in AWS Security Group in sonar_single_account_cli.yml --- .../workflows/sonar_single_account_cli.yml | 170 ++++++++---------- 1 file changed, 73 insertions(+), 97 deletions(-) diff --git a/.github/workflows/sonar_single_account_cli.yml b/.github/workflows/sonar_single_account_cli.yml index 2bf3ae0c..12e8cc16 100644 --- a/.github/workflows/sonar_single_account_cli.yml +++ b/.github/workflows/sonar_single_account_cli.yml @@ -37,13 +37,11 @@ env: TF_CLI_ARGS: "-no-color" TF_INPUT: 0 TF_VAR_gw_count: 1 - EXAMPLE_DIR: ./examples/aws/installation/sonar_single_account_deployment - AWS_REGION: ap-southeast-1 AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} - TF_WORKSPACE: sonar_single_account_cli JUMP_SERVER_KEY: ${{ secrets.JUMP_SERVER_KEY }} - AWS_KEY_PATH: "jump_server_key.cer" + AWS_REGION: ap-southeast-1 + TF_WORKSPACE: sonar_single_account_cli DESTROY_DELAY_SECONDS: 10 TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }} @@ -52,8 +50,21 @@ permissions: jobs: terraform: - name: 'Sonar Single Account ${{ inputs.branch }}' + + strategy: + max-parallel: 1 + matrix: + include: + - name: single account + example_dir: examples/aws/installation/sonar_single_account_deployment + target_dir: single_account + + name: '${{ matrix.name }} ${{ inputs.branch }}' runs-on: ubuntu-latest + env: + EXAMPLE_DIR: ./${{ matrix.example_dir }} + REMOTE_EXAMPLE_DIR: ./${{ matrix.target_dir }}/dsfkit/${{ matrix.example_dir }} + TARGET_DIR: ${{ matrix.target_dir }} environment: test # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest @@ -68,10 +79,48 @@ jobs: with: ref: ${{ inputs.branch }} + - name: Setup jq + uses: sergeysova/jq-action@v2 + + - name: Get The Public IP + run: echo curr_ip=$(curl -s https://ipinfo.io/ip) >> $GITHUB_ENV + + - name: Set IP in AWS Security Group + run: | + aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) + echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + - name: Change the modules source to local run: | find ./examples/ -type f -exec sed -i -f sed.expr {} \; + - name: Cleaning environment + continue-on-error: true + uses: appleboy/ssh-action@v1.0.0 + with: + host: 54.179.25.83 + username: ec2-user + key: ${{ env.JUMP_SERVER_KEY }} + port: 22 + command_timeout: "2h" + envs: REMOTE_EXAMPLE_DIR,TF_WORKSPACE + script: | + terraform -chdir=$REMOTE_EXAMPLE_DIR destroy -auto-approve + + - name: Delete Old Environment + uses: appleboy/ssh-action@v1.0.0 + with: + host: 54.179.25.83 + username: ec2-user + key: ${{ env.JUMP_SERVER_KEY }} + port: 22 + command_timeout: "2h" + envs: TARGET_DIR + script: | + cd $TARGET_DIR + rm -rf dsfkit + rm -rf dsfkit.zip + - name: Create terraform backend file run: | cat << EOF > $EXAMPLE_DIR/backend.tf @@ -91,52 +140,31 @@ jobs: ${{ vars.TFVAR_PARAMETERS_SINGLE_ACCOUNT_AUTOMATION_V1 }} EOF - - name: Cat tfvars File - run: cat $EXAMPLE_DIR/terraform.tfvars - - name: Add Profile Credentials to ~/.aws/credentials - run: | - aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID --profile ${{ vars.DEV_PROFILE_NAME }} - aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY --profile ${{ vars.DEV_PROFILE_NAME }} - aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} --profile ${{ vars.STAGE_PROFILE_NAME }} - aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} --profile ${{ vars.STAGE_PROFILE_NAME }} - - - name: Get The Public IP - run: echo curr_ip=$(curl -s https://ipinfo.io/ip) >> $GITHUB_ENV + - name: View The Vars + run: cat $EXAMPLE_DIR/terraform.tfvars - - name: Set IP in AWS Security Group - run: | - aws_sg=$(aws ec2 authorize-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --protocol tcp --port 22 --cidr $curr_ip/32) - echo sg_id=$(echo $aws_sg | jq '.SecurityGroupRules[0].SecurityGroupRuleId') >> $GITHUB_ENV + - name: Create a ZIP File + run: zip -r dsfkit.zip ../dsfkit - - name: Create Key File + - name: View The ZIP File run: | - echo "${{ secrets.JUMP_SERVER_KEY }}" > $EXAMPLE_DIR/$AWS_KEY_PATH - sudo chmod 400 $EXAMPLE_DIR/$AWS_KEY_PATH + ls -l + pwd - # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - - name: Setup Terraform - uses: hashicorp/setup-terraform@v2 + - name: SCP the ZIP File + uses: appleboy/scp-action@master with: - terraform_wrapper: false - terraform_version: ~1.7.0 - - - name: Setup jq - uses: sergeysova/jq-action@v2 - - # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - - name: Terraform Init - run: terraform -chdir=$EXAMPLE_DIR init - - - name: Cleaning environment - run: | - mv $EXAMPLE_DIR/main.tf{,_} - mv $EXAMPLE_DIR/outputs.tf{,_} - terraform -chdir=$EXAMPLE_DIR destroy -auto-approve - mv $EXAMPLE_DIR/main.tf{_,} - mv $EXAMPLE_DIR/outputs.tf{_,} + host: 54.179.25.83 + username: ec2-user + key: ${{ env.JUMP_SERVER_KEY }} + port: 22 + source: "dsfkit.zip" + timeout: "10m" + target: ${{ matrix.target_dir }} + overwrite: true - - name: Delete Old Environment + - name: Unzip uses: appleboy/ssh-action@v1.0.0 with: host: 54.179.25.83 @@ -147,62 +175,10 @@ jobs: envs: TARGET_DIR script: | cd $TARGET_DIR - rm -rf dsfkit - rm -rf dsfkit.zip - - - name: Terraform Validate - run: terraform -chdir=$EXAMPLE_DIR validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - run: terraform -chdir=$EXAMPLE_DIR plan - - - name: Terraform Apply - run: terraform -chdir=$EXAMPLE_DIR apply -auto-approve - - - name: Terraform Output - if: always() - run: terraform -chdir=$EXAMPLE_DIR output -json + unzip -uq dsfkit.zip - - name: Collect Artifacts - uses: actions/upload-artifact@v4 - with: - name: collected-keys-${{ env.TF_WORKSPACE }} - path: | - ${{ env.EXAMPLE_DIR }}/ssh_keys - - - name: Check how was the workflow run - id: check-trigger - if: ${{ failure() }} - run: | - if [ "${{ github.event_name }}" == "schedule" ]; then - echo "run-by=Automation" >> $GITHUB_OUTPUT - else - echo "run-by=${{ github.actor }}" >> $GITHUB_OUTPUT - fi - - # This step allows time for investigation of the failed resources before destroying them - - name: Conditional Delay - if: ${{ failure() }} - run: | - echo "delay_destroy: ${{ inputs.delay_destroy }}" - if [ "${{ inputs.delay_destroy }}" == "true" ]; then - echo "Terraform workspace: $TF_WORKSPACE" - curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ github.workflow }} ${{ env.TF_WORKSPACE }} automation Failed*\n You have ${{ env.DESTROY_DELAY_SECONDS }} seconds to investigate the environment before it is destroyed :alarm_clock:\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }} - echo "" - echo "Sleeping for $((DESTROY_DELAY_SECONDS / 60)) minutes before destroying the environment" - sleep $DESTROY_DELAY_SECONDS - fi - - - name: Terraform Destroy - if: always() - run: terraform -chdir=$EXAMPLE_DIR destroy -auto-approve - name: Delete Security Group - env: - AWS_REGION: ap-southeast-1 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_STAGE }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_STAGE }} if: always() run: aws ec2 revoke-security-group-ingress --group-id ${{ vars.JUMP_SERVER_SG_ID }} --security-group-rule-ids ${{ env.sg_id }}