-
Notifications
You must be signed in to change notification settings - Fork 0
116 lines (114 loc) · 4.04 KB
/
workflow.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Terraform CI
'on':
push:
branches:
- main
pull_request:
branches: main
jobs:
print:
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- name: Checkout actions-oidc-debugger
uses: actions/checkout@v3
with:
repository: github/actions-oidc-debugger
ref: main
#About the GITHUB_TOKEN secret
#
#At the start of each workflow job, GitHub automatically creates a unique GITHUB_TOKEN secret to use in your workflow. You can use the GITHUB_TOKEN to authenticate in the workflow job.
token: ${{ secrets.GITHUB_TOKEN }}
path: ./.github/actions/actions-oidc-debugger
- name: Debug OIDC Claims
uses: ./.github/actions/actions-oidc-debugger
with:
audience: 'projects/1334884267/locations/global/workloadIdentityPools/dataproc-github-identity-pool'
build:
runs-on: ubuntu-latest
environment: dev
permissions:
contents: 'read'
id-token: 'write'
steps:
- id: auth
name: 'Authenticate to Google Cloud'
uses: google-github-actions/auth@v2
with:
create_credentials_file: true
# workload_identity_provider: 'projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID'
workload_identity_provider: ${{ vars.WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.SERVICE_ACCOUNT }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: set credentials file
run: gcloud auth login --cred-file=${{steps.auth.outputs.credentials_file_path}}
- name: Use gcloud CLI
run: gcloud info
- name: Checkout actions-oidc-debugger
uses: actions/checkout@v3
- name: "list the current dir"
run: ls -lrt
- id: 'upload-file'
uses: 'google-github-actions/upload-cloud-storage@v2'
with:
path: "CHANGELOG.md"
destination: ' mahendran-dataproc-serverless/github/'
- name: Use gsutil and see information about a bucket
run: gcloud storage buckets list
terraform:
name: Terraform
runs-on: ubuntu-latest
environment: dev
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Terraform validate
run: |
dir="environments/dev"
cd ${dir}
echo ""
echo "*************** TERRAFORM Format ******************"
echo "******* At environment: ${env} ********"
echo "*************************************************"
terraform fmt || exit 1
- name: Terraform Init
run: |
dir="environments/dev"
cd ${dir}
echo "secrets" ${{ secrets.DUMMY }}
echo ""
echo "*************** TERRAFORM INIT ******************"
echo "******* At environment: ${env} ********"
echo "*************************************************"
terraform init || exit 1
env:
GOOGLE_CREDENTIALS: '${{ secrets.GOOGLE_CREDENTIALS }}'
- name: Terraform Plan
run: |
dir="environments/dev"
cd ${dir}
echo ""
echo "*************** TERRAFORM PLAN ******************"
echo "******* At environment: ${env} ********"
echo "*************************************************"
terraform plan || exit 1
env:
GOOGLE_CREDENTIALS: '${{ secrets.GOOGLE_CREDENTIALS }}'
- name: Terraform Apply
run: |
dir="environments/dev"
cd ${dir}
echo ""
echo "*************** TERRAFORM APPLY ******************"
echo "******* At environment: ${env} ********"
echo "*************************************************"
terraform apply -auto-approve
env:
GOOGLE_CREDENTIALS: '${{ secrets.GOOGLE_CREDENTIALS }}'