-
Notifications
You must be signed in to change notification settings - Fork 0
97 lines (82 loc) · 3.13 KB
/
terraform-dns.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Terraform DNS Plan
on:
workflow_dispatch:
inputs:
environment:
type: string
description: "The environment to run terraform plan against:"
required: true
workflow_call:
inputs:
environment:
type: string
required: true
env:
ARM_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
ARM_CLIENT_ID: ${{ secrets.AZ_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZ_CLIENT_SECRET }}
AZ_KEYVAULT_NAME: ${{ secrets.AZ_ACA_RESOURCE_GROUP }}-kv
TF_BACKEND_STORAGE_ACCOUNT_NAME: ${{ secrets.TF_BACKEND_STORAGE_ACCOUNT_NAME }}
TF_BACKEND_CONTAINER_NAME: ${{ secrets.TF_BACKEND_CONTAINER_NAME }}
TF_BACKEND_KEY: "terraform-dns.tfstate"
TF_BACKEND_RESOURCE_GROUP: ${{ secrets.TF_BACKEND_RESOURCE_GROUP }}
TF_VAR_project_name: ${{ secrets.DFE_PROJECT_NAME }}
TF_VAR_environment: ${{ secrets.AZ_ENVIRONMENT }}
TF_VAR_azure_location: ${{ vars.AZ_LOCATION }}
TF_VAR_primary_fqdn: "plan-technology-for-your-school.education.gov.uk"
TF_VAR_subdomains: "staging"
TF_WORKING_DIRECTORY: terraform/dns-zone
jobs:
terraform-plan:
name: Terraform plan
runs-on: ubuntu-latest
defaults:
run:
working-directory: ${{env.TF_WORKING_DIRECTORY}}
environment: ${{ inputs.environment }}
steps:
- name: Clone repo
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.6.2
- name: Get GitHub Runner IP
id: whats-my-ip
uses: ./.github/actions/whats-my-ip-address
- name: Set GitHub Runner IP to TF Var
shell: bash
run: |
echo "TF_VAR_github_ip=${{ steps.whats-my-ip.outputs.ip}}" >> $GITHUB_ENV
- name: Login with AZ
uses: ./.github/actions/azure-login
with:
az_tenant_id: ${{ secrets.AZ_TENANT_ID }}
az_subscription_id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
az_client_id: ${{ secrets.AZ_CLIENT_ID }}
az_client_secret: ${{ secrets.AZ_CLIENT_SECRET }}
- name: Add Runner to KV whitelist
uses: azure/CLI@v1
with:
azcliversion: 2.45.0
inlineScript: |
az keyvault network-rule add --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null
- name: Terraform init
id: init
run: |
terraform init \
-backend-config="resource_group_name=${{ env.TF_BACKEND_RESOURCE_GROUP }}" \
-backend-config="storage_account_name=${{ env.TF_BACKEND_STORAGE_ACCOUNT_NAME }}" \
-backend-config="container_name=${{ env.TF_BACKEND_CONTAINER_NAME }}" \
-backend-config="key=${{ env.TF_BACKEND_KEY }}"
- name: Plan Terraform changes
id: plan
run: terraform plan
- name: Remove Runner to KV whitelist
uses: azure/CLI@v1
if: always()
with:
azcliversion: 2.45.0
inlineScript: |
az keyvault network-rule remove --name ${{ env.AZ_KEYVAULT_NAME }} --ip-address ${{ steps.whats-my-ip.outputs.ip }} &> /dev/null