From 7a1722d1d591fdd8293028a6f783f7bc7e53dc2f Mon Sep 17 00:00:00 2001 From: Janibasha Date: Mon, 4 Sep 2023 22:28:14 +0530 Subject: [PATCH] Create waap-k8s-apply.yml --- .github/workflows/waap-k8s-apply.yml | 569 +++++++++++++++++++++++++++ 1 file changed, 569 insertions(+) create mode 100644 .github/workflows/waap-k8s-apply.yml diff --git a/.github/workflows/waap-k8s-apply.yml b/.github/workflows/waap-k8s-apply.yml new file mode 100644 index 000000000..fd2872003 --- /dev/null +++ b/.github/workflows/waap-k8s-apply.yml @@ -0,0 +1,569 @@ +name: "WAF on K8s Apply" + +on: + push: + branches: + - deploy-waap-k8s + pull_request: + +jobs: + terraform_infra: + name: "AWS Infra" + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./infra + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > backend.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_INFRA }}" + } + } + } + EOF + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + + terraform_eks: + name: "AWS EKS" + runs-on: ubuntu-latest + needs: terraform_infra + defaults: + run: + working-directory: ./eks-cluster + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > backend.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_EKS }}" + } + } + } + EOF + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + + + terraform_bookinfo: + name: "Bookinfo" + runs-on: ubuntu-latest + needs: terraform_eks + defaults: + run: + working-directory: ./workflow-guides/waf/f5-xc-waf-on-k8s/terraform/booksinfo + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > backend.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_BOOKINFO }}" + } + } + } + EOF + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + + + terraform_ce: + name: "CE Deployment" + runs-on: ubuntu-latest + needs: terraform_bookinfo + defaults: + run: + working-directory: ./workflow-guides/waf/f5-xc-waf-on-k8s/terraform/ce-deployment + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > configmap.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_CE }}" + } + } + } + EOF + + - name: Setup Configmap + id: configmap + run: | + cat > backend.tf << EOF + resource "kubectl_manifest" "configmap" { + yaml_body = <Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` + + *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + + + terraform_approve: + name: "Site Registration" + runs-on: ubuntu-latest + needs: terraform_ce + defaults: + run: + working-directory: ./workflow-guides/waf/f5-xc-waf-on-k8s/terraform/registration + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > backend.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_REG }}" + } + } + } + EOF + echo "${{secrets.P12}}" | base64 -d > api.p12 + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + + + terraform_celb: + name: "K8s LB Creation" + runs-on: ubuntu-latest + needs: terraform_approve + defaults: + run: + working-directory: ./workflow-guides/waf/f5-xc-waf-on-k8s/lb-ce + steps: + - name: Checkout + uses: actions/checkout@v3 + + # need to add sleep time here for all deployments to come up + - name: Wait + id: wait + run: sleep 900 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > backend.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_BOOKINFO }}" + } + } + } + EOF + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false + + + terraform_xc: + name: "F5XC WAAP" + runs-on: ubuntu-latest + needs: terraform_celb + defaults: + run: + working-directory: ./workflow-guides/waf/f5-xc-waf-on-k8s/lb-ce/xc + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} + + - name: Setup Terraform Backend + id: backend + run: | + cat > backend.tf << EOF + terraform { + cloud { + organization = "${{ secrets.TF_CLOUD_ORGANIZATION }}" + workspaces { + name = "${{ secrets.TF_CLOUD_WORKSPACE_XC }}" + } + } + } + EOF + echo "${{secrets.P12}}" | base64 -d > api.p12 + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + if: github.event_name == 'pull_request' + run: terraform plan -no-color -input=false + continue-on-error: true + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` +
Show Plan + \`\`\`\n + ${process.env.PLAN} + \`\`\` +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/deploy-waap-k8s' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false \ No newline at end of file