-
Notifications
You must be signed in to change notification settings - Fork 0
120 lines (115 loc) · 4.26 KB
/
cdktf-cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
---
name: CDKTF CICD
on:
workflow_dispatch:
inputs:
action:
description: "Action to perform"
required: true
type: choice
options:
- "deploy"
- "diff"
- "destroy"
default: "deploy"
workflow_call:
inputs:
action:
description: "Action to perform"
required: true
type: string
permissions:
contents: read
pull-requests: write
issues: read
env:
CDKTF_VERSION: 0.20.9
TERRAFORM_VERSION: 1.9.6
jobs:
terraform:
name: "Terraform CDK CICD"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
# Configure 1Password Service Account
- name: Configure 1Password Service Account
uses: 1Password/load-secrets-action/configure@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
with:
service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
# Fetch TERRAFORM_CLOUD_TOKEN from 1Password using load-secrets-action
- name: Fetch TERRAFORM_CLOUD_TOKEN from 1Password
uses: 1Password/load-secrets-action@581a835fb51b8e7ec56b71cf2ffddd7e68bb25e0 # v2
id: fetch-terraform-cloud-token
with:
export-env: false
env:
TERRAFORM_CLOUD_TOKEN: op://Infrastructure/terraform/cloud/token
- name: Install Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
cli_config_credentials_token: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
# Fetch the node version from the .nvmrc file
# Strip the leading "v" from the version number
- name: Fetch node version
id: fetch-node-version
run: |
echo "NODE_VERSION=$(cat .nvmrc | sed 's/[^0-9.]*//g')" >> $GITHUB_ENV
- name: Setup yarn
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4
with:
node-version: ${{ steps.fetch-node-version.outputs.NODE_VERSION }}
- name: Install corepack
run: |
corepack enable
- name: Install dependencies
working-directory: ./cdktf
run: |
# Install node-gyp globally first
npm install -g node-gyp
yarn install
- name: Generate module and provider bindings
working-directory: ./cdktf
env:
TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
run: yarn get
- name: Determine mode
id: determine-mode
run: |
if [ "${{ inputs.action }}" == "deploy" ]; then
echo "mode=auto-approve-apply" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "synth" ]; then
echo "mode=synth-only" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "diff" ]; then
echo "mode=plan-only" >> $GITHUB_OUTPUT
elif [ "${{ inputs.action }}" == "destroy" ]; then
echo "mode=auto-approve-destroy" >> $GITHUB_OUTPUT
else
echo "Unknown action: ${{ inputs.action }}"
exit 1
fi
- name: Run Terraform CDK
uses: hashicorp/terraform-cdk-action@c9135f5a4b424f639279774896d79ac8b0e57316 # v6.0.3
id: terraform-cdk
with:
terraformVersion: ${{ env.TERRAFORM_VERSION }}
cdktfVersion: ${{ env.CDKTF_VERSION }}
workingDirectory: ./cdktf
stackName: cdktf
mode: ${{ steps.determine-mode.outputs.mode }}
terraformCloudToken: ${{ env.TERRAFORM_CLOUD_TOKEN }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
env:
TERRAFORM_CLOUD_TOKEN: ${{ steps.fetch-terraform-cloud-token.outputs.TERRAFORM_CLOUD_TOKEN }}
- name: Store generated CDKTF
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4
# Only store the CDKTF output if the Terraform CDK step ran
if: steps.terraform-cdk.outcome != 'skipped' && steps.terraform-cdk.outcome != 'cancelled'
with:
name: cdktf
path: cdktf/cdktf.out/
retention-days: 5