Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix/runner-permissions-iac #276

Merged
merged 24 commits into from
May 6, 2024
Merged

Fix/runner-permissions-iac #276

Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
7f21ffb
update tg action
lucasmellos May 3, 2024
666b92e
update tg version
lucasmellos May 3, 2024
b880fa3
replace tg
lucasmellos May 3, 2024
51fe0f4
replace tg
lucasmellos May 3, 2024
532ab72
bump ci
lucasmellos May 3, 2024
99c6b6e
debug
lucasmellos May 3, 2024
3cbda21
debug
lucasmellos May 3, 2024
11510a7
debug
lucasmellos May 3, 2024
dddc03f
debug
lucasmellos May 3, 2024
64097a1
debug
lucasmellos May 3, 2024
0ab0cfd
debug
lucasmellos May 3, 2024
3ae77b8
debug
lucasmellos May 3, 2024
a9a6117
debug
lucasmellos May 3, 2024
3e425a0
debug
lucasmellos May 3, 2024
9cfefcb
debug
lucasmellos May 3, 2024
2198c07
debug
lucasmellos May 3, 2024
dd39cde
bump ci
lucasmellos May 3, 2024
21c0a39
debug
lucasmellos May 3, 2024
534ed8b
debug
lucasmellos May 3, 2024
0e6cc76
debug
lucasmellos May 3, 2024
1923eb1
debug
lucasmellos May 3, 2024
3775e3f
debug
lucasmellos May 3, 2024
8ce6091
debug
lucasmellos May 3, 2024
6cf4b31
debug
lucasmellos May 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 18 additions & 14 deletions .github/workflows/iac.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ on:
TG_VERSION:
required: false
type: string
default: '0.57.5'
default: '0.58.2'
TF_VERSION:
required: false
type: string
Expand Down Expand Up @@ -107,19 +107,29 @@ jobs:
environment:
name: ${{ inputs.ENVIRONMENT }}

permissions: write-all
permissions:
contents: 'read'
id-token: 'write'

steps:
- name: Install dependencies
run: |
sudo apt update
sudo apt install unzip git -yq

- name: cleanup old checkout
run: chmod +w -R ${GITHUB_WORKSPACE}; rm -rf ${GITHUB_WORKSPACE}/*;

- name: 'Checkout'
uses: actions/checkout@v4

- name: Checkout actions
uses: actions/checkout@v4
with:
repository: signalwire/actions-template
ref: main
path: actions

- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
Expand All @@ -136,9 +146,6 @@ jobs:
project_id: ${{ inputs.PROJECT_ID }}
service_account: ${{ inputs.GCP_SA }}

- name: Install dependencies
run: sudo apt update ; sudo apt install unzip -yq

- name: Sops Binary Installer
uses: mdgreenwald/[email protected]
with:
Expand Down Expand Up @@ -170,11 +177,9 @@ jobs:

- uses: opentofu/setup-opentofu@main

- run: sudo apt update ; sudo apt install git -yq ; git config --global --add safe.directory '*'

- name: Init
id: init
uses: gruntwork-io/terragrunt-action@v2
uses: gruntwork-io/terragrunt-action@v2.1.1
with:
tf_version: ${{ inputs.TF_VERSION }}
tg_version: ${{ inputs.TG_VERSION }}
Expand Down Expand Up @@ -202,6 +207,7 @@ jobs:
- name: Plan
uses: gruntwork-io/terragrunt-action@v2
id: plan
continue-on-error: true
with:
tf_version: ${{ inputs.TF_VERSION }}
tg_version: ${{ inputs.TG_VERSION }}
Expand All @@ -226,10 +232,6 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
# TF_LOG: trace

- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1

- name: Generate token
id: generate_token
uses: tibdex/github-app-token@v2
Expand Down Expand Up @@ -272,3 +274,5 @@ jobs:
OVH_APPLICATION_SECRET: ${{ secrets.OVH_APPLICATION_SECRET }}
OVH_CONSUMER_KEY: ${{ secrets.OVH_CONSUMER_KEY }}
OVH_CLOUD_PROJECT_SERVICE: ${{ secrets.OVH_CLOUD_PROJECT_SERVICE }}

- run: sudo chmod -R 777 /home/runner/_work/${{ github.event.repository.name }}