Skip to content

Add destroy plan

Add destroy plan #87

Workflow file for this run

name: 'Terraform build'
on:
push:
branches: [ "main" ]
pull_request:
env:
TF_CLOUD_ORGANIZATION: "${{ vars.BMB_TF_ORGANIZATION }}"
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
TF_WORKSPACE: "${{ vars.TF_WORKSPACE }}"
CONFIG_DIRECTORY: "./"
permissions:
contents: read
jobs:
terraform-settings:
name: "Terraform Settings"
runs-on: ubuntu-latest
steps:
- name: Config
run: |
cat <<EOF > db.auto.tfvars
cluster_name = "${{ vars.BMB_MYSQL_CLUSTER }}"
database_name = "${{ vars.BMB_MYSQL_DATABASE }}"
vpc_name = "${{ vars.BMB_EKS_CLUSTER_VPC }}"
username = "${{ secrets.BMB_MYSQL_USER }}"
password = "${{ secrets.BMB_MYSQL_PASSWORD }}"
EOF
- name: Upload Configuration
uses: actions/upload-artifact@v4
with:
name: database-config
path: db.auto.tfvars
test:
name: 'Test'
runs-on: ubuntu-latest
environment: dev
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform Init
run: terraform init -upgrade
- name: Terraform Test
if: github.event_name == 'push'
run: terraform test
sonarcloud:
if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main'
name: SonarCloud
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: SonarCloud Scan
uses: SonarSource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
terraform-plan:
needs: [test, terraform-settings]
if: github.event_name == 'pull_request'
environment: dev
name: "Terraform Plan"
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download Configuration
uses: actions/download-artifact@v4
with:
name: database-config
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
speculative: true
- name: Create Plan Run
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }}
plan_only: true
- name: Get Plan Output
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-output
with:
plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }}
- name: Update PR
uses: actions/github-script@v7
id: plan-comment
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output')
});
const output = `#### Terraform Cloud Plan Output
\`\`\`
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
\`\`\`
[Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }})
`;
// 3. Delete previous comment so PR timeline makes sense
if (botComment) {
github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
});
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
});
deploy:
needs: [test, terraform-settings]
if: github.ref == 'refs/heads/main'
name: "Terraform Apply"
runs-on: ubuntu-latest
environment: dev
permissions:
contents: read
outputs:
vpc_id: ${{ steps.saving-workspace-output.outputs.vpc_id }}
cluster: ${{ steps.saving-workspace-output.outputs.cluster }}
host: ${{ steps.saving-workspace-output.outputs.host }}
config_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download Configuration
uses: actions/download-artifact@v4
with:
name: database-config
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: apply-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
- name: Create Apply Run
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: apply-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
message: "Plan Run from GitHub Actions CI ${{ github.sha }}"
- name: Apply
uses: hashicorp/tfc-workflows-github/actions/[email protected]
if: ${{ vars.TF_AUTO_APPROVE == 'true' }}
id: apply
with:
run: ${{ steps.apply-run.outputs.run_id }}
comment: "Apply Run from GitHub Actions CI ${{ github.sha }}"
- name: Get output
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: workspace-output
with:
workspace: ${{ env.TF_WORKSPACE }}
- name: "Saving workspace output"
id: saving-workspace-output
continue-on-error: true
run: |
echo "vpc_id=$(echo ${{ toJson(steps.workspace-output.outputs.outputs) }} | jq -r '.[] | select(.name == "vpc_id") | .value')" >> $GITHUB_OUTPUT
echo "cluster=$(echo ${{ toJson(steps.workspace-output.outputs.outputs) }} | jq -r '.[] | select(.name == "cluster") | .value')" >> $GITHUB_OUTPUT
echo "host=$(echo ${{ toJson(steps.workspace-output.outputs.outputs) }} | jq -r '.[] | select(.name == "host") | .value')" >> $GITHUB_OUTPUT
seed-database:
needs: [deploy]
name: "Seed database"
runs-on: ubuntu-latest
environment: dev
defaults:
run:
working-directory: init
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Terraform fmt
id: fmt
run: terraform fmt -check
- name: Terraform Init
id: init
run: terraform init -upgrade
- name: Terraform Validate
id: validate
run: terraform validate
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Terraform Apply
id: apply
run: |
terraform apply -auto-approve \
-var="username=${{ secrets.BMB_MYSQL_USER }}" \
-var="password=${{ secrets.BMB_MYSQL_PASSWORD }}" \
-var="host=${{ needs.deploy.outputs.host }}" \
-var="dbClusterIdentifier=${{ vars.BMB_MYSQL_CLUSTER }}"
echo "secret_arn=$(terraform output -json | jq '.secret_arn.value' | sed 's/"//g')" >> $GITHUB_OUTPUT
- name: Wake up Cluster
continue-on-error: true
run: |
aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "SELECT 1 AS WAKE_UP;"
env:
CLUSTER_ARN: ${{ needs.deploy.outputs.cluster }}
SECRET_ARN: ${{ steps.apply.outputs.secret_arn }}
DATABASE_NAME: ${{ vars.BMB_MYSQL_DATABASE }}
- name: Wait 60s for cluster to wake up
run: sleep 60s
shell: bash
- name: Create tables
continue-on-error: true
run: |
aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/orders_table.sql)"
aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/products_table.sql)"
aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/order_items_table.sql)"
aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/payments_table.sql)"
aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/customers_table.sql)"
env:
AWS_DEFAULT_REGION: us-east-1
CLUSTER_ARN: ${{ needs.deploy.outputs.cluster }}
SECRET_ARN: ${{ steps.apply.outputs.secret_arn }}
DATABASE_NAME: ${{ vars.BMB_MYSQL_DATABASE }}
- name: Terraform destroy
id: destroy
run: |
terraform destroy -auto-approve
destroy-plan:
name: "Create terraform destroy plan"
needs: [deploy, seed-database]
runs-on: ubuntu-latest
steps:
- name: Create plan
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: destroy-plan
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ needs.deploy.outputs.config_version }}
is_destroy: true