update readme #95
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Terraform build' | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| env: | |
| TF_CLOUD_ORGANIZATION: "${{ vars.BMB_TF_ORGANIZATION }}" | |
| TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | |
| TF_WORKSPACE: "${{ vars.TF_WORKSPACE }}" | |
| CONFIG_DIRECTORY: "./" | |
| permissions: | |
| contents: read | |
| jobs: | |
| terraform-settings: | |
| name: "Terraform Settings" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Config | |
| run: | | |
| cat <<EOF > db.auto.tfvars | |
| cluster_name = "${{ vars.BMB_MYSQL_CLUSTER }}" | |
| database_name = "${{ vars.BMB_MYSQL_DATABASE }}" | |
| vpc_name = "${{ vars.BMB_EKS_CLUSTER_VPC }}" | |
| username = "${{ secrets.BMB_MYSQL_USER }}" | |
| password = "${{ secrets.BMB_MYSQL_PASSWORD }}" | |
| EOF | |
| - name: Upload Configuration | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: database-config | |
| path: db.auto.tfvars | |
| test: | |
| name: 'Test' | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| - name: Terraform Init | |
| run: terraform init -upgrade | |
| - name: Terraform Test | |
| if: github.event_name == 'push' | |
| run: terraform test | |
| sonarcloud: | |
| if: github.event_name == 'pull_request' || github.ref == 'refs/heads/main' | |
| name: SonarCloud | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| - name: SonarCloud Scan | |
| uses: SonarSource/sonarcloud-github-action@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| terraform-plan: | |
| needs: [test, terraform-settings] | |
| if: github.event_name == 'pull_request' | |
| environment: dev | |
| name: "Terraform Plan" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download Configuration | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: database-config | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-upload | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| directory: ${{ env.CONFIG_DIRECTORY }} | |
| speculative: true | |
| - name: Create Plan Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-run | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} | |
| plan_only: true | |
| - name: Get Plan Output | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: plan-output | |
| with: | |
| plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} | |
| - name: Update PR | |
| uses: actions/github-script@v7 | |
| id: plan-comment | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| // 1. Retrieve existing bot comments for the PR | |
| const { data: comments } = await github.rest.issues.listComments({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| issue_number: context.issue.number, | |
| }); | |
| const botComment = comments.find(comment => { | |
| return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') | |
| }); | |
| const output = `#### Terraform Cloud Plan Output | |
| \`\`\` | |
| Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. | |
| \`\`\` | |
| [Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) | |
| `; | |
| // 3. Delete previous comment so PR timeline makes sense | |
| if (botComment) { | |
| github.rest.issues.deleteComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| comment_id: botComment.id, | |
| }); | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }); | |
| deploy: | |
| needs: [test, terraform-settings] | |
| if: github.ref == 'refs/heads/main' | |
| name: "Terraform Apply" | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| permissions: | |
| contents: read | |
| outputs: | |
| vpc_id: ${{ steps.saving-workspace-output.outputs.vpc_id }} | |
| cluster: ${{ steps.saving-workspace-output.outputs.cluster }} | |
| host: ${{ steps.saving-workspace-output.outputs.host }} | |
| config_version: ${{ steps.apply-upload.outputs.configuration_version_id }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Download Configuration | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: database-config | |
| - name: Upload Configuration | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: apply-upload | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| directory: ${{ env.CONFIG_DIRECTORY }} | |
| - name: Create Apply Run | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: apply-run | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} | |
| message: "Plan Run from GitHub Actions CI ${{ github.sha }}" | |
| - name: Apply | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| if: ${{ vars.TF_AUTO_APPROVE == 'true' }} | |
| id: apply | |
| with: | |
| run: ${{ steps.apply-run.outputs.run_id }} | |
| comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" | |
| - name: Get output | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: workspace-output | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| - name: "Saving workspace output" | |
| id: saving-workspace-output | |
| continue-on-error: true | |
| run: | | |
| echo "vpc_id=$(echo ${{ toJson(steps.workspace-output.outputs.outputs) }} | jq -r '.[] | select(.name == "vpc_id") | .value')" >> $GITHUB_OUTPUT | |
| echo "cluster=$(echo ${{ toJson(steps.workspace-output.outputs.outputs) }} | jq -r '.[] | select(.name == "cluster") | .value')" >> $GITHUB_OUTPUT | |
| echo "host=$(echo ${{ toJson(steps.workspace-output.outputs.outputs) }} | jq -r '.[] | select(.name == "host") | .value')" >> $GITHUB_OUTPUT | |
| seed-database: | |
| needs: [deploy] | |
| name: "Seed database" | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| defaults: | |
| run: | |
| working-directory: init | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Terraform fmt | |
| id: fmt | |
| run: terraform fmt -check | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -upgrade | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Terraform Apply | |
| id: apply | |
| run: | | |
| terraform apply -auto-approve \ | |
| -var="username=${{ secrets.BMB_MYSQL_USER }}" \ | |
| -var="password=${{ secrets.BMB_MYSQL_PASSWORD }}" \ | |
| -var="host=${{ needs.deploy.outputs.host }}" \ | |
| -var="dbClusterIdentifier=${{ vars.BMB_MYSQL_CLUSTER }}" | |
| echo "secret_arn=$(terraform output -json | jq '.secret_arn.value' | sed 's/"//g')" >> $GITHUB_OUTPUT | |
| - name: Wake up Cluster | |
| continue-on-error: true | |
| run: | | |
| aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "SELECT 1 AS WAKE_UP;" | |
| env: | |
| CLUSTER_ARN: ${{ needs.deploy.outputs.cluster }} | |
| SECRET_ARN: ${{ steps.apply.outputs.secret_arn }} | |
| DATABASE_NAME: ${{ vars.BMB_MYSQL_DATABASE }} | |
| - name: Wait 60s for cluster to wake up | |
| run: sleep 60s | |
| shell: bash | |
| - name: Create tables | |
| continue-on-error: true | |
| run: | | |
| aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/orders_table.sql)" | |
| aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/products_table.sql)" | |
| aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/order_items_table.sql)" | |
| aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/payments_table.sql)" | |
| aws rds-data execute-statement --resource-arn $CLUSTER_ARN --secret-arn $SECRET_ARN --database $DATABASE_NAME --sql "$(cat sql/customers_table.sql)" | |
| env: | |
| AWS_DEFAULT_REGION: us-east-1 | |
| CLUSTER_ARN: ${{ needs.deploy.outputs.cluster }} | |
| SECRET_ARN: ${{ steps.apply.outputs.secret_arn }} | |
| DATABASE_NAME: ${{ vars.BMB_MYSQL_DATABASE }} | |
| - name: Terraform destroy | |
| id: destroy | |
| run: | | |
| terraform destroy -auto-approve | |
| destroy-plan: | |
| name: "Create terraform destroy plan" | |
| needs: [deploy, seed-database] | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| steps: | |
| - name: Create plan | |
| uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
| id: destroy-plan | |
| with: | |
| workspace: ${{ env.TF_WORKSPACE }} | |
| configuration_version: ${{ needs.deploy.outputs.config_version }} | |
| is_destroy: true |