Skip to content

Commit

Permalink
CI terraform commands
Browse files Browse the repository at this point in the history
  • Loading branch information
@jameslinnell
jameslinnell committed Oct 10, 2023
1 parent fb2b6e0 commit b7e9e20
Show file tree
Hide file tree
Showing 2 changed files with 121 additions and 0 deletions.
12 changes: 12 additions & 0 deletions scripts/infrastructure/terraform.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,3 +41,15 @@ initialise--non-mgmt: aws--login ## Bootstrap the Non-MGMT AWS environments. Mus

destroy--non-mgmt: aws--login ## Destroy the Non-MGMT AWS environments. Must provide TERRAFORM_ROLE_NAME keyword argument.
@ AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) bash $(PATH_TO_INFRASTRUCTURE)/destroy-non-mgmt-resources.sh $(TERRAFORM_ROLE_NAME)

terraform--ci-init: ## Run terraform init in the CI
@ AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) PROJECT_PREFIX=$(PROJECT_PREFIX) bash $(PATH_TO_INFRASTRUCTURE)/terraform/terraform-ci-commands.sh ci-init $(TERRAFORM_ENVIRONMENT) $(TERRAFORM_ACCOUNT_WIDE) $(TERRAFORM_ARGS)

terraform--ci-plan: ## Run terraform plan in the CI
@ AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) PROJECT_PREFIX=$(PROJECT_PREFIX) bash $(PATH_TO_INFRASTRUCTURE)/terraform/terraform-ci-commands.sh ci-plan $(TERRAFORM_ENVIRONMENT) $(TERRAFORM_ACCOUNT_WIDE) $(TERRAFORM_ARGS)

terraform--ci-apply: ## Run terraform apply in the CI
@ AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) PROJECT_PREFIX=$(PROJECT_PREFIX) bash $(PATH_TO_INFRASTRUCTURE)/terraform/terraform-ci-commands.sh ci-apply $(TERRAFORM_ENVIRONMENT) $(TERRAFORM_ACCOUNT_WIDE) $(TERRAFORM_ARGS)

terraform--ci-destroy: ## Run terraform destroy in the CI
@ AWS_ACCESS_KEY_ID=$(AWS_ACCESS_KEY_ID) AWS_SECRET_ACCESS_KEY=$(AWS_SECRET_ACCESS_KEY) AWS_SESSION_TOKEN=$(AWS_SESSION_TOKEN) PROJECT_PREFIX=$(PROJECT_PREFIX) bash $(PATH_TO_INFRASTRUCTURE)/terraform/terraform-ci-commands.sh ci-destroy $(TERRAFORM_ENVIRONMENT) $(TERRAFORM_ACCOUNT_WIDE) $(TERRAFORM_ARGS)
109 changes: 109 additions & 0 deletions scripts/infrastructure/terraform/terraform-ci-commands.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
!/bin/bash

source ./scripts/infrastructure/terraform/terraform-constants.sh
source ./scripts/infrastructure/terraform/terraform-utils.sh
source ./scripts/infrastructure/terraform/terraform-ci-commands.sh

TERRAFORM_COMMAND="$1"
TERRAFORM_ENVIRONMENT="$2"
TERRAFORM_ACCOUNT_WIDE="$3"
TERRAFORM_ARGS="$4"
AWS_REGION_NAME="eu-west-2"

function _terraform_ci() {
local account_wide=$3
local env
local aws_account_id
local var_file
local current_timestamp
local terraform_dir
env=$(_get_environment_name $TERRAFORM_ENVIRONMENT)
aws_account_id=$(_get_aws_account_id "$env")
var_file=$(_get_environment_vars_file "$env")
terraform_dir=$(_get_terraform_dir "$env" "$TERRAFORM_ACCOUNT_WIDE")
current_timestamp="$(date '+%Y_%m_%d__%H_%M_%S')"
local plan_file="./tfplan"
local ci_log_bucket="${PROJECT_PREFIX}-mgmt--github-ci-logging"

case $TERRAFORM_COMMAND in
"ci-init")
if [[ "$RUNNING_IN_CI" != 1 ]]; then
echo "Command should only be used by CI pipeline" >&2
return 1
fi

echo "Init terraform for aws workspace: ${env}"

local tf_init_output="${env}-tf-init-output_${current_timestamp}.txt"

cd "$terraform_dir" || return 1
_terraform_init "$env" |& tee "./${tf_init_output}" > /dev/null
local tf_init_status="${PIPESTATUS[0]}"
aws s3 cp "./${tf_init_output}" "s3://${ci_log_bucket}/${env}/${tf_init_output}"

echo "Init complete. Uploaded output to: s3://${ci_log_bucket}/${env}/${tf_init_output}"
return "$tf_init_status"
;;
#----------------
"ci-plan")
if [[ "$RUNNING_IN_CI" != 1 ]]; then
echo "Command should only be used by CI pipeline" >&2
return 1
fi

echo "Creating plan for aws workspace: ${env}"

local tf_plan_output="${env}-tf-plan-output_${current_timestamp}.txt"

cd "$terraform_dir" || return 1
_terraform_plan "$env" "$var_file" "$plan_file" "$aws_account_id" |& tee "./${tf_plan_output}" > /dev/null
local tf_plan_status="${PIPESTATUS[0]}"
aws s3 cp "./${tf_plan_output}" "s3://${ci_log_bucket}/${env}/${tf_plan_output}"

echo "Plan complete. Uploaded output output to: s3://${ci_log_bucket}/${env}/${tf_plan_output}"
return "$tf_plan_status"
;;
#----------------
"ci-apply")

if [[ "$RUNNING_IN_CI" != 1 ]]; then
echo "Command should only be used by CI pipeline" >&2
return 1
fi

echo "Applying change to aws workspace: ${env}"

local tf_apply_output="${env}-tf-apply-output_${current_timestamp}.txt"

cd "$terraform_dir" || return 1
_terraform_apply "$env" "$plan_file" |& tee "./${tf_apply_output}" > /dev/null
local tf_apply_status="${PIPESTATUS[0]}"
aws s3 cp "./${tf_apply_output}" "s3://${ci_log_bucket}/${env}/${tf_apply_output}"

echo "Apply complete. Uploaded output output to: s3://${ci_log_bucket}/${env}/${tf_apply_output}"
return "$tf_apply_status"
;;
#----------------
"ci-destroy")
if [[ "$RUNNING_IN_CI" != 1 ]]; then
echo "Command should only be used by CI pipeline" >&2
return 1
fi

echo "Destroying aws workspace: ${env}"

local tf_destroy_output="${env}-tf-destroy-output_${current_timestamp}.txt"

cd "$terraform_dir" || return 1
_terraform_destroy "$env" "$var_file" "$aws_account_id" "-auto-approve" |& tee "./${tf_destroy_output}" > /dev/null
local tf_destroy_status="${PIPESTATUS[0]}"
aws s3 cp "./${tf_destroy_output}" "s3://${ci_log_bucket}/${env}/${tf_destroy_output}"

echo "Destroy complete. Uploaded output output to: s3://${ci_log_bucket}/${env}/${tf_destroy_output}"
return "$tf_destroy_status"
;;
#----------------
esac
}

_terraform_ci $@

0 comments on commit b7e9e20

Please sign in to comment.