-
Notifications
You must be signed in to change notification settings - Fork 0
99 lines (86 loc) · 4.44 KB
/
manual: Generate-TF-Plan-Diagram.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Description: This workflow is used to build the infrastructure for the Dashboard Service
name: Generate Terraform Plan Diagram
on:
workflow_dispatch: # Allow manual trigger
push:
branches:
- main
- "feature/**" # Include feature branches for init and plan only
- "bugfix/**"
- "hotfix/**"
pull_request:
branches:
- main # Validate PRs to main with init and plan
jobs:
terraform:
runs-on: ubuntu-latest
steps:
# Step 1: Check out the repository
- name: Checkout Repository
uses: actions/checkout@v3
# Step 2: Set up HashiCorp Terraform
- name: Set up Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_wrapper: false
# Step 3: Set up Azure CLI for authentication
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
# Step 4: Set up Azure Storage Backend if it doesn't already exist
- name: Set Up Azure Storage Backend for Terraform State
id: setup_azure_storage
run: |
if ! az group show --name "dashboard-state-rg" &>/dev/null; then
echo "Creating resource group: dashboard-state-rg"
az group create --name "dashboard-state-rg" --location "eastus"
fi
if ! az storage account show --name "dashboardstatestg" --resource-group "dashboard-state-rg" &>/dev/null; then
echo "Creating storage account: dashboardstatestg"
az storage account create --name "dashboardstatestg" --resource-group "dashboard-state-rg" --location "eastus" --sku Standard_LRS
fi
AZURE_STORAGE_KEY=$(az storage account keys list --resource-group "dashboard-state-rg" --account-name "dashboardstatestg" --query "[0].value" --output tsv)
echo "::set-output name=AZURE_STORAGE_KEY::$AZURE_STORAGE_KEY"
if ! az storage container show --name "dashboard-tfstate" --account-name "dashboardstatestg" --account-key "$AZURE_STORAGE_KEY" &>/dev/null; then
echo "Creating blob container: dashboard-tfstate"
az storage container create --name "dashboard-tfstate" --account-name "dashboardstatestg" --account-key "$AZURE_STORAGE_KEY"
fi
az vm image terms accept --publisher openvpn --offer openvpnas --plan openvpnas --subscription ${{ secrets.ARM_SUBSCRIPTION_ID }} || true
az vm image terms show --publisher openvpn --offer openvpnas --plan openvpnas --subscription ${{ secrets.ARM_SUBSCRIPTION_ID }} || true
# Step 5: Initialize Terraform with remote backend configuration
- name: Terraform Init
run: terraform init -input=false -backend-config="storage_account_name=dashboardstatestg" -backend-config="container_name=dashboard-tfstate" -backend-config="key=terraform.tfstate" -backend-config="access_key=${{ steps.setup_azure_storage.outputs.AZURE_STORAGE_KEY }}"
working-directory: infra_env_dashboard/infra-automation
env:
TF_VAR_client_id: ${{ secrets.ARM_CLIENT_ID }}
TF_VAR_client_secret: ${{ secrets.ARM_CLIENT_SECRET }}
TF_VAR_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
TF_VAR_tenant_id: ${{ secrets.ARM_TENANT_ID }}
# Step 6: Terraform Plan (Run on all branches)
- name: Terraform Plan
run: |
while ! terraform plan -input=false -lock=true -refresh=true -out /tmp/plan.out; do
echo "State is locked. Retrying in 30 seconds..."
sleep 30
done
terraform show -json /tmp/plan.out > plan.json
working-directory: infra_env_dashboard/infra-automation
env:
TF_VAR_client_id: ${{ secrets.ARM_CLIENT_ID }}
TF_VAR_client_secret: ${{ secrets.ARM_CLIENT_SECRET }}
TF_VAR_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }}
TF_VAR_tenant_id: ${{ secrets.ARM_TENANT_ID }}
TF_VAR_admin_password: ${{ secrets.ADMIN_PASSWORD }}
TF_VAR_vm_admin_password: ${{ secrets.ADMIN_PASSWORD }}
TF_VAR_resource_group_name: "dashboard-service-rg"
# Step 7: Run Rover Docker to Visualize the Plan
- name: Run Terraform Plan Visualization
uses: addnab/docker-run-action@v3
with:
registry: docker.io
image: im2nguyen/rover:latest
options: -v /tmp:/src -p 9000:9000
run: |
echo "Starting Rover Visualization"
rover -planJSONPath=/src/plan.json