-
Notifications
You must be signed in to change notification settings - Fork 0
215 lines (185 loc) · 6.56 KB
/
pulumi.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
name: Pulumi
on:
workflow_dispatch:
inputs:
environment:
type: choice
description: GitHub Environment
options:
- dev
default: dev
pulumi_task:
type: choice
description: Pulumi task to execute
options:
- deploy
- destroy
default: deploy
az_number:
type: string
description: Number of Availability Zones
default: "2"
container_image_uri:
type: string
description: Image URI
default: "nginx"
container_cpu:
type: string
description: Container CPU
default: "256"
container_memory:
type: string
description: Container Memory
default: "512"
container_port:
type: string
description: Container Port
default: "80"
host_port:
type: string
description: Host Port
default: "80"
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
GITHUB_ENVIRONMENT: ${{ inputs.environment }}
AWS_RESOURCE_PREFIX: "pulumi-${{ inputs.environment }}"
AWS_RESOURCE_SHORT_PREFIX: "p-${{ inputs.environment }}" # Max 6 chars
AWS_AZ_NUMBER: ${{ inputs.az_number }}
CONTAINER_IMAGE_URI: ${{ inputs.container_image_uri }}
CONTAINER_CPU: ${{ inputs.container_cpu }}
CONTAINER_MEMORY: ${{ inputs.container_memory }}
CONTAINER_PORT: ${{ inputs.container_port }}
HOST_PORT: ${{ inputs.host_port }}
jobs:
preview:
name: Pulumi Preview
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
- name: Install pulumi and login to S3
run: |
pip install pulumi
pulumi login s3://pulumi-lab-state2
- name: Setup pulumi stack and variables
run: |
pulumi stack select --create $GITHUB_ENVIRONMENT
pulumi config set aws:region $AWS_REGION
pulumi config set region $AWS_REGION
pulumi config set az_number $AWS_AZ_NUMBER
pulumi config set prefix $AWS_RESOURCE_PREFIX
pulumi config set short_prefix $AWS_RESOURCE_SHORT_PREFIX
pulumi config set image_uri $CONTAINER_IMAGE_URI
pulumi config set cpu $CONTAINER_CPU
pulumi config set memory $CONTAINER_MEMORY
pulumi config set container_port $CONTAINER_PORT
pulumi config set host_port $HOST_PORT
working-directory: pulumi
- name: Pulumi Deploy Preview
if: env.PULUMI_TASK == 'deploy'
run: |
pulumi preview
working-directory: pulumi
- name: Pulumi Deploy Preview (Detailed)
if: env.PULUMI_TASK == 'deploy'
run: |
pulumi preview --json
working-directory: pulumi
- name: Pulumi Destroy Preview
if: env.PULUMI_TASK == 'destroy'
run: |
pulumi destroy --diff
working-directory: pulumi
deploy:
name: Pulumi Deploy
runs-on: ubuntu-latest
needs: preview
if: inputs.pulumi_task == 'deploy'
environment: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: 3.12
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
- name: Install pulumi and login to S3
run: |
pip install pulumi
pulumi login s3://pulumi-lab-state2
- name: Setup pulumi stack and variables
run: |
pulumi stack select --create $GITHUB_ENVIRONMENT
pulumi config set aws:region $AWS_REGION
pulumi config set region $AWS_REGION
pulumi config set az_number $AWS_AZ_NUMBER
pulumi config set prefix $AWS_RESOURCE_PREFIX
pulumi config set short_prefix $AWS_RESOURCE_SHORT_PREFIX
pulumi config set image_uri $CONTAINER_IMAGE_URI
pulumi config set cpu $CONTAINER_CPU
pulumi config set memory $CONTAINER_MEMORY
pulumi config set container_port $CONTAINER_PORT
pulumi config set host_port $HOST_PORT
working-directory: pulumi
- name: Pulumi Deploy Infrastructure
run: |
pulumi up --yes
working-directory: pulumi
destroy:
name: Pulumi Destroy
runs-on: ubuntu-latest
needs: preview
if: inputs.pulumi_task == 'destroy'
environment: ${{ inputs.environment }}
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: 3.12
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-region: ${{ env.AWS_REGION }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
- name: Install pulumi and login to S3
run: |
pip install pulumi
pulumi login s3://pulumi-lab-state2
- name: Setup pulumi stack and variables
run: |
pulumi stack select --create $GITHUB_ENVIRONMENT
pulumi config set aws:region $AWS_REGION
pulumi config set region $AWS_REGION
pulumi config set az_number $AWS_AZ_NUMBER
pulumi config set prefix $AWS_RESOURCE_PREFIX
pulumi config set short_prefix $AWS_RESOURCE_SHORT_PREFIX
pulumi config set image_uri $CONTAINER_IMAGE_URI
pulumi config set cpu $CONTAINER_CPU
pulumi config set memory $CONTAINER_MEMORY
pulumi config set container_port $CONTAINER_PORT
pulumi config set host_port $HOST_PORT
working-directory: pulumi
- name: Pulumi Deploy Infrastructure
run: |
pulumi destroy --yes
working-directory: pulumi