-
Notifications
You must be signed in to change notification settings - Fork 1
89 lines (79 loc) · 3.85 KB
/
terraform.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# This is a basic workflow that is manually triggered
name: Destroy Infra
# Controls when the action will run. Workflow runs when manually triggered using the UI or API.
on:
workflow_dispatch:
# Inputs the workflow accepts.
inputs:
environment:
description: 'Environment' # Friendly description to be shown in the UI instead of 'name'
required: true # Input has to be provided for the workflow to run
type: choice
options:
- "dev"
- "prod"
region:
description: 'Azure Region' # Friendly description to be shown in the UI instead of 'name'
required: true # Input has to be provided for the workflow to run
type: choice
options:
- "eastus"
- "westus"
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
env:
ENVIRONMENT: ${{ github.event.client_payload.environment || github.event.inputs.environment }}
REGION: ${{ github.event.client_payload.region || github.event.inputs.region }}
GHEC_LOGIN_ACCOUNTNAME: 'preetishmadalia'
## Terraform Env Vars
ARM_CLIENT_ID: ${{ secrets.TF_ARM_CLIENT_ID }} # Service Principal ClientId with permissions to Resource Group
ARM_CLIENT_SECRET: ${{ secrets.TF_ARM_CLIENT_SECRET }} # Service Principal Secret with permissions to Resource Group
ARM_SUBSCRIPTION_ID: ${{ secrets.TF_AZURE_SUBSCRIPTION_ID }} # Azure Subscription ID
ARM_TENANT_ID: ${{ secrets.TF_AZURE_TENANT_ID }} # Azure TenantId
TERRAFORM_VERSION: 1.1.9
jobs:
setup-environment:
runs-on: ubuntu-latest
steps:
- name: Setup Environment
id: envId
run: |
if [[ ${{ github.event.client_payload.environment || github.event.inputs.environment }} == 'prod' ]]; then
echo "::set-output name=env-nm::p"
else
echo "::set-output name=env-nm::d"
fi
if [[ ${{ github.event.client_payload.region || github.event.inputs.region }} == 'eastus' ]]; then
echo "::set-output name=region-nm::azeast"
else
echo "::set-output name=region-nm::azwest"
fi
outputs:
env-name: ${{ steps.envId.outputs.env-nm }}
region-nm: ${{ steps.envId.outputs.region-nm }}
terraform:
environment: ${{ github.event.client_payload.environment || github.event.inputs.environment }}
name: Terraform - ${{ github.event.client_payload.environment || github.event.inputs.environment }} - ${{ github.event.client_payload.region || github.event.inputs.region }}
runs-on: ubuntu-latest
needs: setup-environment
env:
TF_VAR_docker_registry_server_user : ${{ secrets.DOCKER_REGISTRY_USR }}
TF_VAR_docker_registry_server_pwd : ${{ secrets.DOCKER_REGISTRY_TOKEN }}
ARM_ACCESS_KEY : ${{ needs.setup-environment.outputs.region-nm == 'azeast' && secrets.TF_EASTUS_ARM_ACCESS_KEY || secrets.TF_WESTUS_ARM_ACCESS_KEY }} # Terraform Storage Account Shared Key for State File
steps:
- name: Checkout
uses: actions/checkout@v2.4.0
#Install Terraform
- name: Install Terraform
uses: hashicorp/setup-terraform@v1.3.2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
#Run terraform on resource group folder
- name: Azure AppService Terraform Step
run: |
cd ./src/terraform
git config --global url."https://${{ env.GHEC_LOGIN_ACCOUNTNAME }}:${{ env.GITHUB_TOKEN }}@github.com/CloudTemplates/".insteadOf "https://github.com/CloudTemplates/"
terraform -v
terraform init -backend-config="${{ env.ENVIRONMENT }}-${{ env.REGION }}-backend.tfvars"
terraform destroy -var-file="${{ env.ENVIRONMENT }}-${{ env.REGION }}.tfvars" -auto-approve
env:
GITHUB_TOKEN : ${{ secrets.CLOUDTEMPLATES_TOKEN }}