-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathaction.yaml
287 lines (273 loc) · 12.2 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
name: 'Deploy EKS to AWS'
description: 'Deploy Kubernetes Service (EKS) to AWS'
branding:
icon: upload-cloud
color: red
inputs:
# Action definitions
checkout:
description: 'Specifies if this action should checkout the code'
required: false
default: 'true'
bitops_code_only:
description: 'Will run only the generation phase of BitOps, where the Terraform and Ansible code is built.'
required: false
bitops_code_store:
description: 'Store BitOps code as a GitHub artifact'
required: false
tf_stack_destroy:
description: 'Set to "true" to Destroy the stack through Terraform.'
required: false
tf_state_file_name:
description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
required: false
tf_state_file_name_append:
description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
required: false
tf_state_bucket:
description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`'
required: false
tf_state_bucket_destroy:
description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`'
required: false
# AWS
aws_access_key_id:
description: 'AWS access key ID'
required: false
aws_secret_access_key:
description: 'AWS secret access key'
required: false
aws_session_token:
description: 'AWS session token'
required: false
aws_default_region:
description: 'AWS default region'
default: us-east-1
required: false
aws_resource_identifier:
description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.'
required: false
aws_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# EKS
aws_eks_create:
description: 'Define if an EKS cluster should be created'
required: false
default: true
aws_eks_security_group_name_cluster:
description: "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Master"
required: false
aws_eks_security_group_name_node:
description: "SG for ${var.aws_resource_identifier} - ${var.aws_eks_environment} - EKS Worker"
required: false
aws_eks_environment:
description: 'Specify the eks environment name. Defaults to env'
required: false
aws_eks_management_cidr:
description: 'Enter your public IP or CIDR to add it to the allowed master security groups port 443.'
required: false
aws_eks_allowed_ports:
description: 'Allow incoming traffic from this port. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports_cidr.'
required: false
aws_eks_allowed_ports_cidr:
description: 'Allow incoming traffic from this CIDR block. Accepts comma separated values, matching 1 to 1 with aws_eks_allowed_ports. If none defined, will allow all incoming traffic.'
required: false
aws_eks_cluster_name:
description: "EKS Cluster name. Defaults to eks-cluster"
required: false
aws_eks_cluster_admin_role_arn:
description: "Role ARN to grant cluster-admin permissions"
required: false
aws_eks_cluster_log_types:
description: "EKS Log types, comma separated list. Defaults to api,audit,authenticator"
required: false
aws_eks_cluster_log_retention_days:
description: "Days to store logs. Defaults to 7."
required: false
aws_eks_cluster_log_skip_destroy:
description: "Skip deletion of cluster logs if set to true"
required: false
aws_eks_cluster_version:
description: 'Specify the k8s cluster version'
required: false
aws_eks_instance_type:
description: 'enter the aws instance type'
required: false
aws_eks_instance_ami_id:
description: 'AWS AMI ID. Will default to the latest Amazon EKS Node image for the cluster version.'
required: false
aws_eks_instance_user_data_file:
description: 'Relative path in the repo for a user provided script to be executed with Terraform EKS Node creation.'
required: false
aws_eks_ec2_key_pair:
description: 'Enter the existing ec2 key pair for worker nodes. If none, one will be created.'
required: false
aws_eks_store_keypair_sm:
description: 'If true, will store the newly created keys in Secret Manager'
required: false
aws_eks_desired_capacity:
description: 'Enter the desired capacity for the worker nodes'
required: false
aws_eks_max_size:
description: 'Enter the max_size for the worker nodes'
required: false
aws_eks_min_size:
description: 'Enter the min_size for the worker nodes'
required: false
aws_eks_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# EKS Extras
prometheus_enable:
description: 'Specifies if this action should checkout the code for this deployment'
required: false
grafana_enable:
description: 'Specifies if this action should checkout the code for this deployment'
required: false
loki_enable:
description: 'Specifies if this action should checkout the code for this deployment'
required: false
nginx_enable:
description: 'Specifies if this action should checkout the code for this deployment'
required: false
input_helm_charts:
description: 'Relative path to the folder from project containing Helm charts to be installed. Could be uncompressed or compressed (.tgz) files.'
required: false
# AWS VPC Inputs
aws_vpc_create:
description: 'Define if a VPC should be created'
required: false
default: true
aws_vpc_name:
description: 'Set a specific name for the VPC'
required: false
aws_vpc_cidr_block:
description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
required: false
default: 10.0.0.0/16
aws_vpc_public_subnets:
description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
required: false
default: 10.0.101.0/24,10.0.102.0/24
aws_vpc_private_subnets:
description: 'Comma separated list of private subnets. If none, none will be created.'
required: false
default: 10.0.1.0/24,10.0.2.0/24
aws_vpc_availability_zones:
description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
required: false
default: us-east-1a,us-east-1b
aws_vpc_id:
description: 'AWS VPC ID. Accepts `vpc-###` values.'
required: false
aws_vpc_subnet_id:
description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
required: false
aws_vpc_enable_nat_gateway:
description: 'Enables NAT gateway'
required: false
default: true
aws_vpc_single_nat_gateway:
description: 'Creates only one NAT gateway'
required: false
default: true
aws_vpc_external_nat_ip_ids:
description: 'Comma separated list of IP IDS to reuse in the NAT gateways'
required: false
aws_vpc_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
outputs:
# VPC
aws_vpc_id:
description: "The selected VPC ID used."
value: ${{ steps.deploy.outputs.aws_vpc_id }}
eks_cluster_name:
description: "EKS Cluster name"
value: ${{ steps.deploy.outputs.eks_cluster_name }}
eks_cluster_role_arn:
description: "EKS Role ARN"
value: ${{ steps.deploy.outputs.eks_cluster_role_arn }}
runs:
using: 'composite'
steps:
- name: If grafana is enabled
if: ${{ inputs.grafana_enable == 'true' }}
shell: bash
run: |
mv $GITHUB_ACTION_PATH/helm-charts/grafana $GITHUB_ACTION_PATH/operations/deployment/helm
- name: If prometheus is enabled
if: ${{ inputs.prometheus_enable == 'true' }}
shell: bash
run: |
mv $GITHUB_ACTION_PATH/helm-charts/prometheus $GITHUB_ACTION_PATH/operations/deployment/helm
- name: If loki is enabled
if: ${{ inputs.loki_enable == 'true' }}
shell: bash
run: |
mv $GITHUB_ACTION_PATH/helm-charts/loki $GITHUB_ACTION_PATH/operations/deployment/helm
- name: If nginx is enabled
if: ${{ inputs.nginx_enable == 'true' }}
shell: bash
run: |
mv $GITHUB_ACTION_PATH/helm-charts/ingress-nginx $GITHUB_ACTION_PATH/operations/deployment/helm
- name: Deploy with BitOps
id: deploy
uses: bitovi/github-actions-commons@v1
with:
checkout: ${{ inputs.checkout }}
bitops_code_only: ${{ inputs.bitops_code_only }}
bitops_code_store: ${{ inputs.bitops_code_store }}
tf_stack_destroy: ${{ inputs.tf_stack_destroy }}
tf_state_file_name: ${{ inputs.tf_state_file_name }}
tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
tf_state_bucket: ${{ inputs.tf_state_bucket }}
tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
# Current repo vars
gh_action_repo: ${{ github.action_path }}
gh_action_input_helm_charts: operations/deployment/helm
gh_deployment_input_helm_charts: ${{ inputs.input_helm_charts }}
#AWS
aws_access_key_id: ${{ inputs.aws_access_key_id }}
aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
aws_session_token: ${{ inputs.aws_session_token }}
aws_default_region: ${{ inputs.aws_default_region }}
aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
aws_additional_tags: ${{ inputs.aws_additional_tags }}
# EKS
aws_eks_create: ${{ inputs.aws_eks_create }}
aws_eks_security_group_name_cluster: ${{ inputs.aws_eks_security_group_name_cluster }}
aws_eks_security_group_name_node: ${{ inputs.aws_eks_security_group_name_node }}
aws_eks_environment: ${{ inputs.aws_eks_environment }}
aws_eks_management_cidr: ${{ inputs.aws_eks_management_cidr }}
aws_eks_allowed_ports: ${{ inputs.aws_eks_allowed_ports }}
aws_eks_allowed_ports_cidr: ${{ inputs.aws_eks_allowed_ports_cidr }}
aws_eks_cluster_name: ${{ inputs.aws_eks_cluster_name }}
aws_eks_cluster_admin_role_arn: ${{ inputs.aws_eks_cluster_admin_role_arn }}
aws_eks_cluster_log_types: ${{ inputs.aws_eks_cluster_log_types}}
aws_eks_cluster_log_retention_days: ${{ inputs.aws_eks_cluster_log_retention_days }}
aws_eks_cluster_log_skip_destroy: ${{ inputs.aws_eks_cluster_log_skip_destroy }}
aws_eks_cluster_version: ${{ inputs.aws_eks_cluster_version }}
aws_eks_instance_type: ${{ inputs.aws_eks_instance_type }}
aws_eks_instance_ami_id: ${{ inputs.aws_eks_instance_ami_id }}
aws_eks_instance_user_data_file: ${{ inputs.aws_eks_instance_user_data_file}}
aws_eks_ec2_key_pair: ${{ inputs.aws_eks_ec2_key_pair }}
aws_eks_store_keypair_sm: ${{ inputs.aws_eks_store_keypair_sm }}
aws_eks_desired_capacity: ${{ inputs.aws_eks_desired_capacity}}
aws_eks_max_size: ${{ inputs.aws_eks_max_size }}
aws_eks_min_size: ${{ inputs.aws_eks_min_size }}
aws_eks_additional_tags: ${{ inputs.aws_eks_additional_tags }}
# VPC
aws_vpc_create: ${{ inputs.aws_vpc_create }}
aws_vpc_name: ${{ inputs.aws_vpc_name }}
aws_vpc_cidr_block: ${{ inputs.aws_vpc_cidr_block }}
aws_vpc_public_subnets: ${{ inputs.aws_vpc_public_subnets }}
aws_vpc_private_subnets: ${{ inputs.aws_vpc_private_subnets }}
aws_vpc_availability_zones: ${{ inputs.aws_vpc_availability_zones }}
aws_vpc_id: ${{ inputs.aws_vpc_id }}
aws_vpc_subnet_id: ${{ inputs.aws_vpc_subnet_id }}
aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }}
aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }}
aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }}
aws_vpc_additional_tags: ${{ inputs.aws_vpc_additional_tags }}