Terraform Apply #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Terraform Apply' | |
# Allow run manually | |
on: | |
workflow_dispatch: | |
inputs: | |
terraform_code_location: | |
type: string | |
description: What working directory should be passed to the script | |
default: "examples/module-development" | |
run_tfsec: | |
type: boolean | |
description: 'Whether tfsec should be ran' | |
default: true | |
run_checkov: | |
type: boolean | |
description: 'Whether checkov should be ran' | |
default: false | |
run_terraform_compliance: | |
type: boolean | |
description: 'Whether terraform-compliance should be ran' | |
default: false | |
terraform_compliance_policy_files: | |
type: string | |
description: 'The location of terraform-compliance files if used' | |
default: "git:https://github.com/libre-devops/azure-naming-convention.git//?ref=main" | |
enable_debug_mode: | |
type: boolean | |
description: 'Whether debug mode should be enable for within the script' | |
default: true | |
delete_plan_files: | |
type: boolean | |
description: 'Whether the tfplan files should be auto deleted' | |
default: true | |
terraform_version: | |
type: string | |
description: 'What version should tenv attempt to use?' | |
default: latest | |
terraform_state_name: | |
type: string | |
description: 'Name of the Terraform state file' | |
default: 'lbd-uks-prd-test-build.terraform.tfstate' | |
jobs: | |
run-script: | |
name: 'Run Script' | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: pwsh | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Homebrew | |
id: set-up-homebrew | |
uses: Homebrew/actions/setup-homebrew@master | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Install tenv | |
id: install-tenv | |
shell: pwsh | |
run: | | |
$tfenvUri = "https://api.github.com/repos/tofuutils/tenv/releases/latest" | |
$tenvLatestVersion = (Invoke-RestMethod -Uri $tfenvUri).tag_name | |
$tenvDownloadUrl = "https://github.com/tofuutils/tenv/releases/latest/download/tenv_${tenvLatestVersion}_amd64.deb" | |
$tenvFilePath = "./tenv_${tenvLatestVersion}_amd64.deb" | |
Invoke-WebRequest -Uri $tenvDownloadUrl -OutFile $tenvFilePath | |
sudo dpkg -i $tenvFilePath | |
- name: Install tfsec | |
id: install-tfsec | |
shell: pwsh | |
run: | | |
brew install tfsec | |
- name: Install checkov | |
id: install-checkov | |
shell: pwsh | |
run: | | |
pip3 install checkov | |
- name: Install terraform-compliance | |
id: install-terraform-compliance | |
shell: pwsh | |
run: | | |
pip3 install terraform-compliance | |
- name: Build | |
id: run-script | |
shell: pwsh | |
run: | | |
.\Run-AzTerraform.ps1 ` | |
-TerraformCodeLocation ${{ inputs.working_directory }} ` | |
-RunTerraformInit true ` | |
-RunTerraformPlan true ` | |
-RunTerraformPlanDestroy false ` | |
-RunTerraformApply false ` | |
-RunTerraformDestroy false ` | |
-DebugMode ${{ inputs.enable_debug_mode }} ` | |
-RunTfsec ${{ inputs.run_tfsec }} ` | |
-RunCheckov ${{ inputs.run_checkov }} ` | |
-RunTerraformCompliance ${{ inputs.run_terraform_compliance }} ` | |
-TerraformCompliancePolicyFiles ${{ inputs.terraform_compliance_policy_files }} ` | |
-DeletePlanFiles ${{ inputs.delete_plan_files }} ` | |
-TerraformVersion ${{ inputs.terraform_version }} ` | |
-BackendStorageSubscriptionId ${{ secrets.SpokeSubId }} ` | |
-BackendStorageAccountRgName ${{ secrets.SpokeSaRgName }} ` | |
-BackendStorageAccountName ${{ secrets.SpokeSaName }} ` | |
-BackendStorageAccountBlobContainerName ${{ secrets.SpokeSaBlobContainerName }} ` | |
-BackendStorageAccountBlobStatefileName ${{ inputs.terraform_state_name }} | |
env: | |
ARM_CLIENT_ID: ${{ secrets.SpokeSvpClientId }} | |
ARM_CLIENT_SECRET: ${{ secrets.SpokeSvpClientSecret }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.SpokeSubId }} | |
ARM_TENANT_ID: ${{ secrets.SpokeTenantId }} | |
ARM_USE_AZUREAD: true |