Update code

libre-devops · Feb 12, 2024 · 6869884 · 6869884
1 parent 768ce7e
commit 6869884
Show file tree

Hide file tree

Showing 2 changed files with 134 additions and 25 deletions.
diff --git a/.github/workflows/tf-apply.yml b/.github/workflows/tf-apply.yml
@@ -1,40 +1,143 @@
-name: 'Terraform Apply'
+name: 'Run Script'
 
 # Allow run manually
 on:
   workflow_dispatch:
+    inputs:
+      terraform_code_location:
+        type: string
+        description: What working directory should be passed to the script
+        default: "examples/module-development"
+      run_terraform_init:
+        type: boolean
+        description: 'Whether terraform init should be ran'
+        default: true
+      run_terraform_plan:
+        type: boolean
+        description: 'Whether terraform plan should be ran'
+        default: true
+      run_terraform_plan_destroy:
+        type: boolean
+        description: 'Whether terraform plan destroy should be ran'
+        default: false
+      run_terraform_apply:
+        type: boolean
+        description: 'Whether terraform apply should be ran'
+        default: false
+      run_terraform_destroy:
+        type: boolean
+        description: 'Whether terraform destroy should be ran'
+        default: false
+      run_tfsec:
+        type: boolean
+        description: 'Whether tfsec should be ran'
+        default: true
+      run_checkov:
+        type: boolean
+        description: 'Whether checkov should be ran'
+        default: false
+      run_terraform_compliance:
+        type: boolean
+        description: 'Whether terraform-compliance should be ran'
+        default: false
+      terraform_compliance_policy_files:
+        type: string
+        description: 'Whether checkov should be ran'
+        default: "git:https://github.com/libre-devops/azure-naming-convention.git//?ref=main"
+      enable_debug_mode:
+        type: boolean
+        description: 'Whether debug mode should be enable for within the script'
+        default: true
+      delete_plan_files:
+        type: boolean
+        description: 'Whether the tfplan files should be auto deleted'
+        default: true
+      terraform_version:
+        type: string
+        description: 'What version should tenv attempt to use?'
+        default: latest
+      terraform_state_name:
+        type: string
+        description: 'Name of the Terraform state file'
+        default: 'lbd-uks-prd-test-build.terraform.tfstate'
 
 jobs:
-  azure-terraform-job:
-    name: 'Terraform Build'
+  run-script:
+    name: 'Run Script'
     runs-on: ubuntu-latest
-    environment: tst
 
-    # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
     defaults:
       run:
-        shell: bash
+        shell: pwsh
 
     steps:
       - uses: actions/checkout@v3
 
-      - name: Libre DevOps - Run Terraform for Azure - GitHub Action
-        id: terraform-build
-        uses: libre-devops/azure-terraform-gh-action@v1
+      - name: Set up Homebrew
+        id: set-up-homebrew
+        uses: Homebrew/actions/setup-homebrew@master
+
+      - uses: actions/setup-python@v5
         with:
-          terraform-path: "examples/standard"
-          terraform-workspace-name: "dev"
-          terraform-backend-storage-rg-name: ${{ secrets.SpokeSaRgName }}
-          terraform-backend-storage-account-name: ${{ secrets.SpokeSaName }}
-          terraform-backend-blob-container-name: ${{ secrets.SpokeSaBlobContainerName }}
-          terraform-backend-storage-access-key: ${{ secrets.SpokeSaPrimaryKey }}
-          terraform-backend-state-name: "lbdo-dev-gh.terraform.tfstate"
-          terraform-provider-client-id: ${{ secrets.SpokeSvpClientId }}
-          terraform-provider-client-secret: ${{ secrets.SpokeSvpClientSecret }}
-          terraform-provider-subscription-id: ${{ secrets.SpokeSubId }}
-          terraform-provider-tenant-id: ${{ secrets.SpokeTenantId }}
-          terraform-compliance-path: "git:https://github.com/libre-devops/azure-naming-convention.git//?ref=main"
-          checkov-skipped-tests: "CKV_AZURE_116,CKV_AZURE_117,CKV_AZURE_137,CKV_AZURE_138,CKV_AZURE_139,CKV_AZURE_141,CKV_AZURE_145,CKV_AZURE_151,CKV_AZURE_33,CKV_AZURE_34,CKV_AZURE_35,CKV_AZURE_4,CKV_AZURE_44,CKV_AZURE_50,CKV_AZURE_7,CKV_AZURE_98,CKV2_AZURE_1,CKV2_AZURE_18,CKV2_AZURE_21,CKV2_AZURE_8"
-          run-terraform-destroy: "false"
-          run-terraform-plan-only: "false"
-          terraform-version: "latest"
+          python-version: '3.11'
+
+      - name: Install tenv
+        id: install-tenv
+        shell: pwsh
+        run: |
+          $tfenvUri = "https://api.github.com/repos/tofuutils/tenv/releases/latest"
+          $tenvLatestVersion = (Invoke-RestMethod -Uri $tfenvUri).tag_name
+          
+          $tenvDownloadUrl = "https://github.com/tofuutils/tenv/releases/latest/download/tenv_${tenvLatestVersion}_amd64.deb"
+          $tenvFilePath = "./tenv_${tenvLatestVersion}_amd64.deb"
+          Invoke-WebRequest -Uri $tenvDownloadUrl -OutFile $tenvFilePath
+          
+          sudo dpkg -i $tenvFilePath
+
+      - name: Install tfsec
+        id: install-tfsec
+        shell: pwsh
+        run: |
+          brew install tfsec
+
+      - name: Install checkov
+        id: install-checkov
+        shell: pwsh
+        run: |
+          pip3 install checkov
+
+      - name: Install terraform-compliance
+        id: install-terraform-compliance
+        shell: pwsh
+        run: |
+          pip3 install terraform-compliance
+
+      - name: Build
+        id: run-script
+        shell: pwsh
+        run: |
+          .\Run-AzTerraform.ps1 `
+            -TerraformCodeLocation ${{ inputs.working_directory }} `
+            -RunTerraformInit ${{ inputs.run_terraform_init }} `
+            -RunTerraformPlan ${{ inputs.run_terraform_plan }} `
+            -RunTerraformPlanDestroy ${{ inputs.run_terraform_plan_destroy }} `
+            -RunTerraformApply ${{ inputs.run_terraform_apply }} `
+            -RunTerraformDestroy ${{ inputs.run_terraform_destroy }} `
+            -DebugMode ${{ inputs.enable_debug_mode }} `
+            -RunTfsec ${{ inputs.run_tfsec }} `
+            -RunCheckov ${{ inputs.run_checkov }} `
+            -RunTerraformCompliance ${{ inputs.run_terraform_compliance }} `
+            -TerraformCompliancePolicyFiles ${{ inputs.terraform_compliance_policy_files }} `
+            -DeletePlanFiles ${{ inputs.delete_plan_files }} `
+            -TerraformVersion ${{ inputs.terraform_version }} `
+            -BackendStorageSubscriptionId ${{ secrets.SpokeSubId }} `
+            -BackendStorageAccountRgName ${{ secrets.SpokeSaRgName }} `
+            -BackendStorageAccountName ${{ secrets.SpokeSaName }} `
+            -BackendStorageAccountBlobContainerName ${{ secrets.SpokeSaBlobContainerName }} `
+            -BackendStorageAccountBlobStatefileName ${{ inputs.terraform_state_name }}
+        env:
+          ARM_CLIENT_ID: ${{ secrets.SpokeSvpClientId }}
+          ARM_CLIENT_SECRET: ${{ secrets.SpokeSvpClientSecret }}
+          ARM_SUBSCRIPTION_ID: ${{ secrets.SpokeSubId }}
+          ARM_TENANT_ID: ${{ secrets.SpokeTenantId }}
+          ARM_USE_AZUREAD: true
diff --git a/Run-AzTerraform.ps1 b/Run-AzTerraform.ps1
@@ -103,6 +103,12 @@ try
         {
             $tenvPath = Get-Command tenv -ErrorAction Stop
             Write-Host "[$( $MyInvocation.MyCommand.Name )] Success: Tenv found at: $( $tenvPath.Source )" -ForegroundColor Green
+            if ($TerraformVersion -ne 'default')
+            {
+                Write-Host "[$( $MyInvocation.MyCommand.Name )] Info: Desired terraform version is $TerraformVersion, attempting to install now" -ForegroundColor Green
+                tenv tf install $TerraformVersion --verbose
+                tenv tf use $TerraformVersion --verbose
+            }
         }
         catch
         {