From a2886dc50100f029044a7ae432b0264d759cc6e7 Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 04:44:55 +0530 Subject: [PATCH 01/25] feat: added the workflow file --- .github/workflows/action.yml | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/action.yml diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml new file mode 100644 index 0000000..de66638 --- /dev/null +++ b/.github/workflows/action.yml @@ -0,0 +1,50 @@ +name: Terraform GitHub Actions +on: + - pull_request +defaults: + run: + working-directory: /tf-variables/ +permissions: + pull-requests: write +jobs: + terraform: + name: Terraform + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + steps: + - name: checkout + id: checkout_code + uses: actions/checkout@v2 + + - id: gcp_auth + name: Authenticate to GCP + uses: google-github-actions/auth@v0.3.1 + with: + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + + - id: tf_installation + name: Terraform Installation + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.8.0" + + - name: Terraform fmt + id: fmt + run: terraform fmt -check + continue-on-error: true + + - name: Terraform Init + id: init + run: terraform init + + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + - name: Terraform Plan + id: plan + run: terraform plan -no-color + continue-on-error: true \ No newline at end of file From 90b47423467ad65a59506297ec887a468e30f5e1 Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 04:45:34 +0530 Subject: [PATCH 02/25] feat: renamed the tf-variables providers file --- tf-variables/{providers.tf => providers.tf.bkp} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename tf-variables/{providers.tf => providers.tf.bkp} (100%) diff --git a/tf-variables/providers.tf b/tf-variables/providers.tf.bkp similarity index 100% rename from tf-variables/providers.tf rename to tf-variables/providers.tf.bkp From a5737887e1fa6d700fe5e50298a44d3cfed283bb Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 04:47:48 +0530 Subject: [PATCH 03/25] feat: updated the working dir --- .github/workflows/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index de66638..4c39134 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -3,7 +3,7 @@ on: - pull_request defaults: run: - working-directory: /tf-variables/ + working-directory: ./tf-variables/ permissions: pull-requests: write jobs: From d7d3880a913835310a4ccbf6552afb4419d9cbce Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 04:56:54 +0530 Subject: [PATCH 04/25] feat: added the sdk installation and auth stage --- .github/workflows/action.yml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index 4c39134..9d81c6b 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -14,7 +14,7 @@ jobs: contents: read id-token: write steps: - - name: checkout + - name: Checkout id: checkout_code uses: actions/checkout@v2 @@ -22,9 +22,20 @@ jobs: name: Authenticate to GCP uses: google-github-actions/auth@v0.3.1 with: + token_format: "access_token" + create_credentials_file: true + activate_credentials_file: true workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} service_account: ${{ secrets.SERVICE_ACCOUNT }} + - id: cloud_sdk_installation + name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0.3.0 + + - id: set_cred_file + name: Set credential file + run: gcloud auth login --cred-file=${{steps.auth.outputs.credentials_file_path}} + - id: tf_installation name: Terraform Installation uses: hashicorp/setup-terraform@v3 @@ -47,4 +58,4 @@ jobs: - name: Terraform Plan id: plan run: terraform plan -no-color - continue-on-error: true \ No newline at end of file + continue-on-error: true From 02de73fa762336c5a31188839d47b898332ff0cc Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 04:59:15 +0530 Subject: [PATCH 05/25] feat: removed quotes --- .github/workflows/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index 9d81c6b..03547ab 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -22,7 +22,7 @@ jobs: name: Authenticate to GCP uses: google-github-actions/auth@v0.3.1 with: - token_format: "access_token" + token_format: access_token create_credentials_file: true activate_credentials_file: true workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} From 32a5aa72a814d6a8c90bdcc64f2292981cefd831 Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 05:01:45 +0530 Subject: [PATCH 06/25] feat: removed stage --- .github/workflows/action.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index 03547ab..48e0500 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -31,10 +31,6 @@ jobs: - id: cloud_sdk_installation name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v0.3.0 - - - id: set_cred_file - name: Set credential file - run: gcloud auth login --cred-file=${{steps.auth.outputs.credentials_file_path}} - id: tf_installation name: Terraform Installation From 886b7322780de5c6224c926e9067899a7b1d9143 Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 05:12:14 +0530 Subject: [PATCH 07/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index 48e0500..9c7e453 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -22,10 +22,7 @@ jobs: name: Authenticate to GCP uses: google-github-actions/auth@v0.3.1 with: - token_format: access_token - create_credentials_file: true - activate_credentials_file: true - workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} service_account: ${{ secrets.SERVICE_ACCOUNT }} - id: cloud_sdk_installation From 109a66ec44b6f89c635d01886c3a4983974ca947 Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 05:22:24 +0530 Subject: [PATCH 08/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index 9c7e453..18ad1db 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -18,6 +18,10 @@ jobs: id: checkout_code uses: actions/checkout@v2 + - id: cloud_sdk_installation + name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0.3.0 + - id: gcp_auth name: Authenticate to GCP uses: google-github-actions/auth@v0.3.1 @@ -25,10 +29,6 @@ jobs: workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} service_account: ${{ secrets.SERVICE_ACCOUNT }} - - id: cloud_sdk_installation - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0.3.0 - - id: tf_installation name: Terraform Installation uses: hashicorp/setup-terraform@v3 From 0d197ac5e67d4f78595d6c2e3466d3038c2702ed Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 05:27:02 +0530 Subject: [PATCH 09/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index 18ad1db..f5dd05b 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -26,6 +26,7 @@ jobs: name: Authenticate to GCP uses: google-github-actions/auth@v0.3.1 with: + create_credentials_file: 'true' workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} service_account: ${{ secrets.SERVICE_ACCOUNT }} From 2baa321551b578170662d5528adb08adc4354d2a Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 05:29:32 +0530 Subject: [PATCH 10/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index f5dd05b..d70034d 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -53,3 +53,40 @@ jobs: id: plan run: terraform plan -no-color continue-on-error: true + + - uses: actions/github-script@v7 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` +
Validation Output + + \`\`\`\n + ${{ steps.validate.outputs.stdout }} + \`\`\` + +
+ + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) \ No newline at end of file From 5e9e49b83e49e254f7e41b0ca7c311465a96847a Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 05:32:32 +0530 Subject: [PATCH 11/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index d70034d..cdaa9db 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -53,13 +53,12 @@ jobs: id: plan run: terraform plan -no-color continue-on-error: true - + - uses: actions/github-script@v7 if: github.event_name == 'pull_request' env: PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" with: - github-token: ${{ secrets.GITHUB_TOKEN }} script: | const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` From 02d39883b43f3b81a556738a7fe5c6ddd266046c Mon Sep 17 00:00:00 2001 From: Anupam Date: Thu, 13 Jun 2024 06:11:23 +0530 Subject: [PATCH 12/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml index cdaa9db..506b2ac 100644 --- a/.github/workflows/action.yml +++ b/.github/workflows/action.yml @@ -13,6 +13,7 @@ jobs: permissions: contents: read id-token: write + pull-requests: write steps: - name: Checkout id: checkout_code From 0cdabfc17bbb6ea72be4afa41b5e05e4e065a735 Mon Sep 17 00:00:00 2001 From: Anupam Date: Fri, 14 Jun 2024 14:45:50 +0530 Subject: [PATCH 13/25] feat: removed the old required params for gcp auth stage --- .github/workflows/action.yml | 92 ------------------------------------ 1 file changed, 92 deletions(-) delete mode 100644 .github/workflows/action.yml diff --git a/.github/workflows/action.yml b/.github/workflows/action.yml deleted file mode 100644 index 506b2ac..0000000 --- a/.github/workflows/action.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: Terraform GitHub Actions -on: - - pull_request -defaults: - run: - working-directory: ./tf-variables/ -permissions: - pull-requests: write -jobs: - terraform: - name: Terraform - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - pull-requests: write - steps: - - name: Checkout - id: checkout_code - uses: actions/checkout@v2 - - - id: cloud_sdk_installation - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0.3.0 - - - id: gcp_auth - name: Authenticate to GCP - uses: google-github-actions/auth@v0.3.1 - with: - create_credentials_file: 'true' - workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} - service_account: ${{ secrets.SERVICE_ACCOUNT }} - - - id: tf_installation - name: Terraform Installation - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: "1.8.0" - - - name: Terraform fmt - id: fmt - run: terraform fmt -check - continue-on-error: true - - - name: Terraform Init - id: init - run: terraform init - - - name: Terraform Validate - id: validate - run: terraform validate -no-color - - - name: Terraform Plan - id: plan - run: terraform plan -no-color - continue-on-error: true - - - uses: actions/github-script@v7 - if: github.event_name == 'pull_request' - env: - PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" - with: - script: | - const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` - #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` - #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` -
Validation Output - - \`\`\`\n - ${{ steps.validate.outputs.stdout }} - \`\`\` - -
- - #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` - -
Show Plan - - \`\`\`\n - ${process.env.PLAN} - \`\`\` - -
- - *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }) \ No newline at end of file From 3949499ceaffe4c3c8e9713dc625ff6b8ee5ea0a Mon Sep 17 00:00:00 2001 From: Anupam Date: Fri, 14 Jun 2024 14:50:23 +0530 Subject: [PATCH 14/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 115 +++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 .github/workflows/gitops.yml diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml new file mode 100644 index 0000000..539437d --- /dev/null +++ b/.github/workflows/gitops.yml @@ -0,0 +1,115 @@ +name: GitOps Implementation +on: + pull_request: + branches: + - master + push: + branches: + - master + workflow_dispatch: +defaults: + run: + working-directory: ./tf-variables/ +permissions: + pull-requests: write +jobs: + infrastructure-deployment: + name: Terraform Plan + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + pull-requests: write + steps: + # Checkout the repository code + - name: Checkout + id: checkout_code + uses: actions/checkout@v2 + + # Install the latest version of Google Cloud SDK + - id: cloud_sdk_installation + name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0.3.0 + + # Setup the authentication for the Google Cloud using WIF + - id: gcp_auth + name: Authenticate to GCP + uses: google-github-actions/auth@v0.3.1 + with: + create_credentials_file: 'true' + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + + # Install the specified version of Terraform CLI + - id: tf_installation + name: Terraform Installation + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.8.0" + + # Checks that Terraform configuration files adhere to a canonical format + - name: Terraform fmt + id: fmt + run: terraform fmt -check + continue-on-error: true + + # Initialize the Terraform working directory + - name: Terraform Init + id: init + run: terraform init + + # Validate the terraform configuration files + - name: Terraform Validate + id: validate + run: terraform validate -no-color + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: plan + run: terraform plan -no-color + continue-on-error: true + + # Comments the terraform plan output on pull request + - id: comment_output + name: Comment Terraform Plan Output + uses: actions/github-script@v7 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` +
Validation Output + + \`\`\`\n + ${{ steps.validate.outputs.stdout }} + \`\`\` + +
+ + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + # Generates an execution plan for Terraform + - name: Terraform Apply + id: apply + if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' + run: terraform apply -auto-approve From c5ca39ab1e740e88af62cf6e69958f3142c59dc6 Mon Sep 17 00:00:00 2001 From: Anupam Date: Fri, 14 Jun 2024 14:56:09 +0530 Subject: [PATCH 15/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 539437d..9fab496 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -14,7 +14,7 @@ permissions: pull-requests: write jobs: infrastructure-deployment: - name: Terraform Plan + name: Infrastructure Deployment runs-on: ubuntu-latest permissions: contents: read From e82b4fafd520c154d05a96bf11aeb1ca824aaa92 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 03:10:46 +0530 Subject: [PATCH 16/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 9fab496..58feb77 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -26,6 +26,13 @@ jobs: id: checkout_code uses: actions/checkout@v2 + # Static code analysis + - name: Run tfsec scan + id: static_code_analysis + uses: aquasecurity/tfsec-action@v1.0.4 + with: + path: . + # Install the latest version of Google Cloud SDK - id: cloud_sdk_installation name: Set up Cloud SDK From 8202eca6946d99891abba96925ceca0593991ac5 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 03:18:37 +0530 Subject: [PATCH 17/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 58feb77..8022a73 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -29,7 +29,7 @@ jobs: # Static code analysis - name: Run tfsec scan id: static_code_analysis - uses: aquasecurity/tfsec-action@v1.0.4 + uses: aquasecurity/tfsec-action@v1.0.3 with: path: . From 41d0c4319a1a7b1905773c324a75d4164552527a Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 03:57:18 +0530 Subject: [PATCH 18/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 8022a73..87af49b 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -10,6 +10,10 @@ on: defaults: run: working-directory: ./tf-variables/ +env: + TERRAFORM_VER: 1.8.0 + TERRAFORM_DIR: ./tf-variables + CLOUDSDK_VER: 480.0.0 permissions: pull-requests: write jobs: @@ -26,17 +30,19 @@ jobs: id: checkout_code uses: actions/checkout@v2 - # Static code analysis + # Static code analysis using aqua security's tfsec - name: Run tfsec scan id: static_code_analysis uses: aquasecurity/tfsec-action@v1.0.3 with: - path: . + path: ${{ env.TERRAFORM_DIR }} # Install the latest version of Google Cloud SDK - id: cloud_sdk_installation name: Set up Cloud SDK uses: google-github-actions/setup-gcloud@v0.3.0 + with: + version: ${{ env.CLOUDSDK_VER }} # Setup the authentication for the Google Cloud using WIF - id: gcp_auth @@ -52,27 +58,27 @@ jobs: name: Terraform Installation uses: hashicorp/setup-terraform@v3 with: - terraform_version: "1.8.0" + terraform_version: ${{ env.TERRAFORM_VER }} # Checks that Terraform configuration files adhere to a canonical format - name: Terraform fmt - id: fmt + id: tf_fmt run: terraform fmt -check continue-on-error: true # Initialize the Terraform working directory - name: Terraform Init - id: init + id: tf_init run: terraform init # Validate the terraform configuration files - name: Terraform Validate - id: validate + id: tf_validate run: terraform validate -no-color # Generates an execution plan for Terraform - name: Terraform Plan - id: plan + id: tf_plan run: terraform plan -no-color continue-on-error: true @@ -115,8 +121,8 @@ jobs: body: output }) - # Generates an execution plan for Terraform + # Executes the apply operation to deploy the actual infrastructure - name: Terraform Apply - id: apply + id: tf_apply if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' run: terraform apply -auto-approve From 57a04052202f10a72d82ec9c2452c5bc0ef59e56 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:03:17 +0530 Subject: [PATCH 19/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 87af49b..2e506cd 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -12,7 +12,7 @@ defaults: working-directory: ./tf-variables/ env: TERRAFORM_VER: 1.8.0 - TERRAFORM_DIR: ./tf-variables + TERRAFORM_DIR: "./tf-variables/"" CLOUDSDK_VER: 480.0.0 permissions: pull-requests: write From 310bd084f42527feaea92a7908bfea398a8c50e1 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:08:01 +0530 Subject: [PATCH 20/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 2e506cd..f8927cf 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -12,7 +12,7 @@ defaults: working-directory: ./tf-variables/ env: TERRAFORM_VER: 1.8.0 - TERRAFORM_DIR: "./tf-variables/"" + TERRAFORM_DIR: "./tf-variables/" CLOUDSDK_VER: 480.0.0 permissions: pull-requests: write From efe266da91f14622643e4c84982bdc5524695b4a Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:09:02 +0530 Subject: [PATCH 21/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index f8927cf..975ee41 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -35,7 +35,7 @@ jobs: id: static_code_analysis uses: aquasecurity/tfsec-action@v1.0.3 with: - path: ${{ env.TERRAFORM_DIR }} + path: ./tf-variables/ # Install the latest version of Google Cloud SDK - id: cloud_sdk_installation From dac9aee19ba6831c734f39c18b9df053e8e1b1ab Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:10:34 +0530 Subject: [PATCH 22/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 975ee41..72a640d 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -35,7 +35,7 @@ jobs: id: static_code_analysis uses: aquasecurity/tfsec-action@v1.0.3 with: - path: ./tf-variables/ + working_directory: ${{ env.TERRAFORM_DIR }} # Install the latest version of Google Cloud SDK - id: cloud_sdk_installation From db2ad78eaaeb6ba9de6f61e0fefb5e40d70faf6e Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:46:29 +0530 Subject: [PATCH 23/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 72a640d..a95f4de 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -26,10 +26,18 @@ jobs: pull-requests: write steps: # Checkout the repository code - - name: Checkout - id: checkout_code + - name: Code checkout + id: code_checkout uses: actions/checkout@v2 + # Scan the repo for any sensitive information like secrets etc + - name: Secret Scanning + uses: trufflesecurity/trufflehog@main + with: + path: ./ # Code repository path + base: main # Start scanning from here (usually main branch). + head: HEAD # Scan commits until here (usually dev branch). + # Static code analysis using aqua security's tfsec - name: Run tfsec scan id: static_code_analysis @@ -126,3 +134,13 @@ jobs: id: tf_apply if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' run: terraform apply -auto-approve + + - name: Notify success + if: success() # this step runs only if the previous steps succeeded. + run: echo "" + + - name: Notify failure + if: failure() # this step runs only if any of the previous steps failed. + run: | + echo "[FAILED]: This job has been failed due to earlier errors." + echo "An eamil notification can be setup later sometime." \ No newline at end of file From d4cc975ba94be31db7dc2a729c7539f73b5d6fbe Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:49:02 +0530 Subject: [PATCH 24/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index a95f4de..f7c307e 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -137,10 +137,10 @@ jobs: - name: Notify success if: success() # this step runs only if the previous steps succeeded. - run: echo "" + run: echo "[SUCCESS] The build is successful without any errors." - name: Notify failure if: failure() # this step runs only if any of the previous steps failed. run: | - echo "[FAILED]: This job has been failed due to earlier errors." + echo "[FAILED] This job has been failed due to earlier errors." echo "An eamil notification can be setup later sometime." \ No newline at end of file From c004638895c0f7c1744f87bb1bc0211469816b39 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 04:49:12 +0530 Subject: [PATCH 25/25] feat: removed the old required params for gcp auth stage --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index f7c307e..682dfcf 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -143,4 +143,4 @@ jobs: if: failure() # this step runs only if any of the previous steps failed. run: | echo "[FAILED] This job has been failed due to earlier errors." - echo "An eamil notification can be setup later sometime." \ No newline at end of file + echo "An eamil notification can be setup later sometime."