Gh actions addition

.github/workflows/gitops.yml

@@ -0,0 +1,146 @@
+name: GitOps Implementation
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+defaults:
+  run:
+    working-directory: ./tf-variables/
+env:
+  TERRAFORM_VER: 1.8.0
+  TERRAFORM_DIR: "./tf-variables/"
+  CLOUDSDK_VER: 480.0.0
+permissions:
+  pull-requests: write
+jobs:
+  infrastructure-deployment:
+    name: Infrastructure Deployment
+    runs-on: ubuntu-latest
+    permissions:
+        contents: read
+        id-token: write
+        pull-requests: write
+    steps:
+      # Checkout the repository code
+      - name: Code checkout
+        id: code_checkout
+        uses: actions/checkout@v2
+
+      # Scan the repo for any sensitive information like secrets etc
+      - name: Secret Scanning
+        uses: trufflesecurity/trufflehog@main
+        with:
+          path: ./ # Code repository path
+          base: main # Start scanning from here (usually main branch).
+          head: HEAD # Scan commits until here (usually dev branch).
+
+      # Static code analysis using aqua security's tfsec
+      - name: Run tfsec scan
+        id: static_code_analysis
+        uses: aquasecurity/tfsec-action@v1.0.3
+        with:
+          working_directory: ${{ env.TERRAFORM_DIR }}
+
+      # Install the latest version of Google Cloud SDK
+      - id: cloud_sdk_installation
+        name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v0.3.0
+        with:
+          version: ${{ env.CLOUDSDK_VER }}
+
+      # Setup the authentication for the Google Cloud using WIF
+      - id: gcp_auth
+        name: Authenticate to GCP
+        uses: google-github-actions/auth@v0.3.1
+        with:
+          create_credentials_file: 'true'
+          workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }}	
+          service_account: ${{ secrets.SERVICE_ACCOUNT }}
+
+      # Install the specified version of Terraform CLI
+      - id: tf_installation
+        name: Terraform Installation
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: ${{ env.TERRAFORM_VER }}
+
+      # Checks that Terraform configuration files adhere to a canonical format
+      - name: Terraform fmt
+        id: tf_fmt
+        run: terraform fmt -check
+        continue-on-error: true
+
+      # Initialize the Terraform working directory
+      - name: Terraform Init
+        id: tf_init
+        run: terraform init
+
+      # Validate the terraform configuration files
+      - name: Terraform Validate
+        id: tf_validate
+        run: terraform validate -no-color
+
+      # Generates an execution plan for Terraform
+      - name: Terraform Plan
+        id: tf_plan
+        run: terraform plan -no-color
+        continue-on-error: true
+
+      # Comments the terraform plan output on pull request
+      - id: comment_output
+        name: Comment Terraform Plan Output
+        uses: actions/github-script@v7
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+            <details><summary>Validation Output</summary>
+
+            \`\`\`\n
+            ${{ steps.validate.outputs.stdout }}
+            \`\`\`
+
+            </details>
+
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+
+            </details>
+
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
+
+            github.rest.issues.createComment({
+                issue_number: context.issue.number,
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                body: output
+            })
+
+      # Executes the apply operation to deploy the actual infrastructure
+      - name: Terraform Apply
+        id: tf_apply
+        if: github.ref == 'refs/heads/"master"' && github.event_name == 'push'
+        run: terraform apply -auto-approve
+
+      - name: Notify success
+        if: success() # this step runs only if the previous steps succeeded.
+        run: echo "[SUCCESS] The build is successful without any errors."
+
+      - name: Notify failure
+        if: failure() # this step runs only if any of the previous steps failed.
+        run: |
+          echo "[FAILED] This job has been failed due to earlier errors."
+          echo "An eamil notification can be setup later sometime."