-
Notifications
You must be signed in to change notification settings - Fork 7
62 lines (58 loc) · 2.5 KB
/
example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
name: Example-Workflow
on:
workflow_dispatch:
permissions:
id-token: write
contents: read
env:
AWS_BUCKET: ${{ secrets.AWS_BUCKET }}
AWS_BUCKET_REGION: "us-west-2"
ROLE_ODIC_ARN: ${{ secrets.ROLE_ODIC_ARN }}
ROLE_SESSION_NAME: "Github-Actions-ODIC"
ROLE_DEFAULT_REGION: "us-east-1"
WORKFLOW_ID_PATHS: ${{ github.run_id }}/${{ github.run_number }}/${{ github.run_attempt }}
WORKFLOW_ID_DASHES: ${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}
jobs:
infrastructure:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- name: Checkout edb-terraform repo
uses: actions/checkout@v4
with:
repository: EnterpriseDB/edb-terraform
ref: ${{ github.ref_name }}
path: "${{ github.workspace }}/EnterpriseDB/edb-terraform"
- name: Install edb-terraform
uses: ./EnterpriseDB/edb-terraform/actions/setup
with:
repo-directory: "${{ github.workspace }}/EnterpriseDB/edb-terraform"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.ROLE_ODIC_ARN}}
role-session-name: ${{ env.ROLE_SESSION_NAME}}
aws-region: ${{ env.ROLE_DEFAULT_REGION }}
- name: Generate terraform files
id: edb-terraform
uses: ./EnterpriseDB/edb-terraform/actions/generate
with:
infra-file-path: "${{ github.workspace }}/EnterpriseDB/edb-terraform/docs/examples/aws/machines-v2.yml"
artifact-id: "-${{ env.WORKFLOW_ID_DASHES }}"
- name: Provision Terraform infrastructure
uses: ./EnterpriseDB/edb-terraform/actions/apply
id: provision
with:
project-path: "${{ steps.edb-terraform.outputs.project-path }}"
force-dynamic-ip: "true"
force-service-machines: "true"
backend-configs: '["bucket=${{ env.AWS_BUCKET }}","key=${{ env.WORKFLOW_ID_PATHS }}","region=${{ env.AWS_BUCKET_REGION }}"]'
artifact-id: "-${{ env.WORKFLOW_ID_DASHES }}"
- name: Destroy Terraform infrastructure
uses: ./EnterpriseDB/edb-terraform/actions/destroy
with:
project-path: "${{ steps.edb-terraform.outputs.project-path }}"
# When splitting destroy into a seperate job/step,
# always() is needed to always execute the if statement when a previous step fails.
# Ref: https://github.com/actions/runner/issues/2205#issuecomment-1381988186
if: always() && steps.provision.outcome != 'skipped'