diff --git a/fast/assets/templates/workflow-github.yaml b/fast/assets/templates/workflow-github.yaml index d27299471a..5de19d341c 100644 --- a/fast/assets/templates/workflow-github.yaml +++ b/fast/assets/templates/workflow-github.yaml @@ -24,13 +24,13 @@ on: - synchronize env: - FAST_OUTPUTS_BUCKET: ${outputs_bucket} - FAST_SERVICE_ACCOUNT: ${service_account} + FAST_SERVICE_ACCOUNT: ${service_accounts.apply} + FAST_SERVICE_ACCOUNT_PLAN: ${service_accounts.plan} FAST_WIF_PROVIDER: ${identity_provider} SSH_AUTH_SOCK: /tmp/ssh_agent.sock - TF_PROVIDERS_FILE: ${tf_providers_file} - TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - TF_VERSION: 1.4.4 + TF_PROVIDERS_FILE: ${tf_providers_files.apply} + TF_PROVIDERS_FILE_PLAN: ${tf_providers_files.plan} + TF_VERSION: 1.6.5 jobs: fast-pr: @@ -46,52 +46,74 @@ jobs: uses: actions/checkout@v3 # set up SSH key authentication to the modules repository + - id: ssh-config name: Configure SSH authentication run: | ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null ssh-add - <<< "$${{ secrets.CICD_MODULES_KEY }}" - # set up authentication via Workload identity Federation + # set up step variables for plan / apply + + - id: vars-plan + if: github.event.pull_request.merged != true && success() + name: Set up plan variables + run: | + echo "plan_opts=-lock=false" >> "$GITHUB_ENV" + echo "provider_file=$${{env.TF_PROVIDERS_FILE_PLAN}}" >> "$GITHUB_ENV" + echo "service_account=$${{env.FAST_SERVICE_ACCOUNT_PLAN}}" >> "$GITHUB_ENV" + + - id: vars-apply + if: github.event.pull_request.merged == true && success() + name: Set up apply variables + run: | + echo "provider_file=$${{env.TF_PROVIDERS_FILE}}" >> "$GITHUB_ENV" + echo "service_account=$${{env.FAST_SERVICE_ACCOUNT}}" >> "$GITHUB_ENV" + + # set up authentication via Workload identity Federation and gcloud + - id: gcp-auth name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: - workload_identity_provider: $${{ env.FAST_WIF_PROVIDER }} - service_account: $${{ env.FAST_SERVICE_ACCOUNT }} - access_token_lifetime: 3600s + workload_identity_provider: $${{env.FAST_WIF_PROVIDER}} + service_account: $${{env.service_account}} + access_token_lifetime: 900s - id: gcp-sdk name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: alpha - # copy provider and tfvars files - - id: tf-config - name: Copy Terraform output files + # copy provider file + + - id: tf-config-provider + name: Copy Terraform provider file run: | gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.TF_PROVIDERS_FILE}}" ./ + "gs://${outputs_bucket}/providers/$${{env.provider_file}}" ./ + %{~ for f in tf_var_files ~} gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/tfvars" ./ - for f in $${{env.TF_VAR_FILES}}; do - ln -s "tfvars/$f" ./ - done + "gs://${outputs_bucket}/tfvars/${f}" ./ + %{~ endfor ~} - id: tf-setup name: Set up Terraform uses: hashicorp/setup-terraform@v2.0.3 with: - terraform_version: $${{ env.TF_VERSION }} + terraform_version: $${{env.TF_VERSION}} # run Terraform init/validate/plan + - id: tf-init name: Terraform init + continue-on-error: true run: | terraform init -no-color - id: tf-validate + continue-on-error: true name: Terraform validate run: terraform validate -no-color @@ -99,7 +121,7 @@ jobs: name: Terraform plan continue-on-error: true run: | - terraform plan -input=false -out ../plan.out -no-color + terraform plan -input=false -out ../plan.out -no-color $${{env.plan_opts}} - id: tf-apply if: github.event.pull_request.merged == true && success() @@ -108,28 +130,31 @@ jobs: run: | terraform apply -input=false -auto-approve -no-color ../plan.out + # PR comment with Terraform result from previous steps + # length is checked and trimmed for length so as to stay within the limit + - id: pr-comment name: Post comment to Pull Request continue-on-error: true uses: actions/github-script@v6 if: github.event_name == 'pull_request' env: - PLAN: $${{ steps.tf-plan.outputs.stdout }}\n$${{ steps.tf-plan.outputs.stderr }} + PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} with: script: | - const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + const output = `### Terraform Initialization \`$${{steps.tf-init.outcome}}\` - ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + ### Terraform Validation \`$${{steps.tf-validate.outcome}}\`
Validation Output \`\`\`\n - $${{ steps.tf-validate.outputs.stdout }} + $${{steps.tf-validate.outputs.stdout}} \`\`\`
- ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + ### Terraform Plan \`$${{steps.tf-plan.outcome}}\`
Show Plan @@ -139,9 +164,9 @@ jobs:
- ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + ### Terraform Apply \`$${{steps.tf-apply.outcome}}\` - *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + *Pusher: @$${{github.actor}}, Action: \`$${{github.event_name}}\`, Working Directory: \`$${{env.tf_actions_working_dir}}\`, Workflow: \`$${{github.workflow}}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -156,17 +181,17 @@ jobs: if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | - const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + const output = `### Terraform Initialization \`$${{steps.tf-init.outcome}}\` - ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + ### Terraform Validation \`$${{steps.tf-validate.outcome}}\` - ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + ### Terraform Plan \`$${{steps.tf-plan.outcome}}\` Plan output is in the action log. - ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + ### Terraform Apply \`$${{steps.tf-apply.outcome}}\` - *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + *Pusher: @$${{github.actor}}, Action: \`$${{github.event_name}}\`, Working Directory: \`$${{env.tf_actions_working_dir}}\`, Workflow: \`$${{github.workflow}}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -175,6 +200,18 @@ jobs: body: output }) + # exit on error from previous steps + + - id: check-init + name: Check init failure + if: steps.tf-init.outcome != 'success' + run: exit 1 + + - id: check-validate + name: Check validate failure + if: steps.tf-validate.outcome != 'success' + run: exit 1 + - id: check-plan name: Check plan failure if: steps.tf-plan.outcome != 'success' diff --git a/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml index 2d92cce0b3..5de19d341c 100644 --- a/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml +++ b/fast/stages-multitenant/0-bootstrap-tenant/templates/workflow-github.yaml @@ -24,15 +24,13 @@ on: - synchronize env: - FAST_OUTPUTS_BUCKET: ${outputs_bucket} - FAST_SERVICE_ACCOUNT: ${service_account} + FAST_SERVICE_ACCOUNT: ${service_accounts.apply} + FAST_SERVICE_ACCOUNT_PLAN: ${service_accounts.plan} FAST_WIF_PROVIDER: ${identity_provider} SSH_AUTH_SOCK: /tmp/ssh_agent.sock - %{~ if tf_providers_file != "" ~} - TF_PROVIDERS_FILE: ${tf_providers_file} - %{~ endif ~} - TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - TF_VERSION: 1.4.4 + TF_PROVIDERS_FILE: ${tf_providers_files.apply} + TF_PROVIDERS_FILE_PLAN: ${tf_providers_files.plan} + TF_VERSION: 1.6.5 jobs: fast-pr: @@ -48,48 +46,66 @@ jobs: uses: actions/checkout@v3 # set up SSH key authentication to the modules repository + - id: ssh-config name: Configure SSH authentication run: | ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null ssh-add - <<< "$${{ secrets.CICD_MODULES_KEY }}" - # set up authentication via Workload identity Federation + # set up step variables for plan / apply + + - id: vars-plan + if: github.event.pull_request.merged != true && success() + name: Set up plan variables + run: | + echo "plan_opts=-lock=false" >> "$GITHUB_ENV" + echo "provider_file=$${{env.TF_PROVIDERS_FILE_PLAN}}" >> "$GITHUB_ENV" + echo "service_account=$${{env.FAST_SERVICE_ACCOUNT_PLAN}}" >> "$GITHUB_ENV" + + - id: vars-apply + if: github.event.pull_request.merged == true && success() + name: Set up apply variables + run: | + echo "provider_file=$${{env.TF_PROVIDERS_FILE}}" >> "$GITHUB_ENV" + echo "service_account=$${{env.FAST_SERVICE_ACCOUNT}}" >> "$GITHUB_ENV" + + # set up authentication via Workload identity Federation and gcloud + - id: gcp-auth name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: - workload_identity_provider: $${{ env.FAST_WIF_PROVIDER }} - service_account: $${{ env.FAST_SERVICE_ACCOUNT }} - access_token_lifetime: 3600s + workload_identity_provider: $${{env.FAST_WIF_PROVIDER}} + service_account: $${{env.service_account}} + access_token_lifetime: 900s - id: gcp-sdk name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: alpha - # copy provider and tfvars files - - id: tf-config - name: Copy Terraform output files + # copy provider file + + - id: tf-config-provider + name: Copy Terraform provider file run: | - %{~ if tf_providers_file != "" ~} gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.TF_PROVIDERS_FILE}}" ./ - %{~ endif ~} + "gs://${outputs_bucket}/providers/$${{env.provider_file}}" ./ + %{~ for f in tf_var_files ~} gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/tfvars" ./ - for f in $${{env.TF_VAR_FILES}}; do - ln -s "tfvars/$f" ./ - done + "gs://${outputs_bucket}/tfvars/${f}" ./ + %{~ endfor ~} - id: tf-setup name: Set up Terraform uses: hashicorp/setup-terraform@v2.0.3 with: - terraform_version: $${{ env.TF_VERSION }} + terraform_version: $${{env.TF_VERSION}} # run Terraform init/validate/plan + - id: tf-init name: Terraform init continue-on-error: true @@ -97,15 +113,15 @@ jobs: terraform init -no-color - id: tf-validate - name: Terraform validate continue-on-error: true + name: Terraform validate run: terraform validate -no-color - id: tf-plan name: Terraform plan continue-on-error: true run: | - terraform plan -input=false -out ../plan.out -no-color + terraform plan -input=false -out ../plan.out -no-color $${{env.plan_opts}} - id: tf-apply if: github.event.pull_request.merged == true && success() @@ -114,28 +130,31 @@ jobs: run: | terraform apply -input=false -auto-approve -no-color ../plan.out + # PR comment with Terraform result from previous steps + # length is checked and trimmed for length so as to stay within the limit + - id: pr-comment name: Post comment to Pull Request continue-on-error: true uses: actions/github-script@v6 if: github.event_name == 'pull_request' env: - PLAN: $${{ steps.tf-plan.outputs.stdout }}\n$${{ steps.tf-plan.outputs.stderr }} + PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} with: script: | - const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + const output = `### Terraform Initialization \`$${{steps.tf-init.outcome}}\` - ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + ### Terraform Validation \`$${{steps.tf-validate.outcome}}\`
Validation Output \`\`\`\n - $${{ steps.tf-validate.outputs.stdout }} + $${{steps.tf-validate.outputs.stdout}} \`\`\`
- ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + ### Terraform Plan \`$${{steps.tf-plan.outcome}}\`
Show Plan @@ -145,9 +164,9 @@ jobs:
- ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + ### Terraform Apply \`$${{steps.tf-apply.outcome}}\` - *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + *Pusher: @$${{github.actor}}, Action: \`$${{github.event_name}}\`, Working Directory: \`$${{env.tf_actions_working_dir}}\`, Workflow: \`$${{github.workflow}}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -162,17 +181,17 @@ jobs: if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | - const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + const output = `### Terraform Initialization \`$${{steps.tf-init.outcome}}\` - ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + ### Terraform Validation \`$${{steps.tf-validate.outcome}}\` - ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + ### Terraform Plan \`$${{steps.tf-plan.outcome}}\` Plan output is in the action log. - ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + ### Terraform Apply \`$${{steps.tf-apply.outcome}}\` - *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + *Pusher: @$${{github.actor}}, Action: \`$${{github.event_name}}\`, Working Directory: \`$${{env.tf_actions_working_dir}}\`, Workflow: \`$${{github.workflow}}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -181,6 +200,8 @@ jobs: body: output }) + # exit on error from previous steps + - id: check-init name: Check init failure if: steps.tf-init.outcome != 'success' diff --git a/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml b/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml index 9266a134a8..5de19d341c 100644 --- a/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml +++ b/fast/stages-multitenant/1-resman-tenant/templates/workflow-github.yaml @@ -24,13 +24,13 @@ on: - synchronize env: - FAST_OUTPUTS_BUCKET: ${outputs_bucket} - FAST_SERVICE_ACCOUNT: ${service_account} + FAST_SERVICE_ACCOUNT: ${service_accounts.apply} + FAST_SERVICE_ACCOUNT_PLAN: ${service_accounts.plan} FAST_WIF_PROVIDER: ${identity_provider} SSH_AUTH_SOCK: /tmp/ssh_agent.sock - TF_PROVIDERS_FILE: ${tf_providers_file} - TF_VAR_FILES: ${tf_var_files == [] ? "''" : join("\n ", tf_var_files)} - TF_VERSION: 1.4.4 + TF_PROVIDERS_FILE: ${tf_providers_files.apply} + TF_PROVIDERS_FILE_PLAN: ${tf_providers_files.plan} + TF_VERSION: 1.6.5 jobs: fast-pr: @@ -46,46 +46,66 @@ jobs: uses: actions/checkout@v3 # set up SSH key authentication to the modules repository + - id: ssh-config name: Configure SSH authentication run: | ssh-agent -a "$SSH_AUTH_SOCK" > /dev/null ssh-add - <<< "$${{ secrets.CICD_MODULES_KEY }}" - # set up authentication via Workload identity Federation + # set up step variables for plan / apply + + - id: vars-plan + if: github.event.pull_request.merged != true && success() + name: Set up plan variables + run: | + echo "plan_opts=-lock=false" >> "$GITHUB_ENV" + echo "provider_file=$${{env.TF_PROVIDERS_FILE_PLAN}}" >> "$GITHUB_ENV" + echo "service_account=$${{env.FAST_SERVICE_ACCOUNT_PLAN}}" >> "$GITHUB_ENV" + + - id: vars-apply + if: github.event.pull_request.merged == true && success() + name: Set up apply variables + run: | + echo "provider_file=$${{env.TF_PROVIDERS_FILE}}" >> "$GITHUB_ENV" + echo "service_account=$${{env.FAST_SERVICE_ACCOUNT}}" >> "$GITHUB_ENV" + + # set up authentication via Workload identity Federation and gcloud + - id: gcp-auth name: Authenticate to Google Cloud - uses: google-github-actions/auth@v0 + uses: google-github-actions/auth@v2 with: - workload_identity_provider: $${{ env.FAST_WIF_PROVIDER }} - service_account: $${{ env.FAST_SERVICE_ACCOUNT }} - access_token_lifetime: 3600s + workload_identity_provider: $${{env.FAST_WIF_PROVIDER}} + service_account: $${{env.service_account}} + access_token_lifetime: 900s - id: gcp-sdk name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: alpha - # copy provider and tfvars files - - id: tf-config - name: Copy Terraform output files + # copy provider file + + - id: tf-config-provider + name: Copy Terraform provider file run: | gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.TF_PROVIDERS_FILE}}" ./ + "gs://${outputs_bucket}/providers/$${{env.provider_file}}" ./ + %{~ for f in tf_var_files ~} gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/tfvars" ./ - for f in $${{env.TF_VAR_FILES}}; do - ln -s "tfvars/$f" ./ - done + "gs://${outputs_bucket}/tfvars/${f}" ./ + %{~ endfor ~} - id: tf-setup name: Set up Terraform uses: hashicorp/setup-terraform@v2.0.3 with: - terraform_version: $${{ env.TF_VERSION }} + terraform_version: $${{env.TF_VERSION}} # run Terraform init/validate/plan + - id: tf-init name: Terraform init continue-on-error: true @@ -93,15 +113,15 @@ jobs: terraform init -no-color - id: tf-validate - name: Terraform validate continue-on-error: true + name: Terraform validate run: terraform validate -no-color - id: tf-plan name: Terraform plan continue-on-error: true run: | - terraform plan -input=false -out ../plan.out -no-color + terraform plan -input=false -out ../plan.out -no-color $${{env.plan_opts}} - id: tf-apply if: github.event.pull_request.merged == true && success() @@ -110,28 +130,31 @@ jobs: run: | terraform apply -input=false -auto-approve -no-color ../plan.out + # PR comment with Terraform result from previous steps + # length is checked and trimmed for length so as to stay within the limit + - id: pr-comment name: Post comment to Pull Request continue-on-error: true uses: actions/github-script@v6 if: github.event_name == 'pull_request' env: - PLAN: $${{ steps.tf-plan.outputs.stdout }}\n$${{ steps.tf-plan.outputs.stderr }} + PLAN: $${{steps.tf-plan.outputs.stdout}}\n$${{steps.tf-plan.outputs.stderr}} with: script: | - const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + const output = `### Terraform Initialization \`$${{steps.tf-init.outcome}}\` - ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + ### Terraform Validation \`$${{steps.tf-validate.outcome}}\`
Validation Output \`\`\`\n - $${{ steps.tf-validate.outputs.stdout }} + $${{steps.tf-validate.outputs.stdout}} \`\`\`
- ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + ### Terraform Plan \`$${{steps.tf-plan.outcome}}\`
Show Plan @@ -141,9 +164,9 @@ jobs:
- ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + ### Terraform Apply \`$${{steps.tf-apply.outcome}}\` - *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + *Pusher: @$${{github.actor}}, Action: \`$${{github.event_name}}\`, Working Directory: \`$${{env.tf_actions_working_dir}}\`, Workflow: \`$${{github.workflow}}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -158,17 +181,17 @@ jobs: if: github.event_name == 'pull_request' && steps.pr-comment.outcome != 'success' with: script: | - const output = `### Terraform Initialization \`$${{ steps.tf-init.outcome }}\` + const output = `### Terraform Initialization \`$${{steps.tf-init.outcome}}\` - ### Terraform Validation \`$${{ steps.tf-validate.outcome }}\` + ### Terraform Validation \`$${{steps.tf-validate.outcome}}\` - ### Terraform Plan \`$${{ steps.tf-plan.outcome }}\` + ### Terraform Plan \`$${{steps.tf-plan.outcome}}\` Plan output is in the action log. - ### Terraform Apply \`$${{ steps.tf-apply.outcome }}\` + ### Terraform Apply \`$${{steps.tf-apply.outcome}}\` - *Pusher: @$${{ github.actor }}, Action: \`$${{ github.event_name }}\`, Working Directory: \`$${{ env.tf_actions_working_dir }}\`, Workflow: \`$${{ github.workflow }}\`*`; + *Pusher: @$${{github.actor}}, Action: \`$${{github.event_name}}\`, Working Directory: \`$${{env.tf_actions_working_dir}}\`, Workflow: \`$${{github.workflow}}\`*`; github.rest.issues.createComment({ issue_number: context.issue.number, @@ -177,6 +200,8 @@ jobs: body: output }) + # exit on error from previous steps + - id: check-init name: Check init failure if: steps.tf-init.outcome != 'success' diff --git a/fast/stages/0-bootstrap/templates/workflow-github.yaml b/fast/stages/0-bootstrap/templates/workflow-github.yaml index 7360c8910e..5de19d341c 100644 --- a/fast/stages/0-bootstrap/templates/workflow-github.yaml +++ b/fast/stages/0-bootstrap/templates/workflow-github.yaml @@ -24,16 +24,12 @@ on: - synchronize env: - FAST_OUTPUTS_BUCKET: ${outputs_bucket} FAST_SERVICE_ACCOUNT: ${service_accounts.apply} FAST_SERVICE_ACCOUNT_PLAN: ${service_accounts.plan} FAST_WIF_PROVIDER: ${identity_provider} SSH_AUTH_SOCK: /tmp/ssh_agent.sock TF_PROVIDERS_FILE: ${tf_providers_files.apply} TF_PROVIDERS_FILE_PLAN: ${tf_providers_files.plan} - %{~ if tf_var_files != [] ~} - TF_VAR_FILES: ${join("\n ", tf_var_files)} - %{~ endif ~} TF_VERSION: 1.6.5 jobs: @@ -86,7 +82,7 @@ jobs: - id: gcp-sdk name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: alpha @@ -96,7 +92,11 @@ jobs: name: Copy Terraform provider file run: | gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.provider_file}}" ./ + "gs://${outputs_bucket}/providers/$${{env.provider_file}}" ./ + %{~ for f in tf_var_files ~} + gcloud alpha storage cp -r \ + "gs://${outputs_bucket}/tfvars/${f}" ./ + %{~ endfor ~} - id: tf-setup name: Set up Terraform diff --git a/fast/stages/1-resman/templates/workflow-github.yaml b/fast/stages/1-resman/templates/workflow-github.yaml index 7360c8910e..5de19d341c 100644 --- a/fast/stages/1-resman/templates/workflow-github.yaml +++ b/fast/stages/1-resman/templates/workflow-github.yaml @@ -24,16 +24,12 @@ on: - synchronize env: - FAST_OUTPUTS_BUCKET: ${outputs_bucket} FAST_SERVICE_ACCOUNT: ${service_accounts.apply} FAST_SERVICE_ACCOUNT_PLAN: ${service_accounts.plan} FAST_WIF_PROVIDER: ${identity_provider} SSH_AUTH_SOCK: /tmp/ssh_agent.sock TF_PROVIDERS_FILE: ${tf_providers_files.apply} TF_PROVIDERS_FILE_PLAN: ${tf_providers_files.plan} - %{~ if tf_var_files != [] ~} - TF_VAR_FILES: ${join("\n ", tf_var_files)} - %{~ endif ~} TF_VERSION: 1.6.5 jobs: @@ -86,7 +82,7 @@ jobs: - id: gcp-sdk name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@v0 + uses: google-github-actions/setup-gcloud@v2 with: install_components: alpha @@ -96,7 +92,11 @@ jobs: name: Copy Terraform provider file run: | gcloud alpha storage cp -r \ - "gs://$${{env.FAST_OUTPUTS_BUCKET}}/providers/$${{env.provider_file}}" ./ + "gs://${outputs_bucket}/providers/$${{env.provider_file}}" ./ + %{~ for f in tf_var_files ~} + gcloud alpha storage cp -r \ + "gs://${outputs_bucket}/tfvars/${f}" ./ + %{~ endfor ~} - id: tf-setup name: Set up Terraform