upgrade prod cluster #30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Terraform Kubernetes" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'kubernetes-terraform/**' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'kubernetes-terraform/**' | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| terraform: | |
| strategy: | |
| matrix: | |
| workspace: [testing,production] | |
| container: ubuntu:latest | |
| runs-on: [self-hosted, linux, x64] | |
| name: Terraform | |
| env: | |
| TF_WORKSPACE: ${{ matrix.workspace }} | |
| TF_VARS_FILE: ./vars/${{ matrix.workspace }}.tfvars | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup environment | |
| run : apt update -y && apt install -y curl unzip git | |
| - name: Setup Terraform | |
| id: setup | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_wrapper: false | |
| - name: Terraform Fmt | |
| id: fmt | |
| run: terraform fmt -check -recursive | |
| working-directory: ./kubernetes-terraform | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -upgrade -var-file ${{ env.TF_VARS_FILE }} | |
| working-directory: ./kubernetes-terraform | |
| env: | |
| TF_VAR_vsphere_user : ${{ secrets.VSPHERE_USER }} | |
| TF_VAR_vsphere_password : ${{ secrets.VSPHERE_PASSWORD }} | |
| TF_VAR_rancher_access_key : ${{ secrets.RANCHER_ACCESS_KEY }} | |
| TF_VAR_rancher_secret_key : ${{ secrets.RANCHER_SECRET_KEY }} | |
| AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_github_token : ${{ secrets.PAT_TOKEN }} | |
| TF_WORKSPACE: "default" # Allow for init without errors | |
| - name: Terraform Workspace | |
| id: workspace | |
| run: terraform workspace create ${TF_WORKSPACE} || echo "Workspace ${TF_WORKSPACE} already exists or cannot be created" | |
| working-directory: ./kubernetes-terraform | |
| env: | |
| TF_VAR_vsphere_user : ${{ secrets.VSPHERE_USER }} | |
| TF_VAR_vsphere_password : ${{ secrets.VSPHERE_PASSWORD }} | |
| TF_VAR_rancher_access_key : ${{ secrets.RANCHER_ACCESS_KEY }} | |
| TF_VAR_rancher_secret_key : ${{ secrets.RANCHER_SECRET_KEY }} | |
| AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_github_token : ${{ secrets.PAT_TOKEN }} | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate | |
| working-directory: ./kubernetes-terraform | |
| - name: Terraform Plan | |
| id: plan | |
| run: terraform plan -input=false -no-color -out tf.plan -var-file ${{ env.TF_VARS_FILE }} | |
| working-directory: ./kubernetes-terraform | |
| env: | |
| TF_VAR_vsphere_user : ${{ secrets.VSPHERE_USER }} | |
| TF_VAR_vsphere_password : ${{ secrets.VSPHERE_PASSWORD }} | |
| TF_VAR_rancher_access_key : ${{ secrets.RANCHER_ACCESS_KEY }} | |
| TF_VAR_rancher_secret_key : ${{ secrets.RANCHER_SECRET_KEY }} | |
| AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_github_token : ${{ secrets.PAT_TOKEN }} | |
| - name: Terraform Show | |
| id: show | |
| run: terraform show -no-color tf.plan 2>&1 > /tmp/plan.txt | |
| working-directory: ./kubernetes-terraform | |
| env: | |
| TF_VAR_vsphere_user : ${{ secrets.VSPHERE_USER }} | |
| TF_VAR_vsphere_password : ${{ secrets.VSPHERE_PASSWORD }} | |
| TF_VAR_rancher_access_key : ${{ secrets.RANCHER_ACCESS_KEY }} | |
| TF_VAR_rancher_secret_key : ${{ secrets.RANCHER_SECRET_KEY }} | |
| AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_github_token : ${{ secrets.PAT_TOKEN }} | |
| # - uses: actions/github-script@v6 | |
| # if: github.event_name == 'pull_request' | |
| # with: | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| # script: | | |
| # const fs = require("fs"); | |
| # const plan = fs.readFileSync("/tmp/plan.txt", "utf8"); | |
| # const maxGitHubBodyCharacters = 65536; | |
| # function chunkSubstr(str, size) { | |
| # const numChunks = Math.ceil(str.length / size) | |
| # const chunks = new Array(numChunks) | |
| # for (let i = 0, o = 0; i < numChunks; ++i, o += size) { | |
| # chunks[i] = str.substr(o, size) | |
| # } | |
| # return chunks | |
| # } | |
| # // Split the Terraform plan into chunks if it's too big and can't fit into the GitHub Action | |
| # var plans = chunkSubstr(plan, maxGitHubBodyCharacters); | |
| # for (let i = 0; i < plans.length; i++) { | |
| # const output = `### ${{ inputs.plan-title }} Part # ${i + 1} | |
| # #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
| # #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` | |
| # #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
| # <details><summary>Show Plan</summary>\n | |
| # \`\`\` | |
| # ${plans[i]} | |
| # \`\`\`\n | |
| # </details> | |
| # *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ inputs.working-directory }}\`, Workflow: \`${{ github.workflow }}\`*`; | |
| # await github.rest.issues.createComment({ | |
| # issue_number: context.issue.number, | |
| # owner: context.repo.owner, | |
| # repo: context.repo.repo, | |
| # body: output | |
| # }) | |
| # } | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| run: terraform apply -input=false tf.plan | |
| working-directory: ./kubernetes-terraform | |
| shell: bash | |
| env: | |
| TF_VAR_vsphere_user : ${{ secrets.VSPHERE_USER }} | |
| TF_VAR_vsphere_password : ${{ secrets.VSPHERE_PASSWORD }} | |
| TF_VAR_rancher_access_key : ${{ secrets.RANCHER_ACCESS_KEY }} | |
| TF_VAR_rancher_secret_key : ${{ secrets.RANCHER_SECRET_KEY }} | |
| AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_github_token : ${{ secrets.PAT_TOKEN }} |