Merge pull request #10 from byu-oit/feature/ci

Feature/ci
byu-oit · Jun 22, 2020 · 25640a2 · 25640a2
2 parents a0ec7d7 + 9c7b497
commit 25640a2
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 13 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,78 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [master]
+    types: [opened, reopened, synchronize, edited]
+env:
+  tf_version: "0.12.26" # must match value in examples/ci/ci.tf
+
+jobs:
+  env:
+    name: Set Env Vars
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up DEV Environment Variables
+        if: github.base_ref == 'master'
+        run: |
+          matrix='{
+            "env":[
+              {
+                "tf_working_dir":"./examples/ci",
+                "aws_key_name":"byu_oit_terraform_dev_key",
+                "aws_secret_name":"byu_oit_terraform_dev_secret"
+              }
+            ]
+          }'
+          echo "::set-env name=matrix::`echo $matrix | jq -c .`"
+
+    outputs:
+      matrix: ${{ env.matrix }}
+
+  format:
+    name: Terraform Format
+    runs-on: ubuntu-latest
+    needs: env
+    strategy:
+      matrix: ${{ fromJson(needs.env.outputs.matrix) }}
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Terraform Setup
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ env.tf_version }}
+
+      - name: Terraform Format
+        working-directory: "./"
+        run: terraform fmt -check -recursive
+
+  plan:
+    name: Terraform Plan
+    runs-on: ubuntu-latest
+    needs: env
+    strategy:
+      matrix: ${{ fromJson(needs.env.outputs.matrix) }}
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets[matrix.env.aws_key_name] }}
+          aws-secret-access-key: ${{ secrets[matrix.env.aws_secret_name] }}
+          aws-region: us-west-2
+
+      - name: Terraform Setup
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: ${{ env.tf_version }}
+
+      - name: Terraform Init
+        working-directory: ${{ matrix.env.tf_working_dir }}
+        run: terraform init
+
+      - name: Terraform Plan
+        working-directory: ${{ matrix.env.tf_working_dir }}
+        run: terraform plan -input=false
+    # TODO: Post plan back to PR
diff --git a/examples/ci/ci.tf b/examples/ci/ci.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_version = "0.12.26"
+}
+
+provider "aws" {
+  version = "~> 2.42"
+  region  = "us-west-2"
+}
+
+module "backend_s3" {
+  source = "../../"
+}
+
+output "s3_bucket" {
+  value = module.backend_s3.s3_bucket
+}
+
+output "s3_bucket_name" {
+  value = module.backend_s3.s3_bucket_name
+}
+
+output "lock_table" {
+  value = module.backend_s3.lock_table
+}
diff --git a/examples/example.tf → examples/simple/simple.tf b/examples/example.tf → examples/simple/simple.tf
@@ -2,10 +2,10 @@ provider "aws" {
   region = "us-west-2"
 }
 
-module "backend-s3" {
+module "backend_s3" {
   source = "github.com/byu-oit/terraform-aws-backend-s3?ref=v1.0.4"
 }
 
 output "s3" {
-  value = module.backend-s3.s3_bucket
+  value = module.backend_s3.s3_bucket
 }
diff --git a/main.tf b/main.tf
@@ -1,7 +1,7 @@
 data "aws_caller_identity" "current" {}
 
 locals {
-  default_bucket_name = "terraform-state-storage-${data.aws_caller_identity.current.account_id}"
+  default_bucket_name         = "terraform-state-storage-${data.aws_caller_identity.current.account_id}"
   default_dynamodb_table_name = "terraform-state-lock-${data.aws_caller_identity.current.account_id}"
 }
 
@@ -14,8 +14,8 @@ resource "aws_s3_bucket" "terraform-state-storage" {
     prevent_destroy = true
   }
   lifecycle_rule {
-    id = "AutoAbortFailedMultipartUpload"
-    enabled = true
+    id                                     = "AutoAbortFailedMultipartUpload"
+    enabled                                = true
     abort_incomplete_multipart_upload_days = 10
   }
   server_side_encryption_configuration {
@@ -28,16 +28,16 @@ resource "aws_s3_bucket" "terraform-state-storage" {
 }
 
 resource "aws_s3_bucket_public_access_block" "default" {
-  bucket = aws_s3_bucket.terraform-state-storage.id
-  block_public_acls = true
-  block_public_policy = true
-  ignore_public_acls = true
+  bucket                  = aws_s3_bucket.terraform-state-storage.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
   restrict_public_buckets = true
 }
 
 resource "aws_dynamodb_table" "dynamodb-terraform-state-lock" {
-  name = var.dynamodb_table_name == "" ? local.default_dynamodb_table_name : var.dynamodb_table_name
-  hash_key = "LockID"
+  name         = var.dynamodb_table_name == "" ? local.default_dynamodb_table_name : var.dynamodb_table_name
+  hash_key     = "LockID"
   billing_mode = "PAY_PER_REQUEST"
   attribute {
     name = "LockID"

diff --git a/variables.tf b/variables.tf
@@ -1,9 +1,9 @@
 variable "bucket_name" {
   description = "Bucket name for the S3 bucket to store state files"
-  default = ""
+  default     = ""
 }
 
 variable "dynamodb_table_name" {
   description = "DynamoDB table name for locking state files"
-  default = ""
+  default     = ""
 }