Skip to content

ignore change custom data #79

ignore change custom data

ignore change custom data #79

name: Terraform Deploy Azure
env:
TFPath: Azure/
on:
push:
branches:
- main
paths:
- 'Azure/**'
- '!Azure/**.md'
pull_request_target:
branches:
- main
paths:
- 'Azure/**'
- '!Azure/**.md'
# To be reviewed: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
workflow_dispatch:
jobs:
terraform:
name: "Day 1 - Terraform"
runs-on: ubuntu-latest
env:
TF_VAR_PREFIX: "JVH-DEVOPS"
TF_VAR_LOCATION: "westeurope"
TF_VAR_USERNAME: "azureuser"
TF_VAR_PASSWORD: "${{ secrets.PASSWORD }}"
TF_VAR_FORTIFLEX_USERNAME: "${{ secrets.FORTIFLEX_USERNAME }}"
TF_VAR_FORTIFLEX_PASSWORD: "${{ secrets.FORTIFLEX_PASSWORD }}"
# TF_VAR_FORTIFLEX_PROGRAM_SERIAL: "${{ secrets.FORTIFLEX_PROGRAM_SERIAL }}"
TF_VAR_FORTIFLEX_CONFIG_ID: "${{ secrets.FORTIFLEX_CONFIG_ID }}"
TF_VAR_FORTIFLEX_VM_SERIAL: "${{ secrets.FORTIFLEX_VM_SERIAL }}"
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
# terraform_version: 0.13.0:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Terraform Format
id: fmt
run: terraform fmt -check
working-directory: ${{ env.TFPath }}
- name: Terraform Init
id: init
run: terraform init
working-directory: ${{ env.TFPath }}
- name: Terraform Validate
id: validate
run: terraform validate -no-color
working-directory: ${{ env.TFPath }}
- name: Terraform Plan
id: plan
# if: github.event_name == 'pull_request'
run: terraform plan -no-color -out plan.tfplan
# continue-on-error: true
working-directory: ${{ env.TFPath }}
- uses: actions/[email protected]
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Setup Infracost
uses: infracost/actions/setup@v1
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
- name: Convert TFPLAN
run: terraform show -json plan.tfplan > plan.json
working-directory: ${{ env.TFPath }}
- name: Generate Infracost JSON
run: infracost breakdown --path plan.json --format json --usage-file infracost-usage.yml --out-file /tmp/infracost.json
working-directory: ${{ env.TFPath }}
- name: Post Infracost comment
uses: infracost/actions/comment@v1
with:
path: /tmp/infracost.json
behavior: update
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform apply -auto-approve
working-directory: ${{ env.TFPath }}
Ansible:
name: "Day 2 - Ansible"
runs-on: ubuntu-latest
needs: terraform
env:
TF_VAR_PREFIX: "FORTINET-1554562727-33"
TF_VAR_LOCATION: "westeurope"
TF_VAR_USERNAME: "azureuser"
TF_VAR_PASSWORD: "${{ secrets.PASSWORD }}"
TF_VAR_FORTIFLEX_API_USERNAME: "${{ secrets.FORTIFLEX_API_USERNAME }}"
TF_VAR_FORTIFLEX_API_PASSWORD: "${{ secrets.FORTIFLEX_API_PASSWORD }}"
TF_VAR_FORTIFLEX_PROGRAM_SERIAL: "${{ secrets.FORTIFLEX_PROGRAM_SERIAL }}"
TF_VAR_FORTIFLEX_CONFIG_NAME: "${{ secrets.FORTIFLEX_CONFIG_NAME }}"
TF_VAR_FORTIFLEX_VM_SERIAL: "${{ secrets.FORTIFLEX_VM_SERIAL }}"
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
INVENTORY: "/tmp/ansible-inventory"
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
# terraform_version: 0.13.0:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Terraform Init
id: init
run: terraform init
working-directory: ${{ env.TFPath }}
- name: Terraform Output
run: terraform output -raw ansible_inventory > ${{ env.INVENTORY }}
working-directory: ${{ env.TFPath }}
- name: Ansible config
run: ansible-playbook ansible/fgt.yaml -i ${{ env.INVENTORY }}
working-directory: ${{ env.TFPath }}