Skip to content
Terraform Deploy Azure

Terraform Deploy Azure #91

Sign in to view logs

Terraform Deploy Azure

Terraform Deploy Azure #91

Workflow file for this run

.github/workflows/terraform-deploy-azure.yml at b11245c
name: Terraform Deploy Azure
env:
TFPath: Azure/
on:
push:
branches:
- main
paths:
- 'Azure/**'
- '!Azure/**.md'
pull_request_target:
branches:
- main
paths:
- 'Azure/**'
- '!Azure/**.md'
# To be reviewed: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
workflow_dispatch:
jobs:
terraform:
name: "Day 1 - Terraform"
runs-on: ubuntu-latest
env:
TF_VAR_PREFIX: "jvh-devops"
TF_VAR_LOCATION: "westeurope"
TF_VAR_USERNAME: "azureuser"
TF_VAR_PASSWORD: "${{ secrets.PASSWORD }}"
TF_VAR_FORTIFLEX_USERNAME: "${{ secrets.FORTIFLEX_USERNAME }}"
TF_VAR_FORTIFLEX_PASSWORD: "${{ secrets.FORTIFLEX_PASSWORD }}"
# TF_VAR_FORTIFLEX_PROGRAM_SERIAL: "${{ secrets.FORTIFLEX_PROGRAM_SERIAL }}"
TF_VAR_FORTIFLEX_CONFIG_ID: "${{ secrets.FORTIFLEX_CONFIG_ID }}"
TF_VAR_FORTIFLEX_VM_SERIAL: "${{ secrets.FORTIFLEX_VM_SERIAL }}"
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
# terraform_version: 0.13.0:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Terraform Format
id: fmt
run: terraform fmt -check
working-directory: ${{ env.TFPath }}
- name: Terraform Init
id: init
run: terraform init
working-directory: ${{ env.TFPath }}
- name: Terraform Validate
id: validate
run: terraform validate -no-color
working-directory: ${{ env.TFPath }}
- name: Terraform Plan
id: plan
# if: github.event_name == 'pull_request'
run: terraform plan -no-color -out plan.tfplan
# continue-on-error: true
working-directory: ${{ env.TFPath }}
- uses: actions/[email protected]
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Setup Infracost
uses: infracost/actions/setup@v2
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
- name: Convert TFPLAN
run: terraform show -json plan.tfplan > plan.json
working-directory: ${{ env.TFPath }}
- name: Generate Infracost JSON
run: infracost breakdown --path plan.json --format json --usage-file infracost-usage.yml --out-file /tmp/infracost.json
working-directory: ${{ env.TFPath }}
- name: Post Infracost comment
uses: infracost/actions/comment@v1
with:
path: /tmp/infracost.json
behavior: update
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform apply -auto-approve
working-directory: ${{ env.TFPath }}
Ansible:
name: "Day 2 - Ansible"
runs-on: ubuntu22-20240603.1.0
needs: terraform
env:
TF_VAR_PREFIX: "JVH-DEVOPS"
TF_VAR_LOCATION: "westeurope"
TF_VAR_USERNAME: "azureuser"
TF_VAR_PASSWORD: "${{ secrets.PASSWORD }}"
TF_VAR_FORTIFLEX_API_USERNAME: "${{ secrets.FORTIFLEX_API_USERNAME }}"
TF_VAR_FORTIFLEX_API_PASSWORD: "${{ secrets.FORTIFLEX_API_PASSWORD }}"
TF_VAR_FORTIFLEX_PROGRAM_SERIAL: "${{ secrets.FORTIFLEX_PROGRAM_SERIAL }}"
TF_VAR_FORTIFLEX_CONFIG_NAME: "${{ secrets.FORTIFLEX_CONFIG_NAME }}"
TF_VAR_FORTIFLEX_VM_SERIAL: "${{ secrets.FORTIFLEX_VM_SERIAL }}"
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
INVENTORY: "/tmp/ansible-inventory"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
# terraform_version: 0.13.0:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
terraform_wrapper: false
- name: Terraform Init
id: init
run: terraform init
working-directory: ${{ env.TFPath }}
- name: Terraform Output
run: terraform output -raw ansible_inventory > ${{ env.INVENTORY }}
working-directory: ${{ env.TFPath }}
# - name: Set up Azure CLI
# uses: azure/cli@v1
# with:
# azcliversion: 2.0.72
# inlineScript: |
# #!/bin/bash
#
# resourceGroup="JVH-DEVOPS-RG"
# vmName="JVH-DEVOPS-FGT-VM"
#
# # Retrieve public IP address
# publicIpAddress=$(az vm show --resource-group $resourceGroup --name $vmName --query "publicIps" -o tsv)
#
# if [ -z "$publicIpAddress" ]; then
# echo "Error: Unable to retrieve the public IP address of the VM. Exiting."
# exit 1
# fi
#
# # Check if VM is running
# vmStatus=$(az vm show --resource-group $resourceGroup --name $vmName --query "powerState" -o tsv)
#
# if [ "$vmStatus" != "VM running" ]; then
# echo "VM is not running. Starting the VM..."
# az vm start --resource-group $resourceGroup --name $vmName --no-wait
# fi
#
# # Wait until the VM is responding on its public IP
# echo "Waiting for the VM to be responsive..."
# while :
# do
# response=$(curl -sSf $publicIpAddress)
# if [ $? -eq 0 ]; then
# echo "VM is now responsive."
# break
# fi
# sleep 10
# done
#
# echo "Script execution complete."
- name: Ansible config
run: |
ansible --version
ansible-playbook ansible/fgt.yaml -i ${{ env.INVENTORY }}
working-directory: ${{ env.TFPath }}