Skip to content

Configure terraform api #327

Configure terraform api

Configure terraform api #327

Workflow file for this run

# This workflow will build a .NET project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
# for details about Pull requests trigger https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
name: Build and Test
on:
#schedule:
# every day at 2:00am UTC
# - cron: "0 2 * * *"
workflow_dispatch:
inputs:
name:
description: "Why?"
default: "Testing"
push:
pull_request:
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}/api
TF_CLOUD_ORGANIZATION: "${{ vars.BMB_TF_ORGANIZATION }}"
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
TF_WORKSPACE: "${{ vars.TF_WORKSPACE }}"
CONFIG_DIRECTORY: "./tf"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
- name: Restore dependencies
run: dotnet restore
- name: Build
run: dotnet build --no-restore
- name: Test
run: dotnet test --no-build --verbosity normal --collect:"XPlat Code Coverage" --logger trx --results-directory coverage --settings tests/coverage.runsettings
- name: Code Coverage Summary Report
uses: irongut/[email protected]
with:
filename: 'coverage/*/coverage.cobertura.xml'
badge: true
format: 'markdown'
output: 'both'
- name: Add Coverage PR Comment
continue-on-error: true
uses: marocchino/sticky-pull-request-comment@v2
if: github.event_name == 'pull_request'
with:
recreate: true
path: code-coverage-results.md
- name: Write to Job Summary
run: cat code-coverage-results.md >> $GITHUB_STEP_SUMMARY
sonarcloud:
needs: [build]
if: github.event_name != 'pull_request' || github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: SonarCloud Scan
uses: sonarsource/[email protected]
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build-docker-image:
needs: [build]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
outputs:
API_IMAGE_TAG: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
with:
cosign-release: 'v2.1.1'
# Set up BuildKit Docker container builder to be able to build
# multi-platform images and export cache
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: latest=true
tags: type=sha
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: .
file: ./src/FIAP.TechChallenge.ByteMeBurger.Api/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=
create-infrastructure:
needs: [build-docker-image]
runs-on: ubuntu-latest
steps:
- name: Create .auto.tfvars file
env:
API_IMAGE_TAG: ${{needs.build-docker-image.outputs.API_IMAGE_TAG}}
run: |
cat <<EOF > api.auto.tfvars
eks_cluster_name = "${{ vars.BMB_EKS_CLUSTER_NAME }}"
apgw_name ="${{ vars.BMB_AUTH_API_NAME }}"
mercadopago_webhook_secret = "${{ secrets.BMB_MERCADO_PAGO_WH_SECRET }}"
mercadopago_accesstoken = "${{ secrets.BMB_MERCADO_PAGO_ACCESS_TOKEN }}"
jwt_signing_key = "${{ secrets.BMB_JWT_SECRET_KEY }}-teste"
jwt_issuer = "${{ vars.BMB_JWT_ISSUER }}"
jwt_aud = "${{ vars.BMB_JWT_AUDIENCE }}"
api_docker_image = "${{ env.API_IMAGE_TAG }}"
internal_elb_name = "${{ vars.BMB_INTERNAL_LB_NAME }}"
db_user = "${{ secrets.BMB_MYSQL_USER }}"
db_pwd = "${{ secrets.BMB_MYSQL_PASSWORD }}"
rds_cluster_identifier = "${{ vars.BMB_MYSQL_CLUSTER }}"
EOF
create-app:
if: github.ref == 'refs/heads/main'
needs: [build-docker-image]
name: "Terraform Apply"
runs-on: ubuntu-latest
environment: dev
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create .auto.tfvars file
env:
API_IMAGE_TAG: ${{needs.build-docker-image.outputs.API_IMAGE_TAG}}
run: |
cat <<EOF > api.auto.tfvars
eks_cluster_name = "${{ vars.BMB_EKS_CLUSTER_NAME }}"
apgw_name ="${{ vars.BMB_AUTH_API_NAME }}"
mercadopago_webhook_secret = "${{ secrets.BMB_MERCADO_PAGO_WH_SECRET }}"
mercadopago_accesstoken = "${{ secrets.BMB_MERCADO_PAGO_ACCESS_TOKEN }}"
jwt_signing_key = "${{ secrets.BMB_JWT_SECRET_KEY }}"
jwt_issuer = "${{ vars.BMB_JWT_ISSUER }}"
jwt_aud = "${{ vars.BMB_JWT_AUDIENCE }}"
api_docker_image = "${{ env.API_IMAGE_TAG }}"
internal_elb_name = "${{ vars.BMB_INTERNAL_LB_NAME }}"
db_user = "${{ vars.BMB_MYSQL_USER }}"
db_pwd = "${{ secrets.BMB_MYSQL_PASSWORD }}"
EOF
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: apply-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
- name: Create Apply Run
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: apply-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }}
message: "Create Run from GitHub Actions CI ${{ github.sha }}"
- uses: hashicorp/tfc-workflows-github/actions/[email protected]
if: ${{ vars.TF_AUTO_APPROVE == 'true' }}
id: apply
with:
run: ${{ steps.apply-run.outputs.run_id }}
comment: "Confirmed from GitHub Actions CI ${{ github.sha }}"