AztecProtocol · just-mitch · Aug 28, 2025 · Aug 23, 2025
@@ -0,0 +1,154 @@
+name: "Setup K8s and Terraform"
+description: "Common setup for Kubernetes cluster access and Terraform initialization"
+
+inputs:
+  cluster:
+    description: "The cluster to deploy to (e.g., aztec-gke-private or kind)"
+    required: true
+  namespace:
+    description: "The namespace to deploy to"
+    required: true
+  ref:
+    description: "The branch name to deploy from"
+    required: false
+    default: "next"
+  region:
+    description: "GCP region"
+    required: false
+    default: "us-west1-a"
+  gcp_sa_key:
+    description: "GCP service account JSON key"
+    required: true
+  kubeconfig_b64:
+    description: "Base64 encoded kubeconfig for kind clusters"
+    required: false
+  terraform_dir:
+    description: "Terraform working directory"
+    required: true
+  tf_state_bucket:
+    description: "Terraform state bucket for GCS backend"
+    required: false
+    default: "aztec-terraform"
+  tf_state_prefix:
+    description: "Terraform state prefix for GCS backend"
+    required: true
+  additional_state_path:
+    description: "Additional path component for state (e.g., salt value)"
+    required: false
+    default: ""
+  run_terraform_destroy:
+    description: "Whether to run terraform destroy"
+    required: false
+    default: "false"
+
+outputs:
+  kubectl_context:
+    description: "The current kubectl context"
+    value: ${{ steps.setup_vars.outputs.kubectl_context }}
+
+runs:
+  using: "composite"
+  steps:
+    - name: Check if directory exists
+      id: check_dir
+      shell: bash
+      run: |
+        if [ -d ".git" ]; then
+          echo "exists=true" >> $GITHUB_OUTPUT
+        else
+          echo "exists=false" >> $GITHUB_OUTPUT
+        fi
+
+    - name: Checkout code
+      if: ${{ steps.check_dir.outputs.exists != 'true' }}
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      with:
+        ref: ${{ inputs.ref }}
+
+    - name: Authenticate to Google Cloud
+      uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f
+      with:
+        credentials_json: ${{ inputs.gcp_sa_key }}
+
+    - name: Set up Cloud SDK
+      uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a
+
+    - name: Install GKE Auth Plugin
+      shell: bash
+      run: |
+        gcloud components install gke-gcloud-auth-plugin --quiet
+
+    - name: Configure kubectl with GKE cluster
+      if: ${{ inputs.cluster != 'kind' }}
+      shell: bash
+      run: |
+        gcloud container clusters get-credentials ${{ inputs.cluster }} --region ${{ inputs.region }}
+
+    - name: Configure kubectl with kind cluster
+      if: ${{ inputs.cluster == 'kind' }}
+      shell: bash
+      run: |
+        if [ -z "${{ inputs.kubeconfig_b64 }}" ]; then
+          echo "KUBECONFIG_B64 is not set"
+          exit 1
+        fi
+        mkdir -p $HOME/.kube
+        echo "${{ inputs.kubeconfig_b64 }}" | base64 -d > $HOME/.kube/config
+        kubectl config use-context kind-kind
+
+    - name: Set up kubectl context
+      id: setup_vars
+      shell: bash
+      run: |
+        CLUSTER_CONTEXT=$(kubectl config current-context)
+        echo "kubectl_context=${CLUSTER_CONTEXT}" >> $GITHUB_OUTPUT
+        echo "TF_VAR_K8S_CLUSTER_CONTEXT=${CLUSTER_CONTEXT}" >> $GITHUB_ENV
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v3
+      with:
+        terraform_version: "1.5.0"
+
+    - name: Terraform Init
+      shell: bash
+      working-directory: ${{ inputs.terraform_dir }}
+      run: |
+        # Clean up any previous backend overrides
+        rm -f backend_override.tf
+
+        # Build the state path
+        STATE_PATH="${{ inputs.cluster }}/${{ inputs.namespace }}"
+        if [ -n "${{ inputs.additional_state_path }}" ]; then
+          STATE_PATH="${STATE_PATH}/${{ inputs.additional_state_path }}"
+        fi
+
+        if [ "${{ inputs.cluster }}" == "kind" ]; then
+          # For kind, use local backend
+          cat > backend_override.tf << EOF
+        terraform {
+          backend "local" {
+            path = "state/${STATE_PATH}/terraform.tfstate"
+          }
+        }
+        EOF
+        else
+          # For GKE, use GCS backend
+          cat > backend_override.tf << EOF
+        terraform {
+          backend "gcs" {
+            bucket = "${{ inputs.tf_state_bucket }}"
+            prefix = "${{ inputs.tf_state_prefix }}/${{ inputs.region }}/${STATE_PATH}/terraform.tfstate"
+          }
+        }
+        EOF
+        fi
+
+        terraform init -reconfigure
+
+    - name: Terraform Destroy
+      if: ${{ inputs.run_terraform_destroy == 'true' }}
+      shell: bash
+      working-directory: ${{ inputs.terraform_dir }}
+      continue-on-error: true
+      run: |
+        terraform destroy -auto-approve
@@ -131,7 +131,7 @@ jobs:
       TF_VAR_RESOURCE_PROFILE: ${{ inputs.resource_profile || 'prod' }}
 
     steps:
-      - name: debug inputs
+      - name: Debug inputs
         run: |
           echo "cluster: ${{ inputs.cluster }}"
           echo "namespace: ${{ inputs.namespace }}"
@@ -143,111 +143,31 @@ jobs:
           echo "create_static_ips: ${{ inputs.create_static_ips }}"
           echo "run_terraform_destroy: ${{ inputs.run_terraform_destroy }}"
 
-      - name: Check if directory exists
-        id: check_dir
-        run: |
-          if [ -d ".git" ]; then
-            echo "exists=true" >> $GITHUB_OUTPUT
-          else
-            echo "exists=false" >> $GITHUB_OUTPUT
-          fi
-
-      # if running with `act`, skip the checkout since the code is mounted in
-      - name: Checkout code
-        if: ${{ steps.check_dir.outputs.exists != 'true' }}
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+      - name: Setup K8s and Terraform
+        uses: ./.github/actions/setup-k8s-terraform
         with:
+          cluster: ${{ inputs.cluster }}
+          namespace: ${{ inputs.namespace }}
           ref: ${{ inputs.ref || github.ref }}
+          gcp_sa_key: ${{ secrets.GCP_SA_KEY }}
+          kubeconfig_b64: ${{ secrets.KUBECONFIG_B64 }}
+          terraform_dir: ./spartan/terraform/deploy-eth-devnet
+          tf_state_prefix: deploy-eth-devnet
+          run_terraform_destroy: ${{ inputs.run_terraform_destroy }}
 
-      - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f
-        with:
-          credentials_json: ${{ secrets.GCP_SA_KEY }}
-
-      - name: Set up Cloud SDK
-        uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a
-
-      - name: Install GKE Auth Plugin
-        run: |
-          gcloud components install gke-gcloud-auth-plugin --quiet
-
-      - name: Configure kubectl with GKE cluster
-        if: ${{ inputs.cluster != 'kind' }}
-        run: |
-          gcloud container clusters get-credentials ${{ inputs.cluster }} --region ${{ env.REGION }}
-
-      - name: Configure kubectl with kind cluster
-        if: ${{ inputs.cluster == 'kind' }}
-        run: |
-          # fail if kubeconfig is not provided
-          if [ -z "${{ secrets.KUBECONFIG_B64 }}" ]; then
-            echo "KUBECONFIG_B64 is not set"
-            exit 1
-          fi
-          mkdir -p $HOME/.kube
-          echo "${{ secrets.KUBECONFIG_B64 }}" | base64 -d > $HOME/.kube/config
-          kubectl config use-context kind-kind
-
-      - name: Set up Terraform variables
-        id: setup_vars
+      - name: Set up CREATE_STATIC_IPS variable
         run: |
           # Set CREATE_STATIC_IPS based on cluster type
-          # Note: Terraform boolean values must be "true" or "false" (lowercase, unquoted)
           if [ "${{ inputs.cluster }}" == "kind" ]; then
             CREATE_STATIC_IPS=false
           else
-            # Convert string "true"/"false" to boolean for Terraform
             if [ "${{ inputs.create_static_ips }}" == "true" ]; then
               CREATE_STATIC_IPS=true
             else
               CREATE_STATIC_IPS=false
             fi
           fi
-
-          # Get kubectl context
-          CLUSTER_CONTEXT=$(kubectl config current-context)
-
-          # Export all as TF_VAR for Terraform
           echo "TF_VAR_CREATE_STATIC_IPS=${CREATE_STATIC_IPS}" >> $GITHUB_ENV
-          echo "TF_VAR_K8S_CLUSTER_CONTEXT=${CLUSTER_CONTEXT}" >> $GITHUB_ENV
-
-      - name: Terraform Init
-        working-directory: ./spartan/terraform/deploy-eth-devnet
-        run: |
-          # Clean up any previous backend overrides
-          rm -f backend_override.tf
-
-          if [ "${{ inputs.cluster }}" == "kind" ]; then
-            # For kind, use local backend with explicit path
-            cat > backend_override.tf << EOF
-          terraform {
-            backend "local" {
-              path = "state/${{ inputs.cluster }}/${{ inputs.namespace }}/terraform.tfstate"
-            }
-          }
-          EOF
-          else
-            # For GKE, use GCS backend with explicit path
-            cat > backend_override.tf << EOF
-          terraform {
-            backend "gcs" {
-              bucket = "${{ env.TF_STATE_BUCKET }}"
-              prefix = "deploy-eth-devnet/${{ env.REGION }}/${{ inputs.cluster }}/${{ inputs.namespace }}/terraform.tfstate"
-            }
-          }
-          EOF
-          fi
-
-          terraform init -reconfigure
-
-      - name: Terraform Destroy
-        working-directory: ./spartan/terraform/deploy-eth-devnet
-        if: ${{ inputs.run_terraform_destroy == 'true' }}
-        # Destroy fails if the resources are already destroyed, so we continue on error
-        continue-on-error: true
-        run: |
-          # All variables are now set as TF_VAR_ environment variables
-          terraform destroy -auto-approve
 
       - name: Terraform Plan
         working-directory: ./spartan/terraform/deploy-eth-devnet