fixed control_node_public_ip #25

Workflow file for this run

.github/workflows/terraform.yml at 5481f94

	name: Terraform CI/CD

	on:
	push:
	branches: [ master ]
	pull_request:
	branches: [ master ]

	permissions:
	contents: read
	id-token: write

	env:
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}

	jobs:
	terraform:
	name: Terraform
	runs-on: ubuntu-latest
	environment: qa

	steps:
	- name: 📦 Checkout code
	uses: actions/checkout@v3

	- name: ⚙️ Setup Terraform
	uses: hashicorp/setup-terraform@v2
	with:
	terraform_version: 1.5.0

	- name: 🔐 Azure Login with Service Principal
	uses: azure/login@v1
	with:
	creds: >-
	{
	"clientId": "${{ secrets.ARM_CLIENT_ID }}",
	"clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}",
	"subscriptionId": "${{ secrets.ARM_SUBSCRIPTION_ID }}",
	"tenantId": "${{ secrets.ARM_TENANT_ID }}"
	}

	- name: 🧪 Verify Azure login
	run: az account show

	- name: 🏗️ Ensure Terraform remote backend exists
	run: \|
	az group create --name soft-tfstate-rg --location eastus
	az storage account create \
	--name softsastate \
	--resource-group soft-tfstate-rg \
	--location eastus \
	--sku Standard_LRS \
	--encryption-services blob
	az storage container create \
	--name tfstate \
	--account-name softsastate

	- name: 📥 Terraform Init
	run: \|
	terraform -chdir=infra init \
	-backend-config="resource_group_name=soft-tfstate-rg" \
	-backend-config="storage_account_name=softsastate" \
	-backend-config="container_name=tfstate" \
	-backend-config="key=terraform.tfstate"

	- name: 🧹 Optional Unlock (if lock is active)
	run: \|
	terraform -chdir=infra init
	LOCK_FILE=".terraform/terraform.tfstate.lock.info"
	if [ -f "infra/$LOCK_FILE" ]; then
	LOCK_ID=$(jq -r '.ID' "infra/$LOCK_FILE")
	echo "🔓 Lock found: $LOCK_ID. Attempting to unlock..."
	terraform -chdir=infra force-unlock -force "$LOCK_ID"
	else
	echo "✅ No lock file found. Continuing..."
	fi


	- name: 🧹 Terraform Format
	run: \|
	terraform -chdir=infra fmt -check -diff -recursive -no-color \|\| true

	- name: 📝 Generate terraform.tfvars
	run: \|
	cat > infra/terraform.tfvars <<EOF
	subscription_id = "${{ secrets.ARM_SUBSCRIPTION_ID }}"
	client_id = "${{ secrets.ARM_CLIENT_ID }}"
	client_secret = "${{ secrets.ARM_CLIENT_SECRET }}"
	tenant_id = "${{ secrets.ARM_TENANT_ID }}"
	allowed_ssh_ip = "${{ secrets.MY_IP_ADDRESS }}"
	mysql_user = "${{ secrets.MYSQL_USER }}"
	mysql_admin_password = "${{ secrets.MYSQL_ADMIN_PASSWORD }}"
	ssh_public_key = "${{ secrets.VM_SSH_PUB_KEY }}"
	EOF

	- name: 🔍 Terraform Validate
	run: terraform -chdir=infra validate

	- name: 📋 Terraform Plan
	run: terraform -chdir=infra plan -input=false -var-file=terraform.tfvars

	- name: 🚀 Terraform Apply
	if: github.ref == 'refs/heads/master'
	run: terraform -chdir=infra apply -auto-approve -input=false -var-file=terraform.tfvars

	- name: 📄 Generate and inspect Terraform outputs
	run: \|
	terraform -chdir=infra output -json > infra/tf_outputs.json
	cat infra/tf_outputs.json
	echo "Trying to extract IP:"
	jq -r '.control_node_public_ip' infra/tf_outputs.json

	- name: 📦 Upload inventory.ini as artifact
	uses: actions/upload-artifact@v4
	with:
	name: inventory
	path: ansible/inventory.ini

	- name: 🔑 Configure SSH for jumpbox
	run: \|
	mkdir -p ~/.ssh
	echo "${{ secrets.VM_SSH_KEY }}" > ~/.ssh/vm_ssh_key
	chmod 600 ~/.ssh/vm_ssh_key
	echo -e "Host *\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config

	- name: 📤 Copy inventory.ini to jumpbox
	run: \|
	CONTROL_IP=$(terraform -chdir=infra output -raw control_node_public_ip)
	SSH_USER=$(terraform -chdir=infra output -raw ssh_user)
	scp -i ~/.ssh/vm_ssh_key ansible/inventory.ini $SSH_USER@$CONTROL_IP:~/inventory.ini

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fixed control_node_public_ip #25

Workflow file

fixed control_node_public_ip #25

Uh oh!

Workflow file for this run