Updated workflow files (#11)

akmshasan · web-flow · commit ce0234c88359 · 2025-05-12T16:16:14.000+08:00
* Updated all files for proper version constraints

* Added new NAt IP

* Updated subnet module for adding log_config and private_ip_google_access

* Added service account and vm modules with a test vm instance

* Generated documents for each module using terraform-docs

* Generated documents for dev environment using terraform-docs

* Added more modules

* Updated workflow files
diff --git a/.github/workflows/terraform-apply.yml b/.github/workflows/terraform-apply.yml
@@ -0,0 +1,45 @@
+name: Terraform Apply
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  apply:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set Environment Folder
+        id: env
+        run: |
+          if git diff-tree --no-commit-id --name-only -r ${{ github.sha }} | grep '^environments/dev/'; then
+            echo "env_folder=environments/dev" >> $GITHUB_OUTPUT
+          elif git diff-tree --no-commit-id --name-only -r ${{ github.sha }} | grep '^environments/prod/'; then
+            echo "env_folder=environments/prod" >> $GITHUB_OUTPUT
+          else
+            echo "env_folder=" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Exit if No Matching Env
+        if: steps.env.outputs.env_folder == ''
+        run: echo "No changes to dev or prod environments. Skipping apply."
+
+      - name: Decode GCP SA
+        if: steps.env.outputs.env_folder != ''
+        run: echo "${{ secrets.GCP_SA_KEY_BASE64 }}" | base64 -d > gcp-creds.json
+
+      - name: Set up Terraform
+        if: steps.env.outputs.env_folder != ''
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.11.4
+
+      - name: Terraform Init & Apply
+        if: steps.env.outputs.env_folder != ''
+        working-directory: ${{ steps.env.outputs.env_folder }}
+        run: |
+          terraform init
+          terraform apply -auto-approve
diff --git a/.github/workflows/terraform-plan-dev.yml b/.github/workflows/terraform-plan-dev.yml
@@ -5,60 +5,9 @@ on:
     branches: [dev]
     paths:
       - "environments/dev/**"
-  pull_request:
-    branches: [dev]
-    paths:
-      - "environments/dev/**"
-
-env:
-  GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-creds.json
 
 jobs:
-  plan-dev:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Decode GCP Service Account Key
-        run: echo "${{ secrets.GCP_SA_KEY_BASE64 }}" | base64 -d > "$GOOGLE_APPLICATION_CREDENTIALS"
-
-      - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v2
-        with:
-          terraform_version: 1.11.4
-
-      - name: Terraform Init
-        working-directory: environments/dev
-        run: terraform init
-
-      - name: Terraform FMT Check
-        working-directory: environments/dev
-        run: terraform fmt -check
-
-      - name: Terraform Validate
-        working-directory: environments/dev
-        run: terraform validate
-
-      - name: Setup TFLint
-        uses: terraform-linters/setup-tflint@v3
-        with:
-          tflint_version: latest
-
-      - name: Run TFLint
-        working-directory: environments/dev
-        run: |
-          tflint --init
-          tflint --recursive
-
-      - name: Run Checkov (Security Scan)
-        run: |
-          pip install checkov
-          checkov -d environments/dev --soft-fail -o github_failed_only
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Terraform Plan
-        working-directory: environments/dev
-        run: terraform plan
+  call-plan:
+    uses: ./.github/workflows/terraform-plan.yml
+    with:
+      environment: dev
diff --git a/.github/workflows/terraform-plan-prod.yml b/.github/workflows/terraform-plan-prod.yml
@@ -0,0 +1,13 @@
+name: Terraform Plan (Prod)
+
+on:
+  push:
+    branches: [prod]
+    paths:
+      - "environments/prod/**"
+
+jobs:
+  call-plan:
+    uses: ./.github/workflows/terraform-plan.yml
+    with:
+      environment: prod
diff --git a/.github/workflows/terraform-plan.yml b/.github/workflows/terraform-plan.yml
@@ -0,0 +1,43 @@
+name: Terraform Plan (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+
+jobs:
+  plan:
+    runs-on: ubuntu-latest
+
+    env:
+      GOOGLE_APPLICATION_CREDENTIALS: ${{ github.workspace }}/gcp-creds.json
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Decode GCP Service Account
+        run: echo "${{ secrets.GCP_SA_KEY_BASE64 }}" | base64 -d > "$GOOGLE_APPLICATION_CREDENTIALS"
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.11.4
+
+      - name: Terraform Init
+        working-directory: environments/${{ inputs.environment }}
+        run: terraform init
+
+      - name: Terraform Format
+        working-directory: environments/${{ inputs.environment }}
+        run: terraform fmt -check
+
+      - name: Terraform Validate
+        working-directory: environments/${{ inputs.environment }}
+        run: terraform validate
+
+      - name: Terraform Plan
+        working-directory: environments/${{ inputs.environment }}
+        run: terraform plan
