Skip to content

Google backend #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Google backend #64

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cd88682
Use gcs/firestore to retrieve state
shirkevich Nov 25, 2024
bb20326
Disable another call to aws credentials when using google
shirkevich Nov 25, 2024
db3e0c7
Disable one more call to aws credentials when using google
shirkevich Nov 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 56 additions & 7 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,12 @@ runs:
echo "terraform-version=$(atmos describe config -f json | jq -r '.integrations.github.gitops["terraform-version"]')" >> $GITHUB_OUTPUT
echo "enable-infracost=$(atmos describe config -f json | jq -r '.integrations.github.gitops["infracost-enabled"]')" >> $GITHUB_OUTPUT
echo "aws-region=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].region')" >> $GITHUB_OUTPUT
echo "backend=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].backend')" >> $GITHUB_OUTPUT
echo "google-project-id=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-project-id"')" >> $GITHUB_OUTPUT
echo "google-workload-identity-provider=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-workload-identity-provider"')" >> $GITHUB_OUTPUT
echo "google-service-account=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-service-account"')" >> $GITHUB_OUTPUT
echo "google-firestore-database-name=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-firestore-database-name"')" >> $GITHUB_OUTPUT
echo "google-firestore-collection-name=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"]."google-firestore-collection-name"')" >> $GITHUB_OUTPUT
echo "terraform-state-role=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].role')" >> $GITHUB_OUTPUT
echo "terraform-state-table=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].table')" >> $GITHUB_OUTPUT
echo "terraform-state-bucket=$(atmos describe config -f json | jq -r '.integrations.github.gitops["artifact-storage"].bucket')" >> $GITHUB_OUTPUT
Expand All @@ -105,12 +111,20 @@ runs:

- name: Configure AWS Credentials
uses: aws-actions/[email protected]
if: ${{ steps.config.outputs.backend == 'aws' }}
with:
aws-region: ${{ steps.config.outputs.aws-region }}
role-to-assume: ${{ steps.config.outputs.terraform-apply-role }}
role-session-name: "atmos-terraform-apply-gitops"
mask-aws-account-id: "no"

- name: Configure Google Credentials
if: ${{ steps.config.outputs.backend == 'google' }}
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ steps.config.outputs.google-workload-identity-provider }}
service_account: ${{ steps.config.outputs.google-service-account }}

- name: Get atmos settings
uses: cloudposse/github-action-atmos-get-setting@v1
id: component
Expand Down Expand Up @@ -179,18 +193,18 @@ runs:
echo "lock_file=$LOCK_FILE" >> $GITHUB_OUTPUT

- name: Configure State AWS Credentials
if: env.ACTIONS_ENABLED == 'true'
if: env.ACTIONS_ENABLED == 'true'&& steps.config.outputs.backend == 'aws'
uses: aws-actions/[email protected]
with:
aws-region: ${{ steps.config.outputs.aws-region }}
role-to-assume: ${{ steps.config.outputs.terraform-state-role }}
role-session-name: "atmos-terraform-state-gitops"
mask-aws-account-id: "no"

- name: Retrieve Plan
if: env.ACTIONS_ENABLED == 'true'
- name: Retrieve Plan AWS
if: env.ACTIONS_ENABLED == 'true' && steps.config.outputs.backend == 'aws'
uses: cloudposse/github-action-terraform-plan-storage@v1
id: retrieve-plan
id: retrieve-plan-aws
continue-on-error: true
with:
action: getPlan
Expand All @@ -201,8 +215,8 @@ runs:
tableName: ${{ steps.config.outputs.terraform-state-table }}
bucketName: ${{ steps.config.outputs.terraform-state-bucket }}

- name: Retrieve Lockfile
if: env.ACTIONS_ENABLED == 'true'
- name: Retrieve Lockfile AWS
if: env.ACTIONS_ENABLED == 'true' && steps.config.outputs.backend == 'aws'
uses: cloudposse/github-action-terraform-plan-storage@v1
continue-on-error: true
with:
Expand All @@ -214,8 +228,43 @@ runs:
tableName: ${{ steps.config.outputs.terraform-state-table }}
bucketName: ${{ steps.config.outputs.terraform-state-bucket }}

- name: Retrieve Plan Google
if: env.ACTIONS_ENABLED == 'true' && steps.config.outputs.backend == 'google'
uses: shirkevich/github-action-terraform-plan-storage@google-cloud-backend
id: retrieve-plan-google
continue-on-error: true
with:
action: getPlan
planPath: ${{ steps.vars.outputs.plan_file }}
commitSHA: ${{ inputs.sha }}
component: ${{ inputs.component }}
stack: ${{ inputs.stack }}
bucketName: ${{ steps.config.outputs.terraform-state-bucket }}
planRepositoryType: gcs
metadataRepositoryType: firestore
gcpProjectId: ${{ steps.config.outputs.google-project-id }}
gcpFirestoreDatabaseName: ${{ steps.config.outputs.google-firestore-database-name }}
gcpFirestoreCollectionName: ${{ steps.config.outputs.google-firestore-collection-name }}

- name: Retrieve Lockfile Google
if: env.ACTIONS_ENABLED == 'true' && steps.config.outputs.backend == 'google'
uses: shirkevich/github-action-terraform-plan-storage@google-cloud-backend
continue-on-error: true
with:
action: getPlan
planPath: ${{ steps.vars.outputs.lock_file }}
commitSHA: ${{ inputs.sha }}
component: ${{ inputs.component }}
stack: "${{ inputs.stack }}-lockfile"
bucketName: ${{ steps.config.outputs.terraform-state-bucket }}
planRepositoryType: gcs
metadataRepositoryType: firestore
gcpProjectId: ${{ steps.config.outputs.google-project-id }}
gcpFirestoreDatabaseName: ${{ steps.config.outputs.google-firestore-database-name }}
gcpFirestoreCollectionName: ${{ steps.config.outputs.google-firestore-collection-name }}

- name: Configure AWS Credentials
if: env.ACTIONS_ENABLED == 'true'
if: env.ACTIONS_ENABLED == 'true' && steps.config.outputs.backend == 'aws'
uses: aws-actions/[email protected]
with:
aws-region: ${{ steps.config.outputs.aws-region }}
Expand Down