Set GITHUB_OWNER envvar so that github provider modules will work (#32)

* Added inputs for GITHUB overrides
* Added conditional handling for terraform plan exitcodes
---------

Co-authored-by: Guy Owen <[email protected]>
Co-authored-by: Guy Owen <[email protected]>

Author: nicksantamaria

.github/workflows/run_db_trigger.yml

@@ -19,25 +19,29 @@ on:
         description: 'S3 URI'
         required: true
         type: string
+      runner:
+        type: string
+        required: false
+        default: ubuntu-latest
 
-
-        
     secrets:
       AWS_ACCESS_KEY_ID:
         required: true
       AWS_SECRET_ACCESS_KEY:
         required: true
+      REGISTRY_TOKEN:
+        required: true
+      REGISTRY_USER:
+        required: true
       SLACK_WEBHOOK_URL:
         required: true
 
-
-
 env:
   REGISTRY: ghcr.io
 
 jobs:
   export-db:
-    runs-on: biggy
+    runs-on: ${{ inputs.runner }}
     permissions:
       contents: read
       packages: write
@@ -108,8 +112,8 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
 
       # Extract metadata (tags, labels) for Docker
       # https://github.com/docker/metadata-action

.github/workflows/tf_apply.yml

@@ -12,23 +12,31 @@ on:
         type: string
         required: false
         default: production
+      tf_github_owner:
+        description: Terraform GitHub repo owner
+        type: string
+        required: false
+        default: dpc-sdp
 
 env:
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_DEFAULT_REGION: ${{ inputs.aws_default_region }}
-  SUMOLOGIC_ACCESSID: ${{ secrets.SUMOLOGIC_ACCESSID }}
-  SUMOLOGIC_ACCESSKEY: ${{ secrets.SUMOLOGIC_ACCESSKEY }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: ${{ inputs.aws_default_region }}
   EC_API_KEY: ${{ secrets.EC_API_KEY }}
+  GITHUB_OWNER: ${{ inputs.TF_GITHUB_OWNER }}
+  GITHUB_TOKEN: ${{ secrets.TF_GITHUB_TOKEN }}
+  SUMOLOGIC_ACCESSID: ${{ secrets.SUMOLOGIC_ACCESSID }}
+  SUMOLOGIC_ACCESSKEY: ${{ secrets.SUMOLOGIC_ACCESSKEY }}
 
 jobs:
   apply:
     environment: ${{ inputs.environment }}
-    runs-on: ubuntu-latest
+    runs-on:
+      group: organization/Default
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

.github/workflows/tf_diffscheck.yml

@@ -13,16 +13,17 @@ on:
         default: "ops"
 
 env:
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_DEFAULT_REGION: ${{ inputs.aws_default_region }}
-  SUMOLOGIC_ACCESSID: ${{ secrets.SUMOLOGIC_ACCESSID }}
-  SUMOLOGIC_ACCESSKEY: ${{ secrets.SUMOLOGIC_ACCESSKEY }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: ${{ inputs.aws_default_region }}
   EC_API_KEY: ${{ secrets.EC_API_KEY }}
+  GITHUB_OWNER: ${{ vars.TF_GITHUB_OWNER }}
+  SUMOLOGIC_ACCESSID: ${{ secrets.SUMOLOGIC_ACCESSID }}
+  SUMOLOGIC_ACCESSKEY: ${{ secrets.SUMOLOGIC_ACCESSKEY }}
 
 jobs:
   diffscheck:

.github/workflows/tf_plan.yml

@@ -7,21 +7,27 @@ on:
         type: string
         required: false
         default: ap-southeast-2
+      tf_github_owner:
+        description: Terraform GitHub repo owner
+        type: string
+        required: false
+        default: dpc-sdp
 
 env:
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_DEFAULT_REGION: ${{ inputs.aws_default_region }}
-  SUMOLOGIC_ACCESSID: ${{ secrets.SUMOLOGIC_ACCESSID }}
-  SUMOLOGIC_ACCESSKEY: ${{ secrets.SUMOLOGIC_ACCESSKEY }}
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
   ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
   ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
   ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: ${{ inputs.aws_default_region }}
   EC_API_KEY: ${{ secrets.EC_API_KEY }}
+  GITHUB_OWNER: ${{ inputs.tf_github_owner }}
+  GITHUB_TOKEN: ${{ secrets.TF_GITHUB_TOKEN }}
+  SUMOLOGIC_ACCESSID: ${{ secrets.SUMOLOGIC_ACCESSID }}
+  SUMOLOGIC_ACCESSKEY: ${{ secrets.SUMOLOGIC_ACCESSKEY }}
 
 jobs:
-
   plan:
     runs-on: ubuntu-latest
     steps:
@@ -48,7 +54,22 @@ jobs:
 
       - name: Terraform Plan
         id: plan
-        run: terraform plan -no-color -input=false -out=tfplan
+        run: |
+          set +e
+          terraform plan -no-color -input=false -out=tfplan -detailed-exitcode
+          exitcode="$?"
+          echo "exitcode=$exitcode" >> $GITHUB_OUTPUT
+          if [[ $exitcode -eq 2 ]]
+          then
+            exit 0
+          else
+            exit $exitcode  
+          fi
+
+      - name: Check Terraform Plan
+        run: |
+          echo "Terraform plan returned ${{ steps.plan.outputs.exitcode }}"
+          echo "2 = Succeeded with non-empty diff (changes present) "
 
       - name: Render plan diff
         id: show