Terraform Infrastructure #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Infrastructure | |
| on: | |
| workflow_dispatch: | |
| workflow_call: | |
| outputs: | |
| result: | |
| description: "Result of the Terraform apply action" | |
| value: ${{ jobs.terraform.outputs.result }} | |
| cluster_name: | |
| description: "Name of the cluster from Terraform outputs" | |
| value: ${{ jobs.terraform.outputs.cluster_name }} | |
| app_namespace: | |
| description: "Application namespace from Terraform outputs" | |
| value: ${{ jobs.terraform.outputs.app_namespace }} | |
| monitoring_namespace: | |
| description: "Monitoring namespace from Terraform outputs" | |
| value: ${{ jobs.terraform.outputs.monitoring_namespace }} | |
| argocd_namespace: | |
| description: "ArgoCD namespace from Terraform outputs" | |
| value: ${{ jobs.terraform.outputs.argocd_namespace }} | |
| app_name: | |
| description: "Application name from Terraform outputs" | |
| value: ${{ jobs.terraform.outputs.app_name }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| jobs: | |
| terraform: | |
| name: Terraform Deployment | |
| runs-on: ubuntu-latest | |
| environment: production | |
| outputs: | |
| result: ${{ steps.terraform-action.outcome }} | |
| cluster_name: ${{ steps.terraform-outputs.outputs.cluster_name }} | |
| app_namespace: ${{ steps.terraform-outputs.outputs.app_namespace }} | |
| monitoring_namespace: ${{ steps.terraform-outputs.outputs.monitoring_namespace }} | |
| argocd_namespace: ${{ steps.terraform-outputs.outputs.argocd_namespace }} | |
| app_name: ${{ steps.terraform-outputs.outputs.app_name }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v5 | |
| - name: Debug GitHub Context | |
| run: | | |
| echo "Repository: ${{ github.repository }}" | |
| echo "Ref: ${{ github.ref }}" | |
| echo "Event: ${{ github.event_name }}" | |
| echo "Expected sub claim: repo:${{ github.repository }}:ref:${{ github.ref }}" | |
| echo "Actual repository: karimzakzouk/graduation-project-devops" | |
| AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID }} | |
| echo "AWS_ACCOUNT_ID: $AWS_ACCOUNT_ID" | |
| - name: Configure AWS credentials via OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::382284572497:role/GitHubActionsInfraRole | |
| aws-region: us-east-1 | |
| - name: Setup Terraform | |
| uses: hashicorp/[email protected] | |
| with: | |
| terraform_version: 1.5.7 | |
| - name: Terraform Init | |
| run: terraform init | |
| working-directory: ./Terraform | |
| - name: Terraform Plan | |
| run: terraform plan | |
| working-directory: ./Terraform | |
| - name: Terraform Apply | |
| id: terraform-action | |
| run: terraform apply -auto-approve | |
| working-directory: ./Terraform | |
| - name: Get Terraform outputs | |
| id: terraform-outputs | |
| run: | | |
| CLUSTER_NAME=$(terraform output -raw cluster_name) | |
| APP_NAMESPACE=$(terraform output -raw app_namespace) | |
| MONITORING_NAMESPACE=$(terraform output -raw monitoring_namespace) | |
| ARGOCD_NAMESPACE=$(terraform output -raw argocd_namespace) | |
| APP_NAME=$(terraform output -raw app_name) | |
| echo "CLUSTER_NAME=$CLUSTER_NAME" >> $GITHUB_ENV | |
| echo "APP_NAMESPACE=$APP_NAMESPACE" >> $GITHUB_ENV | |
| echo "MONITORING_NAMESPACE=$MONITORING_NAMESPACE" >> $GITHUB_ENV | |
| echo "ARGOCD_NAMESPACE=$ARGOCD_NAMESPACE" >> $GITHUB_ENV | |
| echo "APP_NAME=$APP_NAME" >> $GITHUB_ENV | |
| echo "cluster_name=$CLUSTER_NAME" >> $GITHUB_OUTPUT | |
| echo "app_namespace=$APP_NAMESPACE" >> $GITHUB_OUTPUT | |
| echo "monitoring_namespace=$MONITORING_NAMESPACE" >> $GITHUB_OUTPUT | |
| echo "argocd_namespace=$ARGOCD_NAMESPACE" >> $GITHUB_OUTPUT | |
| echo "app_name=$APP_NAME" >> $GITHUB_OUTPUT | |
| working-directory: ./Terraform | |
| - name: Set GitHub repository variables | |
| run: | | |
| CLUSTER_NAME=$(terraform output -raw cluster_name) | |
| APP_NAMESPACE=$(terraform output -raw app_namespace) | |
| MONITORING_NAMESPACE=$(terraform output -raw monitoring_namespace) | |
| ARGOCD_NAMESPACE=$(terraform output -raw argocd_namespace) | |
| APP_NAME=$(terraform output -raw app_name) | |
| # Create or update repo variables via GitHub CLI | |
| gh variable set CLUSTER_NAME --body "$CLUSTER_NAME" --repo $GITHUB_REPOSITORY | |
| gh variable set APP_NAMESPACE --body "$APP_NAMESPACE" --repo $GITHUB_REPOSITORY | |
| gh variable set MONITORING_NAMESPACE --body "$MONITORING_NAMESPACE" --repo $GITHUB_REPOSITORY | |
| gh variable set ARGOCD_NAMESPACE --body "$ARGOCD_NAMESPACE" --repo $GITHUB_REPOSITORY | |
| gh variable set APP_NAME --body "$APP_NAME" --repo $GITHUB_REPOSITORY | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PAT_GITHUB }} | |
| working-directory: ./Terraform |