diff --git a/modules/aks/github-connector/backplane/output.tf b/modules/aks/github-connector/backplane/output.tf index 9db3fc7..24fb7fd 100644 --- a/modules/aks/github-connector/backplane/output.tf +++ b/modules/aks/github-connector/backplane/output.tf @@ -2,38 +2,13 @@ output "config_tf" { description = "Generates a config.tf that can be dropped into meshStack's BuildingBlockDefinition as an encrypted file input to configure this building block." sensitive = true value = <<-EOF - terraform { - backend "azurerm" { - use_azuread_auth = true - tenant_id = "${data.azurerm_subscription.current.tenant_id}" - subscription_id = "${data.azurerm_subscription.current.subscription_id}" - resource_group_name = "${var.tfstates_resource_group_name}" - storage_account_name = "${var.tfstates_storage_account_name}" - container_name = "${var.tfstates_storage_container_name}" - key = "bb-github-connector.tfstate" - - client_id = "${azuread_service_principal.bb_github_connector.client_id}" - client_secret = "${azuread_service_principal_password.bb_github_connector.value}" - } - } - - provider "kubernetes" { + provider "kubernetes" { host = "${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].host}" cluster_ca_certificate = base64decode("${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].cluster_ca_certificate}") client_certificate = base64decode("${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].client_certificate}") client_key = base64decode("${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].client_key}") } - provider "github" { - owner = "likvid-bank" - - app_auth { - id = "654209" - installation_id = "44437049" - pem_file = file("./likvid-bank-devops-toolchain-team.private-key.pem") - } - } - locals { aks_kubeconfig_stub = { apiVersion = "v1" diff --git a/modules/aks/github-connector/buildingblock/README.md b/modules/aks/github-connector/buildingblock/README.md index 821141e..2459c5f 100644 --- a/modules/aks/github-connector/buildingblock/README.md +++ b/modules/aks/github-connector/buildingblock/README.md @@ -49,8 +49,9 @@ No modules. | Name | Type | |------|------| -| [github_actions_secret.container_registry](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_secret) | resource | -| [github_actions_secret.kubeconfig](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_secret) | resource | +| [github_actions_environment_secret.container_registry](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_environment_secret) | resource | +| [github_actions_environment_secret.kubeconfig](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_environment_secret) | resource | +| [github_repository_environment.env](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/repository_environment) | resource | | [github_repository_file.dockerfile](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/repository_file) | resource | | [github_repository_file.workflow](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/repository_file) | resource | | [kubernetes_role.github_actions](https://registry.terraform.io/providers/hashicorp/kubernetes/2.35.1/docs/resources/role) | resource | diff --git a/modules/aks/github-connector/buildingblock/github.tf b/modules/aks/github-connector/buildingblock/github.tf index efdde89..5f3e6ad 100644 --- a/modules/aks/github-connector/buildingblock/github.tf +++ b/modules/aks/github-connector/buildingblock/github.tf @@ -23,27 +23,42 @@ locals { kubeconfig = merge(local.aks_kubeconfig_stub, local.kubeconfig_user) } -resource "github_actions_secret" "kubeconfig" { - repository = var.github_repo +resource "github_repository_environment" "env" { + environment = var.namespace + repository = var.github_repo +} + +resource "github_actions_environment_secret" "kubeconfig" { + environment = var.namespace + repository = github_repository_environment.env.repository secret_name = "KUBECONFIG" plaintext_value = yamlencode(local.kubeconfig) + + depends_on = [ + github_repository_environment.env + ] } -resource "github_actions_secret" "container_registry" { +resource "github_actions_environment_secret" "container_registry" { for_each = { host = local.acr.host username = local.acr.username password = local.acr.password } - repository = var.github_repo + environment = var.namespace + repository = github_repository_environment.env.repository secret_name = "aks_container_registry_${each.key}" plaintext_value = each.value + + depends_on = [ + github_repository_environment.env + ] } resource "github_repository_file" "dockerfile" { - repository = var.github_repo + repository = github_repository_environment.env.repository file = "Dockerfile" content = file("${path.module}/repo_content/Dockerfile") @@ -57,9 +72,9 @@ resource "github_repository_file" "dockerfile" { } resource "github_repository_file" "workflow" { - repository = var.github_repo + repository = github_repository_environment.env.repository - file = ".github/workflows/build-deploy.yml" + file = ".github/workflows/${var.namespace}-deploy.yml" content = templatefile( "${path.module}/repo_content/workflow.yml", { diff --git a/modules/aks/github-connector/buildingblock/provider.tf b/modules/aks/github-connector/buildingblock/provider.tf deleted file mode 100644 index 78182a9..0000000 --- a/modules/aks/github-connector/buildingblock/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "github" {} - -provider "kubernetes" {} diff --git a/modules/aks/github-connector/buildingblock/repo_content/workflow.yml b/modules/aks/github-connector/buildingblock/repo_content/workflow.yml index 7c608c1..f8e09c7 100644 --- a/modules/aks/github-connector/buildingblock/repo_content/workflow.yml +++ b/modules/aks/github-connector/buildingblock/repo_content/workflow.yml @@ -1,4 +1,4 @@ -name: build and deploy +name: ${namespace} on: push: @@ -8,6 +8,7 @@ on: jobs: deploy: runs-on: ubuntu-latest + environment: ${namespace} steps: - uses: actions/checkout@v4