-
Notifications
You must be signed in to change notification settings - Fork 0
134 lines (120 loc) · 4.26 KB
/
crossplane-release.yaml
File metadata and controls
134 lines (120 loc) · 4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
on:
workflow_call:
inputs:
environment:
required: true
type: string
service_name:
required: true
type: string
permissions:
id-token: write
contents: read
pull-requests: write
statuses: write
jobs:
crossplane-terraform:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
-
name: Checkout shared-actions
uses: actions/checkout@v4
with:
repository: vimeda/shared-actions
path: ./scripts
ref: feature/shared-crossplane
-
name: Checkout service
uses: actions/checkout@v4
with:
ref: ${{ github.ref }}
path: ./scripts/${{ inputs.service_name }}
-
name: Install yq
uses: chrisdickinson/setup-yq@v1.0.1
with:
yq-version: v4.25.3
-
name: Install 1Password CLI
uses: 1password/install-cli-action@v1
-
name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-${{ inputs.service_name }}-role
role-session-name: ga-${{ inputs.service_name }}
aws-region: eu-central-1
-
name: Install Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ~1.9
#build lambdas zip or lambda docker images
- name: Build lambdas
if: ${{inputs.run_zip_lambda_workflow_step == true}}
run: cd ${{ github.workspace }} && make lambda
env:
GITHUB_TOKEN: ${{ secrets.GB_TOKEN_PRIVATE }}
GOPRIVATE: "github.com/vimeda/*"
- name: Upload Build Artifacts
if: ${{inputs.run_zip_lambda_workflow_step == true}}
uses: actions/upload-artifact@v4
with:
name: srv-lambdas
path: ${{ github.workspace }}/dist/*
- uses: actions/download-artifact@v4
id: download
if: ${{inputs.run_zip_lambda_workflow_step == true}}
with:
name: srv-lambdas
path: ${{ github.workspace }}/dist
- name: Display structure of downloaded files
if: ${{env.run_zip_lambda_workflow_step == true}}
run: ls -R
working-directory: ${{ steps.download.outputs.download-path }}
env:
run_zip_lambda_workflow_step: ${{ inputs.run_zip_lambda_workflow_step }}
- name: Push all functions to Bucket
if: ${{env.run_zip_lambda_workflow_step == true}}
run: |
cd ${{ github.workspace }}/dist && ls
for file in "./"/*lambda.zip
do
filename=$(basename "$file" .zip)
function_name=${filename%_lambda}
aws s3 cp "$file" "s3://${{inputs.env}}-lykon-lambdas/${{ github.event.repository.name}}/$function_name.zip"
done
env:
run_zip_lambda_workflow_step: ${{ inputs.run_zip_lambda_workflow_step }}
#apply terraform
-
name: Terraform Init
working-directory: ./scripts/crossplane
run: |
terraform init \
-backend-config="region=eu-central-1" \
-backend-config="bucket=terraform-eks" \
-backend-config="key=crossplane/${{ inputs.environment }}/${{ inputs.service_name }}"
-
name: Terraform Validate
working-directory: ./scripts/crossplane
run: |
terraform validate -no-color
-
name: Terraform
working-directory: ./scripts/crossplane
run: |
echo "${{ secrets.PRD_KUBECONFIG }}" > ${{ github.workspace }}/kubeconfig.yaml
export KUBECONFIG=${{ github.workspace }}/kubeconfig.yaml
terraform apply -auto-approve -no-color \
-var-file=${{ inputs.environment }}.tfvars \
-var="commit_hash=${{ github.sha }}" \
-var="config_path=${{ github.workspace }}/kubeconfig.yaml" \
# -var="cluster_ca_certificate=${{ secrets.EKS_PRD_CA_DATA }}" \
# -var="cluster_endpoint=${{ secrets.EKS_PRD_HOST }}" \
-var="service_name=${{ inputs.service_name }}"
env:
TF_WORKSPACE: ${{ inputs.environment }}
KUBECONFIG: ${{ secrets.PRD_KUBECONFIG }}
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.PROD_ONEPASSWORD_SERVICEACCOUNT_TOKEN }}