updated perm #65
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow will create AWS resource using TF Cloud | |
# It is reusable workflow that can be called in other workflows | |
name: AWS Infra Creation Using in TF Cloud | |
on: | |
workflow_call: | |
secrets: | |
TF_API_TOKEN: | |
required: true | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
workflow_dispatch: | |
env: | |
tfcode_path: tfcloud_samples/amazon_ec2 | |
tfc_hostname: app.terraform.io | |
tfc_organisation: gsaravanan-tf | |
tfc_workspace: example-workspace | |
jobs: | |
aws_tfc_job: | |
name: Create AWS Infra Using TFC | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout tf code in runner environment | |
uses: actions/[email protected] | |
# Configure Terraform cloud API token, since we are using Remote backend option of Terraform cloud in AWS code | |
- name: Setup Terraform CLI | |
uses: hashicorp/[email protected] | |
with: | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
# Add the AWS Creds as ENV variable in TF Cloud workspace, since the tf run happens in TF Cloud environment | |
# Invoke the Terraform commands | |
- name: Terraform init and validate | |
run: | | |
echo `pwd` | |
echo "** Running Terraform Init**" | |
terraform init | |
echo "** Running Terraform Validate**" | |
terraform validate | |
working-directory: ${{ env.tfcode_path }} | |
- name: Terraform Plan | |
uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
id: run | |
with: | |
workspace: ${{ env.tfc_workspace }} | |
plan_only: true | |
message: "Plan Run from GitHub Actions" | |
## Can specify hostname,token,organization as direct inputs | |
hostname: ${{ env.tfc_hostname }} | |
token: ${{ secrets.TF_API_TOKEN }} | |
organization: ${{ env.tfc_organisation }} | |
- name: Terraform Plan Output | |
uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
id: plan-output | |
with: | |
hostname: ${{ env.tfc_hostname }} | |
token: ${{ secrets.TF_API_TOKEN }} | |
organization: ${{ env.tfc_organisation }} | |
plan: ${{ steps.run.outputs.plan_id }} | |
- name: Reference Plan Output | |
run: | | |
echo "Plan status: ${{ steps.plan-output.outputs.plan_status }}" | |
echo "Resources to Add: ${{ steps.plan-output.outputs.add }}" | |
echo "Resources to Change: ${{ steps.plan-output.outputs.change }}" | |
echo "Resources to Destroy: ${{ steps.plan-output.outputs.destroy }}" | |
# Once the user verifies the Terraform Plan, the user can run the Terraform Apply and Destroy commands | |
apply_terraform_plan: | |
needs: aws_tfc_job | |
if: github.event_name == 'workflow_dispatch' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/[email protected] | |
- name: Setup Terraform CLI | |
uses: hashicorp/[email protected] | |
with: | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
# Invoke the Terraform commands | |
- name: Terraform init and validate | |
run: | | |
echo `pwd` | |
echo "** Running Terraform Init**" | |
terraform init | |
echo "** Running Terraform Validate**" | |
terraform validate | |
working-directory: ${{ env.tfcode_path }} | |
- name: Terraform Apply | |
run: echo "** Running Terraform Apply**"; terraform apply -auto-approve | |
working-directory: ${{ env.tfcode_path }} | |
- name: Terraform Destroy | |
run: echo "** Running Terraform Destroy**"; terraform destroy -auto-approve | |
working-directory: ${{ env.tfcode_path }} |