Chore/argo #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| plan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| - uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - uses: dcarbone/install-jq-action@v3 | |
| - name: Write files | |
| env: | |
| ZITADEL_KEY: ${{ secrets.ZITADEL_KEY }} | |
| BACKEND_CONFIG: ${{ secrets.BACKEND_CONFIG }} | |
| OCI_BACKEND_CONFIG: ${{ secrets.OCI_BACKEND_CONFIG }} | |
| CLUSTER_BACKEND_CONFIG: ${{ secrets.CLUSTER_BACKEND_CONFIG }} | |
| run: | | |
| echo "$ZITADEL_KEY" > ./bootstrap/.zitadel | |
| echo "$BACKEND_CONFIG" > ./bootstrap/.backend.config | |
| echo "$OCI_BACKEND_CONFIG" > ./bootstrap/oci/.backend.config | |
| echo "$CLUSTER_BACKEND_CONFIG" > ./bootstrap/cluster/.backend.config | |
| touch ./bootstrap/.tfvars | |
| - name: Plan OCI | |
| env: | |
| TF_VAR_compartment_ocid: ${{ secrets.COMPARTMENT_OCID }} | |
| TF_VAR_tenancy_ocid: ${{ secrets.TENANCY_OCID }} | |
| TF_VAR_user_ocid: ${{ secrets.USER_OCID }} | |
| TF_VAR_fingerprint: ${{ secrets.FINGERPRINT }} | |
| TF_VAR_region: ${{ secrets.REGION }} | |
| TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} | |
| TF_VAR_bastion_ssh_public_key: ${{ secrets.BASTION_SSH_PUBLIC_KEY }} | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_remote_wireguard_public_key: ${{ secrets.REMOTE_WIREGUARD_PUBLIC_KEY }} | |
| TF_VAR_remote_wireguard_host: ${{ secrets.REMOTE_WIREGUARD_HOST }} | |
| TF_VAR_remote_wireguard_peer_cidr: ${{ secrets.REMOTE_WIREGUARD_PEER_CIDR }} | |
| TF_VAR_remote_wireguard_cidr: ${{ secrets.REMOTE_WIREGUARD_CIDR }} | |
| TF_VAR_remote_subnet_cidr: ${{ secrets.REMOTE_SUBNET_CIDR }} | |
| TF_VAR_acme_email: ${{ secrets.ACME_EMAIL }} | |
| TF_VAR_cluster_name: ${{ secrets.CLUSTER_NAME }} | |
| TF_VAR_cluster_domain: ${{ secrets.CLUSTER_DOMAIN }} | |
| TF_VAR_talos_image_oci_bucket_url: ${{ secrets.TALOS_IMAGE_OCI_BUCKET_URL }} | |
| TF_VAR_zitadel_host: ${{ secrets.ZITADEL_HOST }} | |
| TF_VAR_zitadel_org: ${{ secrets.ZITADEL_ORG }} | |
| working-directory: ./bootstrap | |
| run: make plan-oci | |
| # - name: Bastion | |
| # env: | |
| # TF_VAR_compartment_ocid: ${{ secrets.COMPARTMENT_OCID }} | |
| # TF_VAR_tenancy_ocid: ${{ secrets.TENANCY_OCID }} | |
| # TF_VAR_user_ocid: ${{ secrets.USER_OCID }} | |
| # TF_VAR_fingerprint: ${{ secrets.FINGERPRINT }} | |
| # TF_VAR_region: ${{ secrets.REGION }} | |
| # TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} | |
| # | |
| # TF_VAR_bastion_ssh_public_key: ${{ secrets.BASTION_SSH_PUBLIC_KEY }} | |
| # | |
| # TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| # | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| # | |
| # TF_VAR_remote_wireguard_public_key: ${{ secrets.REMOTE_WIREGUARD_PUBLIC_KEY }} | |
| # TF_VAR_remote_wireguard_host: ${{ secrets.REMOTE_WIREGUARD_HOST }} | |
| # TF_VAR_remote_wireguard_peer_cidr: ${{ secrets.REMOTE_WIREGUARD_PEER_CIDR }} | |
| # TF_VAR_remote_wireguard_cidr: ${{ secrets.REMOTE_WIREGUARD_CIDR }} | |
| # TF_VAR_remote_subnet_cidr: ${{ secrets.REMOTE_SUBNET_CIDR }} | |
| # | |
| # TF_VAR_acme_email: ${{ secrets.ACME_EMAIL }} | |
| # | |
| # TF_VAR_cluster_name: ${{ secrets.CLUSTER_NAME }} | |
| # TF_VAR_cluster_domain: ${{ secrets.CLUSTER_DOMAIN }} | |
| # TF_VAR_talos_image_oci_bucket_url: ${{ secrets.TALOS_IMAGE_OCI_BUCKET_URL }} | |
| # | |
| # TF_VAR_zitadel_host: ${{ secrets.ZITADEL_HOST }} | |
| # TF_VAR_zitadel_org: ${{ secrets.ZITADEL_ORG }} | |
| # working-directory: ./bootstrap | |
| # run: | | |
| # make bastion-sessions | |
| # make start-bastion-sessions | |
| # | |
| # - name: Plan Cluster | |
| # env: | |
| # TF_VAR_compartment_ocid: ${{ secrets.COMPARTMENT_OCID }} | |
| # TF_VAR_tenancy_ocid: ${{ secrets.TENANCY_OCID }} | |
| # TF_VAR_user_ocid: ${{ secrets.USER_OCID }} | |
| # TF_VAR_fingerprint: ${{ secrets.FINGERPRINT }} | |
| # TF_VAR_region: ${{ secrets.REGION }} | |
| # TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }} | |
| # | |
| # TF_VAR_bastion_ssh_public_key: ${{ secrets.BASTION_SSH_PUBLIC_KEY }} | |
| # | |
| # TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| # | |
| # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| # | |
| # | |
| # TF_VAR_remote_wireguard_public_key: ${{ secrets.REMOTE_WIREGUARD_PUBLIC_KEY }} | |
| # TF_VAR_remote_wireguard_host: ${{ secrets.REMOTE_WIREGUARD_HOST }} | |
| # TF_VAR_remote_wireguard_peer_cidr: ${{ secrets.REMOTE_WIREGUARD_PEER_CIDR }} | |
| # TF_VAR_remote_wireguard_cidr: ${{ secrets.REMOTE_WIREGUARD_CIDR }} | |
| # TF_VAR_remote_subnet_cidr: ${{ secrets.REMOTE_SUBNET_CIDR }} | |
| # | |
| # TF_VAR_acme_email: ${{ secrets.ACME_EMAIL }} | |
| # | |
| # TF_VAR_cluster_name: ${{ secrets.CLUSTER_NAME }} | |
| # TF_VAR_cluster_domain: ${{ secrets.CLUSTER_DOMAIN }} | |
| # TF_VAR_talos_image_oci_bucket_url: ${{ secrets.TALOS_IMAGE_OCI_BUCKET_URL }} | |
| # | |
| # TF_VAR_zitadel_host: ${{ secrets.ZITADEL_HOST }} | |
| # TF_VAR_zitadel_org: ${{ secrets.ZITADEL_ORG }} | |
| # working-directory: ./bootstrap | |
| # run: make plan-cluster | |
| # | |
| # - name: stop bastion | |
| # working-directory: ./bootstrap | |
| # run: make stop-bastion-sessions |