Ngnix conf #21

# to view logs

Workflow file for this run

.github/workflows/validate_fibonacci_v1_infra.yaml at d7be51c

	name: Validate Fibonacci Infrastructure
	on:
	pull_request:
	branches:
	- '*'
	paths:
	- 'iac/fibonacci_app_v1/*.tf'
	workflow_dispatch:

	jobs:
	cost_infra:
	uses: ./.github/workflows/infracost.yaml
	with:
	BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
	PR_ID: ${{ github.event.pull_request.number }}
	PR_STATUS: ${{ github.event.pull_request.merged }}
	PR_URL: ${{ github.event.pull_request.html_url }}
	secrets:
	API_KEY: ${{ secrets.INFRACOST_API_KEY }}

	#scan_iac:
	# uses:

	plan_fibonacci_v1:
	runs-on: ubuntu-latest
	name: Plan Fibonacci V1 using Terraform
	needs: [
	cost_infra
	]

	defaults:
	run:
	working-directory: ./iac/fibonacci_app_v1

	steps:
	- name: checkout repository
	uses: actions/checkout@v3

	- name: auth
	uses: azure/#@v2
	with:
	creds: '{"clientId": "${{ secrets.ARM_CLIENT_ID }}", "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", "tenantId": "${{ secrets.ARM_TENANT_ID }}", "subscriptionId": "${{ vars.ARM_SUBSCRIPTION_ID }}"}'

	- name: get runner ip
	id: runner_ip
	run: \|
	IP_ADDR=$(curl -s https://ifconfig.me/ip)
	echo "IPADDR=$IP_ADDR" >> $GITHUB_OUTPUT

	- name: modify state storage acl
	run: \|
	az storage account network-rule add --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1
	echo "Pausing for 60 seconds to ensure the ACL has been set..."
	sleep 60

	- name: install terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ vars.TERRAFORM_VERSION }}

	- name: Terraform fmt
	id: fmt
	run: terraform fmt -check
	continue-on-error: true

	- name: terraform init
	id: init
	run: \|
	# export variables as environment variables
	export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }}
	export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }}
	export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}
	export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }}
	export ARM_USE_AZUREAD=true

	terraform init \
	-upgrade \
	-input=false \
	-backend-config="storage_account_name=${{ vars.STATE_STORAGE_ACCOUNT }}" \
	-backend-config="container_name=${{ vars.FB_STATE_STORAGE_CONTAINER }}" \
	-backend-config="key=${{ vars.FB_STATE_FILE_NAME }}"

	- name: Terraform Validate
	id: validate
	run: terraform validate -no-color

	- name: terraform plan
	id: plan
	run: \|
	# export variables as environment variables
	export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }}
	export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }}
	export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}
	export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }}
	export ARM_USE_AZUREAD=true
	export TF_VAR_docker_image_tag=sbx
	export TF_VAR_psql_admin_password=${{ secrets.PSQL_ADMIN_PASSWORD }}
	export TF_VAR_psql_admin_username=${{ secrets.PSQL_ADMIN_USERNAME }}

	terraform plan -no-color -out out.tfplan

	terraform show -no-color out.tfplan > plan.md

	sed -i '3 i\```' plan.md
	echo '```' >> plan.md

	cat plan.md > $GITHUB_STEP_SUMMARY

	- name: Add Comment to PR
	uses: actions/github-script@v7
	env:
	PLAN: ${{ steps.plan.outputs.stdout }}
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
	<details><summary>Formatting Output</summary>

	\`\`\`\n
	${{ steps.fmt.outputs.stdout }}
	\`\`\`

	</details>

	#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
	<details><summary>Validation Output</summary>

	\`\`\`\n
	${{ steps.validate.outputs.stdout }}
	\`\`\`

	</details>

	#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`

	<details><summary>Show Plan</summary>

	\`\`\`\n
	${process.env.PLAN}
	\`\`\`

	</details>

	Pusher: @${{ github.actor }}
	Action: ${{ github.event_name }}
	Workflow: ${{ github.workflow }}`;

	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})

	- name: modify state storage acl - clean up
	if: always()
	run: \|
	az storage account network-rule remove --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1

	deploy_infra_to_sandbox:
	runs-on: ubuntu-latest
	name: Deploy Infrastructure using Terraform
	needs: [
	plan_fibonacci_v1
	]

	defaults:
	run:
	working-directory: ./iac/fibonacci_app_v1

	steps:
	- name: checkout repository
	uses: actions/checkout@v3

	- name: auth
	uses: azure/#@v2
	with:
	creds: '{"clientId": "${{ secrets.ARM_CLIENT_ID }}", "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", "tenantId": "${{ secrets.ARM_TENANT_ID }}", "subscriptionId": "${{ vars.ARM_SUBSCRIPTION_ID }}"}'

	- name: get runner ip
	id: runner_ip
	run: \|
	IP_ADDR=$(curl -s https://ifconfig.me/ip)
	echo "IPADDR=$IP_ADDR" >> $GITHUB_OUTPUT

	- name: modify state storage acl
	run: \|
	az storage account network-rule add --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1
	echo "Pausing for 60 seconds to ensure the ACL has been set..."
	sleep 60

	- name: install terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ vars.TERRAFORM_VERSION }}

	- name: terraform init
	id: init
	run: \|
	# export variables as environment variables
	export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }}
	export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }}
	export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}
	export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }}
	export ARM_USE_AZUREAD=true

	terraform init \
	-upgrade \
	-input=false \
	-backend-config="storage_account_name=${{ vars.STATE_STORAGE_ACCOUNT }}" \
	-backend-config="container_name=${{ vars.FB_STATE_STORAGE_CONTAINER }}" \
	-backend-config="key=${{ vars.FB_STATE_FILE_NAME }}"

	- name: terraform apply
	id: apply
	run: \|
	# export variables as environment variables
	export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }}
	export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }}
	export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}
	export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }}
	export ARM_USE_AZUREAD=true
	export TF_VAR_docker_image_tag=sbx
	export TF_VAR_psql_admin_password=${{ secrets.PSQL_ADMIN_PASSWORD }}
	export TF_VAR_psql_admin_username=${{ secrets.PSQL_ADMIN_USERNAME }}

	terraform apply --auto-approve

	- name: modify state storage acl - clean up
	if: always()
	run: \|
	az storage account network-rule remove --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1

	- name: Add Comment to PR
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const output = `#### Terraform Apply :heavy_check_mark: \`${{ steps.apply.outcome }}\`

	#### Check :mag: - Sandbox deployment is correct...`;

	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})

	check_deployment_to_sandbox:
	runs-on: ubuntu-latest
	name: Check the sandbox deployment
	environment: sandbox
	needs: deploy_infra_to_sandbox

	defaults:
	run:
	working-directory: ./iac/fibonacci_app_v1

	steps:
	- name: Add Comment to PR
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const output = `#### Manual check complete :mag:`;

	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})

	destroy_sandbox_infra:
	runs-on: ubuntu-latest
	name: Destroy Infrastructure using Terraform
	needs: check_deployment_to_sandbox

	defaults:
	run:
	working-directory: ./iac/fibonacci_app_v1

	steps:
	- name: checkout repository
	uses: actions/checkout@v3

	- name: auth
	uses: azure/#@v2
	with:
	creds: '{"clientId": "${{ secrets.ARM_CLIENT_ID }}", "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", "tenantId": "${{ secrets.ARM_TENANT_ID }}", "subscriptionId": "${{ vars.ARM_SUBSCRIPTION_ID }}"}'

	- name: get runner ip
	id: runner_ip
	run: \|
	IP_ADDR=$(curl -s https://ifconfig.me/ip)
	echo "IPADDR=$IP_ADDR" >> $GITHUB_OUTPUT

	- name: modify state storage acl
	run: \|
	az storage account network-rule add --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1
	echo "Pausing for 60 seconds to ensure the ACL has been set..."
	sleep 60

	- name: install terraform
	uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: ${{ vars.TERRAFORM_VERSION }}

	- name: terraform init
	id: init
	run: \|
	# export variables as environment variables
	export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }}
	export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }}
	export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}
	export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }}
	export ARM_USE_AZUREAD=true

	terraform init \
	-upgrade \
	-input=false \
	-backend-config="storage_account_name=${{ vars.STATE_STORAGE_ACCOUNT }}" \
	-backend-config="container_name=${{ vars.FB_STATE_STORAGE_CONTAINER }}" \
	-backend-config="key=${{ vars.FB_STATE_FILE_NAME }}"

	- name: terraform apply
	id: destroy
	run: \|
	# export variables as environment variables
	export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }}
	export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }}
	export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }}
	export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }}
	export ARM_USE_AZUREAD=true
	export TF_VAR_docker_image_tag=sbx
	export TF_VAR_psql_admin_password=${{ secrets.PSQL_ADMIN_PASSWORD }}
	export TF_VAR_psql_admin_username=${{ secrets.PSQL_ADMIN_USERNAME }}

	terraform destroy --auto-approve

	- name: modify state storage acl - clean up
	if: always()
	run: \|
	az storage account network-rule remove --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1

	- name: Add Comment to PR
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const output = `#### Terraform Destroy :heavy_check_mark: \`${{ steps.destroy.outcome }}\`

	#### Sandbox removed! :heavy_check_mark: `;

	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: output
	})

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Ngnix conf #21

Workflow file

Ngnix conf #21

Jobs

Run details

Workflow file for this run