Ngnix conf #28
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Fibonacci Infrastructure | |
| on: | |
| pull_request: | |
| branches: | |
| - '*' | |
| paths: | |
| - 'iac/fibonacci_app_v1/*.tf' | |
| workflow_dispatch: | |
| jobs: | |
| cost_infra: | |
| name: Cost Infrastructure | |
| uses: ./.github/workflows/infracost.yaml | |
| with: | |
| BASE_BRANCH: ${{ github.event.pull_request.base.ref }} | |
| PR_ID: ${{ github.event.pull_request.number }} | |
| PR_STATUS: ${{ github.event.pull_request.merged }} | |
| PR_URL: ${{ github.event.pull_request.html_url }} | |
| secrets: | |
| API_KEY: ${{ secrets.INFRACOST_API_KEY }} | |
| plan_fibonacci_v1: | |
| runs-on: ubuntu-latest | |
| name: Plan Fibonacci V1 using Terraform | |
| needs: [ | |
| cost_infra | |
| ] | |
| defaults: | |
| run: | |
| working-directory: ./iac/fibonacci_app_v1 | |
| steps: | |
| - name: checkout repository | |
| uses: actions/checkout@v3 | |
| - name: auth | |
| uses: azure/#@v2 | |
| with: | |
| creds: '{"clientId": "${{ secrets.ARM_CLIENT_ID }}", "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", "tenantId": "${{ secrets.ARM_TENANT_ID }}", "subscriptionId": "${{ vars.ARM_SUBSCRIPTION_ID }}"}' | |
| - name: get runner ip | |
| id: runner_ip | |
| run: | | |
| IP_ADDR=$(curl -s https://ifconfig.me/ip) | |
| echo "IPADDR=$IP_ADDR" >> $GITHUB_OUTPUT | |
| - name: modify state storage acl | |
| run: | | |
| az storage account network-rule add --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1 | |
| echo "Pausing for 60 seconds to ensure the ACL has been set..." | |
| sleep 60 | |
| - name: install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ vars.TERRAFORM_VERSION }} | |
| - name: Terraform fmt | |
| id: fmt | |
| run: terraform fmt -check | |
| continue-on-error: true | |
| - name: terraform init | |
| id: init | |
| run: | | |
| # export variables as environment variables | |
| export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }} | |
| export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }} | |
| export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }} | |
| export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }} | |
| export ARM_USE_AZUREAD=true | |
| terraform init \ | |
| -upgrade \ | |
| -input=false \ | |
| -backend-config="storage_account_name=${{ vars.STATE_STORAGE_ACCOUNT }}" \ | |
| -backend-config="container_name=${{ vars.FB_STATE_STORAGE_CONTAINER }}" \ | |
| -backend-config="key=${{ vars.FB_STATE_FILE_NAME }}" | |
| - name: Terraform Validate | |
| id: validate | |
| run: terraform validate -no-color | |
| - name: terraform plan | |
| id: plan | |
| run: | | |
| # export variables as environment variables | |
| export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }} | |
| export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }} | |
| export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }} | |
| export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }} | |
| export ARM_USE_AZUREAD=true | |
| export TF_VAR_docker_image_tag=sbx | |
| export TF_VAR_psql_admin_password=${{ secrets.PSQL_ADMIN_PASSWORD }} | |
| export TF_VAR_psql_admin_username=${{ secrets.PSQL_ADMIN_USERNAME }} | |
| terraform plan -no-color -out out.tfplan | |
| terraform show -no-color out.tfplan > plan.md | |
| sed -i '3 i\```' plan.md | |
| echo '```' >> plan.md | |
| cat plan.md > $GITHUB_STEP_SUMMARY | |
| - name: Add Comment to PR | |
| uses: actions/github-script@v7 | |
| env: | |
| PLAN: ${{ steps.plan.outputs.stdout }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` | |
| <details><summary>Formatting Output</summary> | |
| \`\`\`\n | |
| ${{ steps.fmt.outputs.stdout }} | |
| \`\`\` | |
| </details> | |
| #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` | |
| <details><summary>Validation Output</summary> | |
| \`\`\`\n | |
| ${{ steps.validate.outputs.stdout }} | |
| \`\`\` | |
| </details> | |
| #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\`\n | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details> | |
| Pusher: @${{ github.actor }} | |
| Action: ${{ github.event_name }} | |
| Workflow: ${{ github.workflow }}`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| - name: modify state storage acl - clean up | |
| if: always() | |
| run: | | |
| az storage account network-rule remove --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1 | |
| deploy_infra_to_sandbox_test_and_destroy: | |
| runs-on: ubuntu-latest | |
| name: Deploy Infrastructure using Terraform | |
| needs: [ | |
| plan_fibonacci_v1 | |
| ] | |
| defaults: | |
| run: | |
| working-directory: ./tests | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Authenticate with Azure | |
| uses: azure/#@v2 | |
| with: | |
| creds: '{"clientId": "${{ secrets.ARM_CLIENT_ID }}", "clientSecret": "${{ secrets.ARM_CLIENT_SECRET }}", "tenantId": "${{ secrets.ARM_TENANT_ID }}", "subscriptionId": "${{ vars.ARM_SUBSCRIPTION_ID }}"}' | |
| - name: get runner ip | |
| id: runner_ip | |
| run: | | |
| IP_ADDR=$(curl -s https://ifconfig.me/ip) | |
| echo "IPADDR=$IP_ADDR" >> $GITHUB_OUTPUT | |
| - name: modify state storage acl | |
| run: | | |
| az storage account network-rule add --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1 | |
| echo "Pausing for 60 seconds to ensure the ACL has been set..." | |
| sleep 60 | |
| - name: install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ vars.TERRAFORM_VERSION }} | |
| - name: Run tests | |
| id: tests | |
| run: | | |
| # Setup Go environment | |
| GOPATH="$HOME/go" | |
| export GOPATH | |
| PATH=$PATH:$GOPATH/bin | |
| export PATH | |
| # export variables as environment variables | |
| export ARM_CLIENT_OBJECT_ID=${{ secrets.ARM_CLIENT_OBJECT_ID }} | |
| export ARM_CLIENT_ID=${{ secrets.ARM_CLIENT_ID }} | |
| export ARM_CLIENT_SECRET=${{ secrets.ARM_CLIENT_SECRET }} | |
| export ARM_TENANT_ID=${{ secrets.ARM_TENANT_ID }} | |
| export ARM_SUBSCRIPTION_ID=${{ vars.ARM_SUBSCRIPTION_ID }} | |
| export ARM_USE_AZUREAD=true | |
| export STORAGE_ACCOUNT_NAME=${{ vars.STATE_STORAGE_ACCOUNT }} | |
| export CONTAINER_NAME=${{ vars.FB_STATE_STORAGE_CONTAINER }} | |
| export KEY=${{ vars.FB_STATE_FILE_NAME }} | |
| export DOCKER_IMAGE_TAG=sbx | |
| export PSQL_ADMIN_PASSWORD=${{ secrets.PSQL_ADMIN_PASSWORD }} | |
| export PSQL_ADMIN_USERNAME=${{ secrets.PSQL_ADMIN_USERNAME }} | |
| # Install Go Junit reporter | |
| go install github.com/jstemmer/go-junit-report/v2@latest | |
| # Run Go tests | |
| go test -v -timeout 5000s ./... | go-junit-report -set-exit-code > report.xml | |
| - name: Upload test summary | |
| uses: test-summary/action@v1 | |
| with: | |
| paths: | | |
| tests/report.xml | |
| if: always() | |
| - name: modify state storage acl - clean up | |
| run: | | |
| az storage account network-rule remove --account-name ${{ vars.STATE_STORAGE_ACCOUNT }} --ip-address ${{ steps.runner_ip.outputs.IPADDR }} --subscription ${{ vars.ARM_SUBSCRIPTION_ID }} > /dev/null 2>&1 | |
| if: always() |