-
Notifications
You must be signed in to change notification settings - Fork 1
115 lines (103 loc) · 5.24 KB
/
terraform-apply.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Terraform Apply with Remote State
run-name: ${{ github.actor }} is deploying on AWS 🚀
on:
push:
branches:
- feature/aws-s3-module
jobs:
Deploy-AWS-Ec2:
runs-on: ubuntu-latest
steps:
#Step 0: Read user mapping
- name: Read User Mapping
id: user-mapping
run: |
USER_MAPPING=$(cat user-mapping.json)
echo "::set-output name=user-mapping::$USER_MAPPING"
# Step 0.1: Set AWS credentials
- name: Set AWS Credentials
run: |
USERNAME="${{ github.actor }}"
USER_MAPPING="${{ steps.user-mapping.outputs.user-mapping }}"
AWS_SECRET_ACCESS_KEY=$(echo $USER_MAPPING | jq -r --arg USERNAME "$USERNAME" '.[$USERNAME].AWS_SECRET_ACCESS_KEY')
AWS_SECRET_KEY_ID=$(echo $USER_MAPPING | jq -r --arg USERNAME "$USERNAME" '.[$USERNAME].AWS_SECRET_KEY_ID')
echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}" >> $GITHUB_ENV
echo "AWS_SECRET_KEY_ID=${AWS_SECRET_KEY_ID}" >> $GITHUB_ENV
# Step 1: Configure AWS credentials
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{ env.AWS_SECRET_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-central-1
# Step 2: Checkout the repository code
- name: Checkout Repository
uses: actions/checkout@v4
# Step 3: Ensure Terraform state S3 bucket exists
- name: Create Terraform State Bucket
run: |
cd terraform/terraform-modules/state-bucket
terraform init
terraform apply -auto-approve || echo "Bucket already exists, continuing..."
# Step 4: Reconfigure Backend to Use S3
- name: Reconfigure Backend to S3
run: |
cd terraform/terraform-modules/tf-ec2-module/
terraform init -backend-config="bucket=terraform_state_bucket" \
-backend-config="key=state/${GITHUB_REF#refs/heads/}/terraform.tfstate" \
-backend-config="region=eu-central-1"
# Step 5: Apply Terraform with S3 backend
- name: Finalize Infrastructure Deployment
run: |
cd terraform/terraform-modules/tf-ec2-module/
terraform apply -auto-approve
# Step 6: Refresh Terraform State to ensure it's up to date with AWS
- name: Refresh Terraform State
run: |
cd terraform/terraform-modules/tf-ec2-module/
terraform refresh
# Step 7: Capture Terraform Outputs to Variables
- name: Capture Terraform Outputs
id: terraform_outputs
run: |
cd terraform/terraform-modules/tf-ec2-module/
export VPC_ID=$(terraform output -raw vpc_id)
export PUBLIC_SUBNET_ID=$(terraform output -raw public_subnet_id)
export PRIVATE_SUBNET_ID=$(terraform output -raw private_subnet_id)
export SECURITY_GROUP_ID=$(terraform output -raw security_group_id)
echo "VPC_ID=$VPC_ID" >> $GITHUB_ENV
echo "PUBLIC_SUBNET_ID=$PUBLIC_SUBNET_ID" >> $GITHUB_ENV
echo "PRIVATE_SUBNET_ID=$PRIVATE_SUBNET_ID" >> $GITHUB_ENV
echo "SECURITY_GROUP_ID=$SECURITY_GROUP_ID" >> $GITHUB_ENV
# Step 8: Validate Resources with AWS CLI
- name: List Resources Created by Terraform
run: |
# List VPC
echo "Listing VPC with ID: $VPC_ID"
aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "Failed to list VPC with ID: $VPC_ID"
# List Public Subnet
echo "Listing Public Subnet with ID: $PUBLIC_SUBNET_ID"
aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Failed to list Public Subnet with ID: $PUBLIC_SUBNET_ID"
# List Private Subnet
echo "Listing Private Subnet with ID: $PRIVATE_SUBNET_ID"
aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Failed to list Private Subnet with ID: $PRIVATE_SUBNET_ID"
# List Security Group
echo "Listing Security Group with ID: $SECURITY_GROUP_ID"
aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Failed to list Security Group with ID: $SECURITY_GROUP_ID"
# Step 9: Destroy Infrastructure
- name: Destroy Infrastructure
run: |
cd terraform/terraform-modules/tf-ec2-module/
terraform destroy -auto-approve
# Step 10: Verify Resources are Destroyed
- name: Verify Resources are Destroyed
run: |
# Verify that resources were destroyed by listing them again
echo "Verifying VPC Destruction..."
aws ec2 describe-vpcs --vpc-ids $VPC_ID || echo "VPC with ID $VPC_ID does not exist."
echo "Verifying Public Subnet Destruction..."
aws ec2 describe-subnets --subnet-ids $PUBLIC_SUBNET_ID || echo "Public Subnet with ID $PUBLIC_SUBNET_ID does not exist."
echo "Verifying Private Subnet Destruction..."
aws ec2 describe-subnets --subnet-ids $PRIVATE_SUBNET_ID || echo "Private Subnet with ID $PRIVATE_SUBNET_ID does not exist."
echo "Verifying Security Group Destruction..."
aws ec2 describe-security-groups --group-ids $SECURITY_GROUP_ID || echo "Security Group with ID $SECURITY_GROUP_ID does not exist."