-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adds workflow for deploying Jenkins into test account
- Loading branch information
1 parent
01cf48c
commit b93701b
Showing
2 changed files
with
184 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,183 @@ | ||
name: Jenkins Deployment Test | ||
|
||
env: | ||
TF_VAR_fully_qualified_domain_name: ${{ secrets.CI_FULLY_QUALIFIED_DOMAIN_NAME }} | ||
STATE_BUCKET_NAME: ${{ secrets.TF_REMOTE_STATE_BUCKET_NAME }} | ||
|
||
# Triggers on any changes to modules/jenkins | ||
on: | ||
pull_request: # change to pull_request before publish | ||
paths: | ||
- 'modules/jenkins/**' | ||
# - '.github/workflows/**' | ||
workflow_dispatch: | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
issues: write | ||
|
||
jobs: | ||
# Plan: Generates a tf plan of the deployment and posts it as a comment in the triggering PR | ||
plan: | ||
runs-on: ubuntu-latest | ||
environment: aws-ci | ||
defaults: | ||
run: | ||
working-directory: modules/jenkins/examples/complete | ||
steps: | ||
# Retrieve necessary AWS permissions | ||
- name: configure aws credentials | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.AWS_REGION }} | ||
# Checkout Repository | ||
- name: Checkout Git Repository | ||
uses: actions/[email protected] | ||
with: | ||
ref: ${{ github.ref }} | ||
# Install Terraform | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
terraform_version: 1.6.3 | ||
# Inject remote state block | ||
# This is required to enable remote state | ||
- name: Inject Remote State | ||
run: | | ||
cat > backend.tf << EOF | ||
terraform { | ||
backend "s3" { | ||
} | ||
} | ||
# Initialize S3 remote state | ||
# The triggering commit hash is used as the key of the remote state | ||
- name: Terraform init | ||
id: init | ||
run: | | ||
terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | ||
# Generate tf plan | ||
- name: Terraform plan | ||
id: plan | ||
run: | | ||
terraform plan -no-color | ||
# Post the tf plan as a comment in the triggering PR | ||
- name: Update Pull Request | ||
uses: actions/github-script@v7 | ||
with: | ||
github-token: ${{ secrets.BOT_PAT }} | ||
script: | | ||
const output = #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | ||
<details><summary>Show Plan</summary> | ||
\`\`\`\n | ||
${{ steps.plan.outputs.stdout }} | ||
\`\`\` | ||
</details> | ||
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: output | ||
}) | ||
# Deploy: After manual approval, deploys the solution to the designated AWS account | ||
deploy: | ||
needs: [ plan ] | ||
environment: aws-ci | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: modules/jenkins/examples/complete | ||
steps: | ||
# Checkout Repository | ||
- name: Checkout Git Repository | ||
uses: actions/[email protected] | ||
with: | ||
ref: ${{ github.ref }} | ||
# Retrieve necessary AWS permissions | ||
- name: configure aws credentials | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.AWS_REGION }} | ||
# Install Terraform | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
terraform_version: 1.6.3 | ||
# Inject remote state block | ||
# This is required to enable remote state | ||
- name: Inject Remote State | ||
run: | | ||
cat > backend.tf << EOF | ||
terraform { | ||
backend "s3" { | ||
} | ||
} | ||
# Initialize S3 remote state | ||
# The triggering commit hash is used as the key of the remote state | ||
- name: Terraform init | ||
id: init | ||
run: | | ||
terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | ||
# Deploys the solution | ||
- name: Terraform apply | ||
run: | | ||
terraform apply -auto-approve | ||
# Destroy: After manual approval, destroy the solution in the designated AWS account | ||
destroy: | ||
needs: [ deploy ] | ||
runs-on: ubuntu-latest | ||
environment: aws-ci | ||
defaults: | ||
run: | ||
working-directory: modules/jenkins/examples/complete | ||
steps: | ||
# Checkout Repository | ||
- name: Checkout Git Repository | ||
uses: actions/[email protected] | ||
with: | ||
ref: ${{ github.ref }} | ||
# Retrieve necessary AWS permissions | ||
- name: configure aws credentials | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.AWS_REGION }} | ||
# Install Terraform | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
terraform_version: 1.6.3 | ||
# Inject remote state block | ||
# This is required to enable remote state | ||
- name: Inject Remote State | ||
run: | | ||
cat > backend.tf << EOF | ||
terraform { | ||
backend "s3" { | ||
} | ||
} | ||
# Initialize S3 remote state | ||
# The triggering commit hash is used as the key of the remote state | ||
- name: Terraform init | ||
id: init | ||
run: | | ||
terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | ||
# Destroys the solution | ||
- name: Terraform Destroy | ||
run: | | ||
terraform destroy -auto-approve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,7 +4,7 @@ terraform { | |
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "5.66.0" | ||
version = "5.69.0" | ||
} | ||
} | ||
} |