remove hotpatching for hotpatching instance, update ldap #1404
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lab Pipeline | |
# Controls when the workflow will run | |
on: | |
# Triggers the workflow on push or pull request events but only for the "main" branch | |
push: | |
branches: ["main"] | |
paths-ignore: | |
- '**/**.md' | |
- '**/**.png' | |
pull_request: | |
branches: ["main"] | |
paths-ignore: | |
- '**/**.md' | |
- '**/**.png' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
# jobs for Argo, Active Directory, BIG-IP, F5XC, GoDaddy, Kubernetes, and NGINX | |
jobs: | |
Active-Directory-Terraform-Infrastructure: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure] | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
TF_VAR_active-directory-username: ${{ secrets.ACTIVE_DIRECTORY_USER }} | |
TF_VAR_active-directory-password: ${{ secrets.ACTIVE_DIRECTORY_PASSWORD }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: services/active-directory/terraform/infrastructure | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform Active-Directory-Terraform-Infrastructure fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform Active-Directory-Terraform-Infrastructure Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform Active-Directory-Terraform-Infrastructure Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform Active-Directory-Terraform-Infrastructure Apply | |
id: apply | |
run: terraform apply --auto-approve | |
######################################################################################################## | |
Argo-Terraform-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, Kubernetes-Terraform-Configuration] | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: services/argo/terraform | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Azure login | |
uses: azure/login@v1 | |
with: | |
creds: '{"clientId":"${{ secrets.AZURE_APPID }}","clientSecret":"${{ secrets.AZURE_PASSWORD }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION }}","tenantId":"${{ secrets.AZURE_TENANT }}"}' | |
- name: Azure Kubernetes Context | |
id: set-context | |
uses: azure/aks-set-context@v3 | |
with: | |
resource-group: '${{ secrets.AZURE_AKS_RG }}' | |
cluster-name: '${{ secrets.AZURE_AKS_NAME }}' | |
- name: Setup kubectl | |
id: install-kubectl | |
uses: azure/setup-kubectl@v3 | |
- name: HashiCorp Terraform Setup | |
uses: hashicorp/setup-terraform@v2 | |
- name: Terraform Argo-Terraform-Configuration fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform Argo-Terraform-Configuration Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform Argo-Terraform-Configuration Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform Argo-Terraform-Configuration Apply | |
id: apply | |
run: terraform apply --auto-approve | |
######################################################################################################## | |
BIG-IP-Resources-Available: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, BIG-IP-Terraform-Infrastructure] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- name: cURL ipify.org | |
run: curl 'https://api.ipify.org?format=json' | |
- name: cURL BIG-IP | |
run: curl --max-time 10 -u ${{ secrets.BIGIP_USER }}:${{ secrets.BIGIP_PASSWORD }} -X GET -k https://${{ secrets.BIGIP_HOSTNAME }}/mgmt/tm/sys/ready/ | |
BIG-IP-Ansible-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, BIG-IP-Resources-Available] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- name: Install PIP | |
run: sudo apt-get install -y python3-pip | |
- name: Install apt-get dependencies | |
run: sudo pip3 install jmespath | |
- name: Setup ansible | |
run: | | |
ansible --version | |
pipx inject ansible-core jmespath | |
- name: Working directory | |
run: pwd | |
# - name: Run ansible-lint | |
# # replace `main` with any valid ref, or tags like `v6` | |
# uses: ansible-community/ansible-lint-action@main | |
# # optional: | |
# with: | |
# path: "/home/runner/work/lab/lab/big-ip/ansible/configuration/playbooks/" # <-- only one value is allowed | |
- name: Run Ansible Playbooks | |
uses: dawidd6/action-ansible-playbook@v2 | |
with: | |
# Optional, additional flags to pass to ansible-playbook | |
options: | | |
--extra-vars "@../defaults/main.yaml" | |
--extra-vars "BIGIPhost01=${{ secrets.BIGIP_HOSTNAME }}" | |
--extra-vars "BIGIPadminUsername=${{ secrets.BIGIP_USER }}" | |
--extra-vars "BIGIPadminPassword=${{ secrets.BIGIP_PASSWORD }}" | |
--extra-vars "BIGIPAKSUsername=${{ secrets.BIGIP_AKS_USER }}" | |
--extra-vars "BIGIPAKSPassword=${{ secrets.BIGIP_AKS_PASSWORD }}" | |
--extra-vars "otel_host=${{ secrets.OTEL_HOST }}" | |
--extra-vars "otel_token=${{ secrets.OTEL_TOKEN }}" | |
# --verbose -vvvv | |
# Required, playbook filepath | |
playbook: "big-ip-playbook.yaml" | |
# Optional, directory where playbooks live | |
directory: "./big-ip/ansible/configuration/playbooks" | |
BIG-IP-Terraform-Infrastructure: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Active-Directory-Terraform-Infrastructure] | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
BIGIP_USER: ${{ secrets.BIGIP_USER }} | |
BIGIP_PASSWORD: ${{ secrets.BIGIP_PASSWORD }} | |
TF_VAR_allowed_ips: ${{ secrets.ALLOWED_IPS }} | |
TF_VAR_big-ip-username: ${{ secrets.BIGIP_USER }} | |
TF_VAR_big-ip-password: ${{ secrets.BIGIP_PASSWORD }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: big-ip/terraform/infrastructure | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform BIG-IP-Terraform-Infrastructure fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform BIG-IP-Terraform-Infrastructure Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform BIG-IP-Terraform-Infrastructure Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform BIG-IP-Terraform-Infrastructure Apply | |
id: apply | |
run: terraform apply --auto-approve | |
BIG-IP-Terraform-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, BIG-IP-Ansible-Configuration] | |
# Environment Variables | |
env: | |
BIGIP_USER: ${{ secrets.BIGIP_USER }} | |
BIGIP_PASSWORD: ${{ secrets.BIGIP_PASSWORD }} | |
BIGIP_HOST: ${{ secrets.BIGIP_HOSTNAME }} | |
TF_VAR_ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
TF_VAR_ad_service_ldap_password: ${{ secrets.AD_SERVICE_LDAP_PASSWORD }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: big-ip/terraform/configuration | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform BIG-IP-Terraform-Configuration fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform BIG-IP-Terraform-Configuration Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform BIG-IP-Terraform-Configuration Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform BIG-IP-Terraform-Configuration Apply | |
id: apply | |
run: terraform apply --auto-approve | |
######################################################################################################## | |
F5XC-Resources-Available: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- name: cURL ipify.org | |
run: curl 'https://api.ipify.org?format=json' | |
- name: cURL F5XC | |
run: curl --max-time 10 --cert-type P12 --cert certs/${{ secrets.VES_HOSTNAME }}.api-creds.p12:${{ secrets.VES_P12_PASSWORD }} -X GET https://${{ secrets.VES_HOSTNAME }}/api/web/namespaces/j-calalang | |
F5XC-Terraform-Infrastructure: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, F5XC-Resources-Available] | |
# Environment Variables | |
env: | |
TF_VAR_f5xc-cloud-credential: ${{ secrets.F5XC_CLOUD_CREDENTIAL }} | |
TF_VAR_f5xc-customer-edge-ssh-key: ${{ secrets.F5XC_CUSTOMER_EDGE_SSH_KEY }} | |
VES_P12_PASSWORD: ${{ secrets.VES_P12_PASSWORD }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: distributed-cloud/terraform/infrastructure | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform F5XC-Terraform fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform F5XC-Terraform Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform F5XC-Terraform Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform F5XC-Terraform Apply | |
id: apply | |
run: terraform apply --auto-approve | |
F5XC-Terraform-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, F5XC-Resources-Available, F5XC-Terraform-Infrastructure] | |
# Environment Variables | |
env: | |
TF_VAR_jwk-calalang-net: ${{ secrets.JWK_CALALANG_NET }} | |
TF_VAR_wildcard-calalang-net-certificate: ${{ secrets.CALALANG_NET_CERT }} | |
TF_VAR_wildcard-calalang-net-key: ${{ secrets.CALALANG_NET_KEY }} | |
VES_P12_PASSWORD: ${{ secrets.VES_P12_PASSWORD }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: distributed-cloud/terraform/configuration | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform F5XC-Terraform fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform F5XC-Terraform Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform F5XC-Terraform Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform F5XC-Terraform Apply | |
id: apply | |
run: terraform apply --auto-approve | |
######################################################################################################## | |
GoDaddy-Terraform-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
# Environment Variables | |
env: | |
GODADDY_API_KEY: ${{ secrets.GODADDY_API_KEY }} | |
GODADDY_API_SECRET: ${{ secrets.GODADDY_API_SECRET }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: godaddy/terraform/ | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform GoDaddy-Terraform fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform GoDaddy-Terraform Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform GoDaddy-Terraform Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform GoDaddy-Terraform Apply | |
id: apply | |
run: terraform apply --auto-approve | |
######################################################################################################## | |
Kubernetes-Terraform-Infrastructure: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure] | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: kubernetes/terraform/infrastructure | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- name: HashiCorp Terraform Setup | |
uses: hashicorp/setup-terraform@v2 | |
- name: Terraform Kubernetes-Terraform-Infrastructure fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform Kubernetes-Terraform-Infrastructure Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform Kubernetes-Terraform-Infrastructure Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform Kubernetes-Terraform-Infrastructure Apply | |
id: apply | |
run: terraform apply --auto-approve | |
Kubernetes-Terraform-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, Kubernetes-Terraform-Infrastructure] | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
TF_VAR_f5xc_site_token: ${{ secrets.F5XC_SITE_TOKEN }} | |
TF_VAR_nginx_repo_jwt: ${{ secrets.NGINX_REPO_JWT }} | |
TF_VAR_bigip_aks_username: ${{ secrets.BIGIP_AKS_USER }} | |
TF_VAR_bigip_aks_password: ${{ secrets.BIGIP_AKS_PASSWORD }} | |
TF_VAR_ves_vk8s_context: ${{ secrets.VES_VK8S_CONTEXT }} | |
TF_VAR_ves_vk8s_client_certificate: ${{ secrets.VES_VK8S_CLIENT_CERTIFICATE }} | |
TF_VAR_ves_vk8s_client_key: ${{ secrets.VES_VK8S_CLIENT_KEY }} | |
TF_VAR_ves_vk8s_cluster_ca_certificate: ${{ secrets.VES_VK8S_CLUSTER_CA_CERTIFICATE }} | |
TF_VAR_ves_vk8s_server: ${{ secrets.VES_VK8S_SERVER }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: kubernetes/terraform/configuration | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Azure login | |
uses: azure/login@v1 | |
with: | |
creds: '{"clientId":"${{ secrets.AZURE_APPID }}","clientSecret":"${{ secrets.AZURE_PASSWORD }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION }}","tenantId":"${{ secrets.AZURE_TENANT }}"}' | |
- name: Azure Kubernetes Context | |
id: set-context | |
uses: azure/aks-set-context@v3 | |
with: | |
resource-group: '${{ secrets.AZURE_AKS_RG }}' | |
cluster-name: '${{ secrets.AZURE_AKS_NAME }}' | |
- name: Setup kubectl | |
id: install-kubectl | |
uses: azure/setup-kubectl@v3 | |
- name: Add argo-cd charts | |
id: argo-cd-add | |
run: helm repo add argo https://argoproj.github.io/argo-helm | |
continue-on-error: false | |
- name: Add f5networks charts | |
id: f5networks-add | |
run: helm repo add f5-stable https://f5networks.github.io/charts/stable | |
continue-on-error: false | |
- name: Add nginxinc charts | |
id: nginxinc-add | |
run: helm repo add nginx-stable https://helm.nginx.com/stable | |
continue-on-error: false | |
- name: Update charts | |
id: charts-update | |
run: helm repo update | |
continue-on-error: false | |
- name: HashiCorp Terraform Setup | |
uses: hashicorp/setup-terraform@v2 | |
- name: Terraform Kubernetes-Terraform-Configuration fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform Kubernetes-Terraform-Configuration Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform Kubernetes-Terraform-Configuration Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform Kubernetes-Terraform-Configuration Apply | |
id: apply | |
run: terraform apply --auto-approve | |
###################################################################################################### | |
Cloud-Network-Terraform-Infrastructure: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: networking/terraform/infrastructure | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform Cloud-Network-Terraform-Infrastructure fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform Cloud-Network-Terraform-Infrastructure Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform Cloud-Network-Terraform-Infrastructure Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform Cloud-Network-Terraform-Infrastructure Apply | |
id: apply | |
run: terraform apply --auto-approve | |
###################################################################################################### | |
NMS-Resources-Available: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, NGINX-Terraform-Infrastructure] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- name: cURL ipify.org | |
run: curl 'https://api.ipify.org?format=json' | |
- name: cURL NMS | |
run: curl --max-time 10 -u ${{ secrets.NMS_USER}}:${{ secrets.NMS_PASSWORD }} -H "token:${{ secrets.NMS_TOKEN }}" -X GET https://${{ secrets.NMS_HOSTNAME }}/api/platform/v1/instances | |
NMS-Ansible-Configuration: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Cloud-Network-Terraform-Infrastructure, NMS-Resources-Available] | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- name: Install PIP | |
run: sudo apt-get install -y python3-pip | |
- name: Install apt-get dependencies | |
run: sudo pip3 install jmespath | |
- name: Setup ansible | |
run: | | |
ansible --version | |
pipx inject ansible-core jmespath | |
- name: Working directory | |
run: pwd | |
# - name: Run ansible-lint | |
# # replace `main` with any valid ref, or tags like `v6` | |
# uses: ansible-community/ansible-lint-action@main | |
# # optional: | |
# with: | |
# path: "/home/runner/work/lab/lab/nginx/ansible/configuration/playbooks/" # <-- only one value is allowed | |
- name: Run Ansible Playbooks | |
uses: dawidd6/action-ansible-playbook@v2 | |
with: | |
# Optional, additional flags to pass to ansible-playbook | |
options: | | |
--extra-vars "@../defaults/main.yaml" | |
--extra-vars "NMShost01=${{ secrets.NMS_HOSTNAME }}" | |
--extra-vars "NMSadminUsername=${{ secrets.NMS_USER}}" | |
--extra-vars "NMSadminPassword=${{ secrets.NMS_PASSWORD }}" | |
--extra-vars "NMSToken=${{ secrets.NMS_TOKEN }}" | |
--extra-vars "NMSinstanceGroup=${{ secrets.NMS_INSTANCE_GROUP }}" | |
# --verbose -vvvv | |
# Required, playbook filepath | |
playbook: "nginx.yaml" | |
# Optional, directory where playbooks live | |
directory: "./nginx/ansible/configuration/playbooks" | |
NGINX-Terraform-Infrastructure: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-20.04 | |
needs: [Active-Directory-Terraform-Infrastructure] | |
# Environment Variables | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }} | |
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }} | |
TF_VAR_nginx_username: ${{ secrets.NGINX_USER }} | |
TF_VAR_nginx_password: ${{ secrets.NGINX_PASSWORD }} | |
# Where are the Terraform files | |
defaults: | |
run: | |
working-directory: nginx/terraform/infrastructure | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.6.3 | |
- name: Terraform NGINX-Terraform-Infrastructure fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Terraform NGINX-Terraform-Infrastructure Init | |
id: init | |
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}" | |
- name: Terraform NGINX-Terraform-Infrastructure Validate | |
id: validate | |
run: terraform validate -no-color | |
- name: Terraform NGINX-Terraform-Infrastructure Apply | |
id: apply | |
run: terraform apply --auto-approve |