Skip to content

remove hotpatching for hotpatching instance, update ldap #1404

remove hotpatching for hotpatching instance, update ldap

remove hotpatching for hotpatching instance, update ldap #1404

Workflow file for this run

name: Lab Pipeline
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches: ["main"]
paths-ignore:
- '**/**.md'
- '**/**.png'
pull_request:
branches: ["main"]
paths-ignore:
- '**/**.md'
- '**/**.png'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# jobs for Argo, Active Directory, BIG-IP, F5XC, GoDaddy, Kubernetes, and NGINX
jobs:
Active-Directory-Terraform-Infrastructure:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure]
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
TF_VAR_active-directory-username: ${{ secrets.ACTIVE_DIRECTORY_USER }}
TF_VAR_active-directory-password: ${{ secrets.ACTIVE_DIRECTORY_PASSWORD }}
# Where are the Terraform files
defaults:
run:
working-directory: services/active-directory/terraform/infrastructure
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform Active-Directory-Terraform-Infrastructure fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform Active-Directory-Terraform-Infrastructure Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform Active-Directory-Terraform-Infrastructure Validate
id: validate
run: terraform validate -no-color
- name: Terraform Active-Directory-Terraform-Infrastructure Apply
id: apply
run: terraform apply --auto-approve
########################################################################################################
Argo-Terraform-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, Kubernetes-Terraform-Configuration]
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
# Where are the Terraform files
defaults:
run:
working-directory: services/argo/terraform
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- name: Azure login
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.AZURE_APPID }}","clientSecret":"${{ secrets.AZURE_PASSWORD }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION }}","tenantId":"${{ secrets.AZURE_TENANT }}"}'
- name: Azure Kubernetes Context
id: set-context
uses: azure/aks-set-context@v3
with:
resource-group: '${{ secrets.AZURE_AKS_RG }}'
cluster-name: '${{ secrets.AZURE_AKS_NAME }}'
- name: Setup kubectl
id: install-kubectl
uses: azure/setup-kubectl@v3
- name: HashiCorp Terraform Setup
uses: hashicorp/setup-terraform@v2
- name: Terraform Argo-Terraform-Configuration fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform Argo-Terraform-Configuration Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform Argo-Terraform-Configuration Validate
id: validate
run: terraform validate -no-color
- name: Terraform Argo-Terraform-Configuration Apply
id: apply
run: terraform apply --auto-approve
########################################################################################################
BIG-IP-Resources-Available:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, BIG-IP-Terraform-Infrastructure]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: cURL ipify.org
run: curl 'https://api.ipify.org?format=json'
- name: cURL BIG-IP
run: curl --max-time 10 -u ${{ secrets.BIGIP_USER }}:${{ secrets.BIGIP_PASSWORD }} -X GET -k https://${{ secrets.BIGIP_HOSTNAME }}/mgmt/tm/sys/ready/
BIG-IP-Ansible-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, BIG-IP-Resources-Available]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- name: Install PIP
run: sudo apt-get install -y python3-pip
- name: Install apt-get dependencies
run: sudo pip3 install jmespath
- name: Setup ansible
run: |
ansible --version
pipx inject ansible-core jmespath
- name: Working directory
run: pwd
# - name: Run ansible-lint
# # replace `main` with any valid ref, or tags like `v6`
# uses: ansible-community/ansible-lint-action@main
# # optional:
# with:
# path: "/home/runner/work/lab/lab/big-ip/ansible/configuration/playbooks/" # <-- only one value is allowed
- name: Run Ansible Playbooks
uses: dawidd6/action-ansible-playbook@v2
with:
# Optional, additional flags to pass to ansible-playbook
options: |
--extra-vars "@../defaults/main.yaml"
--extra-vars "BIGIPhost01=${{ secrets.BIGIP_HOSTNAME }}"
--extra-vars "BIGIPadminUsername=${{ secrets.BIGIP_USER }}"
--extra-vars "BIGIPadminPassword=${{ secrets.BIGIP_PASSWORD }}"
--extra-vars "BIGIPAKSUsername=${{ secrets.BIGIP_AKS_USER }}"
--extra-vars "BIGIPAKSPassword=${{ secrets.BIGIP_AKS_PASSWORD }}"
--extra-vars "otel_host=${{ secrets.OTEL_HOST }}"
--extra-vars "otel_token=${{ secrets.OTEL_TOKEN }}"
# --verbose -vvvv
# Required, playbook filepath
playbook: "big-ip-playbook.yaml"
# Optional, directory where playbooks live
directory: "./big-ip/ansible/configuration/playbooks"
BIG-IP-Terraform-Infrastructure:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Active-Directory-Terraform-Infrastructure]
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
BIGIP_USER: ${{ secrets.BIGIP_USER }}
BIGIP_PASSWORD: ${{ secrets.BIGIP_PASSWORD }}
TF_VAR_allowed_ips: ${{ secrets.ALLOWED_IPS }}
TF_VAR_big-ip-username: ${{ secrets.BIGIP_USER }}
TF_VAR_big-ip-password: ${{ secrets.BIGIP_PASSWORD }}
# Where are the Terraform files
defaults:
run:
working-directory: big-ip/terraform/infrastructure
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform BIG-IP-Terraform-Infrastructure fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform BIG-IP-Terraform-Infrastructure Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform BIG-IP-Terraform-Infrastructure Validate
id: validate
run: terraform validate -no-color
- name: Terraform BIG-IP-Terraform-Infrastructure Apply
id: apply
run: terraform apply --auto-approve
BIG-IP-Terraform-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, BIG-IP-Ansible-Configuration]
# Environment Variables
env:
BIGIP_USER: ${{ secrets.BIGIP_USER }}
BIGIP_PASSWORD: ${{ secrets.BIGIP_PASSWORD }}
BIGIP_HOST: ${{ secrets.BIGIP_HOSTNAME }}
TF_VAR_ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
TF_VAR_ad_service_ldap_password: ${{ secrets.AD_SERVICE_LDAP_PASSWORD }}
# Where are the Terraform files
defaults:
run:
working-directory: big-ip/terraform/configuration
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform BIG-IP-Terraform-Configuration fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform BIG-IP-Terraform-Configuration Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform BIG-IP-Terraform-Configuration Validate
id: validate
run: terraform validate -no-color
- name: Terraform BIG-IP-Terraform-Configuration Apply
id: apply
run: terraform apply --auto-approve
########################################################################################################
F5XC-Resources-Available:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- name: cURL ipify.org
run: curl 'https://api.ipify.org?format=json'
- name: cURL F5XC
run: curl --max-time 10 --cert-type P12 --cert certs/${{ secrets.VES_HOSTNAME }}.api-creds.p12:${{ secrets.VES_P12_PASSWORD }} -X GET https://${{ secrets.VES_HOSTNAME }}/api/web/namespaces/j-calalang
F5XC-Terraform-Infrastructure:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, F5XC-Resources-Available]
# Environment Variables
env:
TF_VAR_f5xc-cloud-credential: ${{ secrets.F5XC_CLOUD_CREDENTIAL }}
TF_VAR_f5xc-customer-edge-ssh-key: ${{ secrets.F5XC_CUSTOMER_EDGE_SSH_KEY }}
VES_P12_PASSWORD: ${{ secrets.VES_P12_PASSWORD }}
# Where are the Terraform files
defaults:
run:
working-directory: distributed-cloud/terraform/infrastructure
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform F5XC-Terraform fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform F5XC-Terraform Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform F5XC-Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform F5XC-Terraform Apply
id: apply
run: terraform apply --auto-approve
F5XC-Terraform-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, F5XC-Resources-Available, F5XC-Terraform-Infrastructure]
# Environment Variables
env:
TF_VAR_jwk-calalang-net: ${{ secrets.JWK_CALALANG_NET }}
TF_VAR_wildcard-calalang-net-certificate: ${{ secrets.CALALANG_NET_CERT }}
TF_VAR_wildcard-calalang-net-key: ${{ secrets.CALALANG_NET_KEY }}
VES_P12_PASSWORD: ${{ secrets.VES_P12_PASSWORD }}
# Where are the Terraform files
defaults:
run:
working-directory: distributed-cloud/terraform/configuration
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform F5XC-Terraform fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform F5XC-Terraform Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform F5XC-Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform F5XC-Terraform Apply
id: apply
run: terraform apply --auto-approve
########################################################################################################
GoDaddy-Terraform-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
# Environment Variables
env:
GODADDY_API_KEY: ${{ secrets.GODADDY_API_KEY }}
GODADDY_API_SECRET: ${{ secrets.GODADDY_API_SECRET }}
# Where are the Terraform files
defaults:
run:
working-directory: godaddy/terraform/
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform GoDaddy-Terraform fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform GoDaddy-Terraform Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform GoDaddy-Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform GoDaddy-Terraform Apply
id: apply
run: terraform apply --auto-approve
########################################################################################################
Kubernetes-Terraform-Infrastructure:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure]
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
# Where are the Terraform files
defaults:
run:
working-directory: kubernetes/terraform/infrastructure
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- name: HashiCorp Terraform Setup
uses: hashicorp/setup-terraform@v2
- name: Terraform Kubernetes-Terraform-Infrastructure fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform Kubernetes-Terraform-Infrastructure Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform Kubernetes-Terraform-Infrastructure Validate
id: validate
run: terraform validate -no-color
- name: Terraform Kubernetes-Terraform-Infrastructure Apply
id: apply
run: terraform apply --auto-approve
Kubernetes-Terraform-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, Kubernetes-Terraform-Infrastructure]
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
TF_VAR_f5xc_site_token: ${{ secrets.F5XC_SITE_TOKEN }}
TF_VAR_nginx_repo_jwt: ${{ secrets.NGINX_REPO_JWT }}
TF_VAR_bigip_aks_username: ${{ secrets.BIGIP_AKS_USER }}
TF_VAR_bigip_aks_password: ${{ secrets.BIGIP_AKS_PASSWORD }}
TF_VAR_ves_vk8s_context: ${{ secrets.VES_VK8S_CONTEXT }}
TF_VAR_ves_vk8s_client_certificate: ${{ secrets.VES_VK8S_CLIENT_CERTIFICATE }}
TF_VAR_ves_vk8s_client_key: ${{ secrets.VES_VK8S_CLIENT_KEY }}
TF_VAR_ves_vk8s_cluster_ca_certificate: ${{ secrets.VES_VK8S_CLUSTER_CA_CERTIFICATE }}
TF_VAR_ves_vk8s_server: ${{ secrets.VES_VK8S_SERVER }}
# Where are the Terraform files
defaults:
run:
working-directory: kubernetes/terraform/configuration
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- name: Azure login
uses: azure/login@v1
with:
creds: '{"clientId":"${{ secrets.AZURE_APPID }}","clientSecret":"${{ secrets.AZURE_PASSWORD }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION }}","tenantId":"${{ secrets.AZURE_TENANT }}"}'
- name: Azure Kubernetes Context
id: set-context
uses: azure/aks-set-context@v3
with:
resource-group: '${{ secrets.AZURE_AKS_RG }}'
cluster-name: '${{ secrets.AZURE_AKS_NAME }}'
- name: Setup kubectl
id: install-kubectl
uses: azure/setup-kubectl@v3
- name: Add argo-cd charts
id: argo-cd-add
run: helm repo add argo https://argoproj.github.io/argo-helm
continue-on-error: false
- name: Add f5networks charts
id: f5networks-add
run: helm repo add f5-stable https://f5networks.github.io/charts/stable
continue-on-error: false
- name: Add nginxinc charts
id: nginxinc-add
run: helm repo add nginx-stable https://helm.nginx.com/stable
continue-on-error: false
- name: Update charts
id: charts-update
run: helm repo update
continue-on-error: false
- name: HashiCorp Terraform Setup
uses: hashicorp/setup-terraform@v2
- name: Terraform Kubernetes-Terraform-Configuration fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform Kubernetes-Terraform-Configuration Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform Kubernetes-Terraform-Configuration Validate
id: validate
run: terraform validate -no-color
- name: Terraform Kubernetes-Terraform-Configuration Apply
id: apply
run: terraform apply --auto-approve
######################################################################################################
Cloud-Network-Terraform-Infrastructure:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# Where are the Terraform files
defaults:
run:
working-directory: networking/terraform/infrastructure
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform Cloud-Network-Terraform-Infrastructure fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform Cloud-Network-Terraform-Infrastructure Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform Cloud-Network-Terraform-Infrastructure Validate
id: validate
run: terraform validate -no-color
- name: Terraform Cloud-Network-Terraform-Infrastructure Apply
id: apply
run: terraform apply --auto-approve
######################################################################################################
NMS-Resources-Available:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, NGINX-Terraform-Infrastructure]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- name: cURL ipify.org
run: curl 'https://api.ipify.org?format=json'
- name: cURL NMS
run: curl --max-time 10 -u ${{ secrets.NMS_USER}}:${{ secrets.NMS_PASSWORD }} -H "token:${{ secrets.NMS_TOKEN }}" -X GET https://${{ secrets.NMS_HOSTNAME }}/api/platform/v1/instances
NMS-Ansible-Configuration:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Cloud-Network-Terraform-Infrastructure, NMS-Resources-Available]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
- name: Install PIP
run: sudo apt-get install -y python3-pip
- name: Install apt-get dependencies
run: sudo pip3 install jmespath
- name: Setup ansible
run: |
ansible --version
pipx inject ansible-core jmespath
- name: Working directory
run: pwd
# - name: Run ansible-lint
# # replace `main` with any valid ref, or tags like `v6`
# uses: ansible-community/ansible-lint-action@main
# # optional:
# with:
# path: "/home/runner/work/lab/lab/nginx/ansible/configuration/playbooks/" # <-- only one value is allowed
- name: Run Ansible Playbooks
uses: dawidd6/action-ansible-playbook@v2
with:
# Optional, additional flags to pass to ansible-playbook
options: |
--extra-vars "@../defaults/main.yaml"
--extra-vars "NMShost01=${{ secrets.NMS_HOSTNAME }}"
--extra-vars "NMSadminUsername=${{ secrets.NMS_USER}}"
--extra-vars "NMSadminPassword=${{ secrets.NMS_PASSWORD }}"
--extra-vars "NMSToken=${{ secrets.NMS_TOKEN }}"
--extra-vars "NMSinstanceGroup=${{ secrets.NMS_INSTANCE_GROUP }}"
# --verbose -vvvv
# Required, playbook filepath
playbook: "nginx.yaml"
# Optional, directory where playbooks live
directory: "./nginx/ansible/configuration/playbooks"
NGINX-Terraform-Infrastructure:
# The type of runner that the job will run on
runs-on: ubuntu-20.04
needs: [Active-Directory-Terraform-Infrastructure]
# Environment Variables
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_APPID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_PASSWORD }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT }}
TF_VAR_nginx_username: ${{ secrets.NGINX_USER }}
TF_VAR_nginx_password: ${{ secrets.NGINX_PASSWORD }}
# Where are the Terraform files
defaults:
run:
working-directory: nginx/terraform/infrastructure
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- uses: actions/checkout@v3
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.6.3
- name: Terraform NGINX-Terraform-Infrastructure fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Terraform NGINX-Terraform-Infrastructure Init
id: init
run: terraform init -backend-config="hostname=${{ secrets.TF_CLOUD_HOSTNAME }}" -backend-config="organization=${{ secrets.TF_CLOUD_ORGANIZATION }}" -backend-config="token=${{ secrets.TF_CLOUD_TOKEN }}"
- name: Terraform NGINX-Terraform-Infrastructure Validate
id: validate
run: terraform validate -no-color
- name: Terraform NGINX-Terraform-Infrastructure Apply
id: apply
run: terraform apply --auto-approve