Skip to content

Installs terraform explicitly in build workflow #765

Installs terraform explicitly in build workflow

Installs terraform explicitly in build workflow #765

Workflow file for this run

name: tardigrade terraform network mirror builder
on:
# Run on demand
workflow_dispatch:
# Run pull requests against the main branch
pull_request:
branches: [main]
paths:
- 'Dockerfile.tools'
- '.github/workflows/build.yml'
- '.github/workflows/dependabot_hack.yml'
- 'providers/versions.tf'
# Run when a release is created
release:
types: [released]
permissions:
id-token: write
concurrency:
group: ${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
BuildMirror:
name: build-mirror
runs-on: ubuntu-latest
env:
AWS_DEFAULT_REGION: us-east-1
MIRROR_ENDPOINT: https://hashicorp-mirror.cloudarmor.io
MIRROR_BUCKET: p3-hashicorp-mirror
REPO_PATH: .mirror/repo
steps:
- name: Maximize build space
run: |
set -xeuo pipefail
echo "Available storage:"
sudo df -h
echo
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo rm -rf /usr/local/share/boost
sudo rm -rf "$AGENT_TOOLSDIRECTORY"
sudo apt-get remove -y '^aspnetcore-.*' > /dev/null
sudo apt-get remove -y '^dotnet-.*' > /dev/null
sudo apt-get remove -y '^llvm-.*' > /dev/null
sudo apt-get remove -y 'php.*' > /dev/null
sudo apt-get remove -y '^mongodb-.*' > /dev/null
sudo apt-get remove -y '^mysql-.*' > /dev/null
sudo apt-get remove -y azure-cli google-chrome-stable firefox mono-devel libgl1-mesa-dri --fix-missing > /dev/null
sudo apt-get autoremove -y > /dev/null
sudo apt-get clean > /dev/null
sudo docker image prune --all --force > /dev/null
echo "Available storage:"
sudo df -h
echo
- name: Clone this git repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Install aws-cli
uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367
- name: Download repo tools
run: |
make download-all
- name: configure aws credentials
if: github.event_name != 'pull_request'
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Validate credential
if: github.event_name != 'pull_request'
run: aws sts get-caller-identity
- name: Push repo tools to s3 bucket
if: github.event_name != 'pull_request'
run: |
aws s3 cp ./${{ env.REPO_PATH }}/ s3://${{ env.MIRROR_BUCKET }}/repo/ --recursive
- name: Retrieve current terraform mirror
if: github.event_name != 'pull_request'
run: |
mkdir -p ./${{ env.REPO_PATH }}/terraform-registry
aws s3 sync --no-sign-request --exact-timestamps --endpoint-url ${{ env.MIRROR_ENDPOINT }} s3://${{ env.MIRROR_BUCKET }}/repo/terraform-registry/ ./${{ env.REPO_PATH }}/terraform-registry/
- name: Install terraform binary
run: |
make terraform/install
- name: Create Terraform registry
run: |
${HOME}/bin/terraform -chdir=./providers/ providers mirror \
-platform=linux_amd64 \
-platform=linux_arm64 \
-platform=windows_amd64 \
-platform=darwin_amd64 \
../${{ env.REPO_PATH }}/terraform-registry/
- name: Verify local terraform mirror
run: |
PWD=$(pwd)
cat << EOF > "$HOME/.terraformrc"
provider_installation {
filesystem_mirror {
path = "$PWD/${{ env.REPO_PATH }}/terraform-registry/"
}
}
EOF
${HOME}/bin/terraform -chdir=./providers/ init
- name: Push mirror to s3 bucket
if: github.event_name != 'pull_request'
run: |
aws s3 sync ./${{ env.REPO_PATH }}/terraform-registry/ s3://${{ env.MIRROR_BUCKET }}/repo/terraform-registry/
- name: Create cloudfront cache invalidation
if: github.event_name != 'pull_request'
run: |
aws cloudfront create-invalidation --distribution-id ${{ secrets.HASHICORP_MIRROR_DISTRIBUTION }} --paths "/repo/*"