Skip to content

Commit

Permalink
fix: terraform destroy data-type and helm --set flag to pass secrets …
Browse files Browse the repository at this point in the history
…and multiple values. (#128)
  • Loading branch information
h1manshu98 authored Mar 11, 2024
1 parent c138c5a commit ae37686
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 30 deletions.
61 changes: 39 additions & 22 deletions .github/workflows/helm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,28 +36,36 @@ on:
required: true
type: string
description: 'Timeout for helm install step in seconds'
default: '120s'
set-parameters:
required: false
type: string
description: 'Overriding the default values'
values-file-path:
required: true
required: false
type: string
description: 'Values file path from helm chart directory'
history-max:
required: true
type: number
description: 'number of revisions stored in the revision history.'
default: 7
namespace:
required: false
type: string
description: 'Boundary for Kubernetes resources'
rollback:
required: false
type: string
type: boolean
description: 'Environment name for rollback'
revision:
required: false
type: number
description: 'If this argument is omitted or set to 0, it will roll back to the previous release.'
uninstall:
required: false
type: boolean
default: false
description: 'Set true to uninstall helmchart'
role-duration-seconds:
required: false
type: number
default: 900
description: 'The assumed role duration in seconds, if assuming a role. Defaults to 1 hour.'
secrets:
AWS_ACCESS_KEY_ID:
description: 'AWS Access Key ID'
Expand All @@ -74,6 +82,9 @@ on:
AZURE_CREDENTIALS:
description: 'Azure Credentilas'
required: false
set-parameters:
required: false
description: 'Overriding the default values using --set flag'
jobs:
helm-action:
runs-on: ubuntu-latest
Expand All @@ -91,7 +102,7 @@ jobs:
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
role-to-assume: ${{ secrets.BUILD_ROLE }}
aws-region: ${{ inputs.aws_region }}
role-duration-seconds: 900
role-duration-seconds: ${{ inputs.role-duration-seconds }}
role-skip-session-tagging: true

- name: Install Azure CLI
Expand All @@ -105,32 +116,38 @@ jobs:
if [ "${{ inputs.provider }}" = "azure" ]; then
az aks get-credentials --resource-group ${{ inputs.resource-group }} --name ${{ inputs.azure-cluster-name }}
else
aws eks --region ${{ inputs.aws-region }} update-kubeconfig --name ${{ inputs.eks-cluster-name }}
aws eks update-kubeconfig --name ${{ inputs.eks-cluster-name }} --region ${{ inputs.aws_region }}
fi
- name: helm lint
if: ${{ inputs.rollback != 'rollback' }}
if: ${{ inputs.rollback != true && inputs.uninstall != true }}
run: |
helm lint ${{ inputs.helm-chart-directory }}
helm lint ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }}
- name: helm template
if: ${{ inputs.rollback != 'rollback' }}
if: ${{ inputs.rollback != true && inputs.uninstall != true }}
run: |
helm template ${{ inputs.helm-chart-directory }}
helm template ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }}
- name: helm install and upgrade2
if: ${{ inputs.rollback != 'rollback' }}
if: ${{ inputs.rollback != true && inputs.uninstall != true }}
run: |
if [ -n "${{ inputs.set-parameters }}" ]; then
helm upgrade --install --atomic --create-namespace --wait --history-max ${{ inputs.history-max }} --debug \
${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} ${{ inputs.set-parameters }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --timeout ${{ inputs.timeout }}
if [ -n "${{ secrets.set-parameters }}" ]; then
helm upgrade --install ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --create-namespace ${{ secrets.set-parameters }} \
--history-max ${{ inputs.history-max }} --atomic --wait --debug --timeout ${{ inputs.timeout }}
else
helm upgrade --install --atomic --create-namespace --wait --history-max ${{ inputs.history-max }} --debug \
${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --timeout ${{ inputs.timeout }}
helm upgrade --install ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --create-namespace \
--history-max ${{ inputs.history-max }} --atomic --wait --debug --timeout ${{ inputs.timeout }}
fi
- name: Rollback Helm Release
if: ${{ inputs.rollback == 'rollback' }}
if: ${{ inputs.rollback == true && inputs.uninstall != true }}
run: |
export HISTORY_COUNT=$(helm history ${{ inputs.release-name }} -n ${{ inputs.namespace }} | head -2 | tail -1 | awk '{print $1}')
helm rollback ${{ inputs.release-name }} -n ${{ inputs.namespace }} ${{ inputs.revision }} --debug || ( echo "Valid revision values can be greater than or equal to $HISTORY_COUNT" && exit 1 )
- name: Uninstall Helm Release
if: ${{ inputs.uninstall == true }}
run: |
helm rollback ${{ inputs.release-name }} -n ${{ inputs.namespace }}
helm uninstall ${{ inputs.release-name }} -n ${{ inputs.namespace }}
...
19 changes: 11 additions & 8 deletions .github/workflows/terraform_workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ on:
provider:
required: true
type: string
default: aws
description: 'Cloud provider to run the workflow. e.g. azurerm, aws, gcp or digitalocean'
aws_region:
required: false
Expand All @@ -26,9 +25,10 @@ on:
type: string
description: 'Terraform var file directory. e.g. vars/dev.tfvars'
destroy:
type: string
required: false
type: boolean
default: false
description: 'you want to destroy infra or not'
description: 'Set true to to destroy terraform infrastructure.'
approvers:
required: false
type: string
Expand Down Expand Up @@ -66,6 +66,9 @@ on:
GCP_CREDENTIALS:
required: false
description: 'The Google Cloud JSON service account key to use for authentication'
DIGITALOCEAN_ACCESS_TOKEN:
required: false
description: 'The DigitalOcean Personal Access Token for Application & API'
env-vars:
required: false
description: 'Pass required environment variables'
Expand Down Expand Up @@ -124,7 +127,7 @@ jobs:
terraform_version: ${{ inputs.terraform_version }}

- name: 'Terraform Format'
if: ${{ inputs.destroy != 'true' }}
if: ${{ inputs.destroy != true }}
id: fmt
uses: 'dflook/terraform-fmt-check@v1'
with:
Expand All @@ -137,7 +140,7 @@ jobs:
terraform init
- name: 'Terraform validate'
if: ${{ inputs.destroy != 'true' }}
if: ${{ inputs.destroy != true }}
id: validate
uses: dflook/terraform-validate@v1
with:
Expand All @@ -148,7 +151,7 @@ jobs:
run: |
export exitcode=0
cd ${{ inputs.working_directory }}
if [ "${{ inputs.destroy }}" = "true" ]; then
if [ "${{ inputs.destroy }}" = true ]; then
if [ -n "${{ inputs.var_file }}" ]; then
terraform plan -destroy -out tfplan --var-file=${{ inputs.var_file }}
else
Expand Down Expand Up @@ -194,7 +197,7 @@ jobs:
issue-title: "Terraform Plan for Infrastructure Update"

- name: terraform apply
if: ${{ inputs.destroy != 'true' }}
if: ${{ inputs.destroy != true }}
run: |
if [ -n "${{ inputs.var_file }}" ]; then
cd ${{ inputs.working_directory }}
Expand All @@ -205,7 +208,7 @@ jobs:
fi
- name: Terraform destroy
if: ${{ inputs.destroy == 'true' }}
if: ${{ inputs.destroy == true }}
id: destroy
run: |
if [ -n "${{ inputs.var_file }}" ]; then
Expand Down

0 comments on commit ae37686

Please sign in to comment.