Merge pull request #22 from domain-protect/dependabot/github_actions/… #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Domain Protect GCP | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
env: | |
TF_VAR_project: ${{ secrets.PROJECT }} | |
TF_VAR_app_service_region: ${{ secrets.APP_SERVICE_REGION }} | |
TF_VAR_slack_channels: ${{ secrets.SLACK_CHANNELS }} | |
TF_VAR_slack_channels_dev: ${{ secrets.SLACK_CHANNELS_DEV }} | |
TF_VAR_slack_webhook_urls: ${{ secrets.SLACK_WEBHOOK_URLS }} | |
jobs: | |
terraform_plan_apply_dev: | |
name: Terraform plan & apply dev | |
environment: 'dev' | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
checks: write | |
steps: | |
- name: Terraform setup | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: 1.4.6 | |
- name: checkout Domain Protect GCP | |
uses: actions/checkout@v4 | |
with: | |
repository: domain-protect/domain-protect-gcp | |
ref: refs/heads/main | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install virtualenv | |
run: pip install virtualenv | |
- name: Configure GCP Credentials | |
id: auth | |
uses: google-github-actions/auth@v2.1.7 | |
with: | |
create_credentials_file: 'true' | |
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER}} | |
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
- name: Test Google cloud login | |
run: |- | |
gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}" | |
gcloud config set project $TF_VAR_project | |
gcloud config list | |
- name: Set GOOGLE_APPLICATION_CREDENTIALS environment variable | |
run: | | |
credentials_file_path="${{ steps.auth.outputs.credentials_file_path }}" | |
echo "credentials_file_path=$GOOGLE_APPLICATION_CREDENTIALS" >> $GITHUB_ENV | |
- name: Terraform initialise | |
run: | | |
export GOOGLE_APPLICATION_CREDENTIALS="${{ steps.auth.outputs.credentials_file_path }}" | |
terraform init \ | |
-backend-config=bucket=${{ secrets.TERRAFORM_STATE_BUCKET}} \ | |
-backend-config=prefix=${{ secrets.TERRAFORM_STATE_PREFIX}} | |
- name: set Terraform dev workspace | |
run: | | |
export GOOGLE_APPLICATION_CREDENTIALS="${{ steps.auth.outputs.credentials_file_path }}" | |
terraform workspace list > list.txt | |
if grep "dev" list.txt | |
then | |
terraform workspace select dev | |
else | |
echo "creating dev terraform workspace" | |
terraform workspace new dev | |
fi | |
- name: terraform plan dev | |
run: | | |
export GOOGLE_APPLICATION_CREDENTIALS="${{ steps.auth.outputs.credentials_file_path }}" | |
terraform plan -out tfplan | |
- name: terraform apply dev | |
run: | | |
export GOOGLE_APPLICATION_CREDENTIALS="${{ steps.auth.outputs.credentials_file_path }}" | |
terraform apply -auto-approve tfplan | |
terraform_plan_prd: | |
name: Terraform plan prd | |
environment: 'prd' | |
runs-on: ubuntu-latest | |
needs: terraform_plan_apply_dev | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
checks: write | |
steps: | |
- name: Terraform setup | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: 1.4.6 | |
- name: checkout Domain Protect | |
uses: actions/checkout@v4 | |
with: | |
repository: domain-protect/domain-protect-gcp | |
ref: refs/heads/main | |
- name: Configure GCP Credentials | |
id: auth | |
uses: google-github-actions/auth@v2.1.7 | |
with: | |
create_credentials_file: 'true' | |
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER}} | |
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
- name: Test Google cloud login | |
run: |- | |
gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}" | |
gcloud config set project $TF_VAR_project | |
gcloud config list | |
- name: Set GOOGLE_APPLICATION_CREDENTIALS environment variable | |
run: | | |
credentials_file_path="${{ steps.auth.outputs.credentials_file_path }}" | |
echo "credentials_file_path=$GOOGLE_APPLICATION_CREDENTIALS" >> $GITHUB_ENV | |
- name: Terraform initialise | |
run: | | |
export GOOGLE_APPLICATION_CREDENTIALS="${{ steps.auth.outputs.credentials_file_path }}" | |
terraform init \ | |
-backend-config=bucket=${{ secrets.TERRAFORM_STATE_BUCKET}} \ | |
-backend-config=prefix=${{ secrets.TERRAFORM_STATE_PREFIX}} | |
- name: set Terraform prd workspace | |
run: | | |
terraform workspace list > list.txt | |
if grep "prd" list.txt | |
then | |
terraform workspace select prd | |
else | |
echo "creating prd terraform workspace" | |
terraform workspace new prd | |
fi | |
- name: create artifact folder | |
run: mkdir -p output/prd | |
- name: terraform plan prd | |
run: terraform plan -out=output/prd/tfplan | |
- name: Archive prd terraform plan | |
uses: actions/upload-artifact@v4 | |
with: | |
name: terraform-plan-prd | |
path: output/prd/tfplan | |
terraform_apply_prd: | |
name: Terraform apply prd | |
environment: 'prd' | |
runs-on: ubuntu-latest | |
needs: terraform_plan_prd | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
checks: write | |
steps: | |
- name: Terraform setup | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: 1.4.6 | |
- name: checkout Domain Protect | |
uses: actions/checkout@v4 | |
with: | |
repository: domain-protect/domain-protect-gcp | |
ref: refs/heads/main | |
- name: Set up Python 3.11 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install virtualenv | |
run: pip install virtualenv | |
- name: Configure GCP Credentials | |
id: auth | |
uses: google-github-actions/auth@v2.1.7 | |
with: | |
create_credentials_file: 'true' | |
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER}} | |
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
- name: Test Google cloud login | |
run: |- | |
gcloud auth login --brief --cred-file="${{ steps.auth.outputs.credentials_file_path }}" | |
gcloud config set project $TF_VAR_project | |
gcloud config list | |
- name: Set GOOGLE_APPLICATION_CREDENTIALS environment variable | |
run: | | |
credentials_file_path="${{ steps.auth.outputs.credentials_file_path }}" | |
echo "credentials_file_path=$GOOGLE_APPLICATION_CREDENTIALS" >> $GITHUB_ENV | |
- name: Terraform initialise | |
run: | | |
export GOOGLE_APPLICATION_CREDENTIALS="${{ steps.auth.outputs.credentials_file_path }}" | |
terraform init \ | |
-backend-config=bucket=${{ secrets.TERRAFORM_STATE_BUCKET}} \ | |
-backend-config=prefix=${{ secrets.TERRAFORM_STATE_PREFIX}} | |
- name: set Terraform prd workspace | |
run: terraform workspace select prd | |
- name: Download prd terraform plan | |
uses: actions/download-artifact@v4 | |
with: | |
name: terraform-plan-prd | |
- name: terraform apply prd | |
run: terraform apply -auto-approve tfplan |