Merge pull request #105 from kartverket/add_octsts

Add support for platform terraform modules
kartverket · Oct 2, 2024 · a8487d3 · a8487d3
2 parents cc29ebe + 763bdbc
commit a8487d3
Showing 1 changed file with 42 additions and 3 deletions.
diff --git a/.github/workflows/run-terraform.yml b/.github/workflows/run-terraform.yml
@@ -87,6 +87,11 @@ on:
         required: false
         type: string
         default: ""
+      use_platform_modules:
+        description: "An optional boolean which enables the octo sts identity for the terraform-modules repo. Defaults to false"
+        required: false
+        type: boolean
+        default: false
     secrets:
       arm_client_id:
         description: Azure Service Principal Client ID
@@ -156,13 +161,26 @@ jobs:
       WORKLOAD_IDENTITY_PROVIDER: ${{ needs.setup-env.outputs.WORKLOAD_IDENTITY_PROVIDER }}
 
     steps:
+      - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0
+        id: octo-sts
+        if: ${{ inputs.use_platform_modules == true }}
+        with:
+          scope: kartverket/terraform-modules
+          identity: kartverket_repos
+
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: hack for github internal repo access
+        if: ${{ inputs.use_platform_modules == true }}
+        run: git config --global url."https://x-access-token:${{ steps.octo-sts.outputs.token }}@github.com".insteadOf ssh://git@github.com
+
       # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3.1.2
+        with:
+          terraform_version: ${{ inputs.use_platform_modules == true && '1.5.7' || 'latest' }}
 
       - name: Authenticate with Google Cloud
         uses: google-github-actions/auth@v2
@@ -219,6 +237,13 @@ jobs:
       WORKLOAD_IDENTITY_PROVIDER: ${{ needs.setup-env.outputs.workload_identity_provider }}
 
     steps:
+      - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0
+        id: octo-sts
+        if: ${{ inputs.use_platform_modules == true }}
+        with:
+          scope: kartverket/terraform-modules
+          identity: kartverket_repos
+
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout
         uses: actions/checkout@v4
@@ -228,11 +253,15 @@ jobs:
         with:
           node-version: 16
 
+      - name: hack for github internal repo access
+        if: ${{ inputs.use_platform_modules == true }}
+        run: git config --global url."https://x-access-token:${{ steps.octo-sts.outputs.token }}@github.com".insteadOf ssh://git@github.com
+
       # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
       - name: Setup Terraform
-        # Change to v2.1.0 when released. We require the below fix:
-        # https://github.com/hashicorp/setup-terraform/pull/125
         uses: hashicorp/setup-terraform@v3.1.2
+        with:
+          terraform_version: ${{ inputs.use_platform_modules == true && '1.5.7' || 'latest' }}
 
       - name: Authenticate with Google Cloud
         uses: google-github-actions/auth@v2
@@ -483,15 +512,25 @@ jobs:
       WORKLOAD_IDENTITY_PROVIDER: ${{ needs.setup-env.outputs.WORKLOAD_IDENTITY_PROVIDER }}
 
     steps:
+      - uses: octo-sts/action@6177b4481c00308b3839969c3eca88c96a91775f # v1.0.0
+        id: octo-sts
+        if: ${{ inputs.use_platform_modules == true }}
+        with:
+          scope: kartverket/terraform-modules
+          identity: kartverket_repos
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: hack for github internal repo access
+        if: ${{ inputs.use_platform_modules == true }}
+        run: git config --global url."https://x-access-token:${{ steps.octo-sts.outputs.token }}@github.com".insteadOf ssh://git@github.com
+
       # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v3.1.2
         with:
-          terraform_wrapper: false
+          terraform_version: ${{ inputs.use_platform_modules == true && '1.5.7' || 'latest' }}
 
       - name: Authenticate with Google Cloud
         uses: google-github-actions/auth@v2