-
Notifications
You must be signed in to change notification settings - Fork 1
105 lines (87 loc) · 3.5 KB
/
Copy pathcd.yml
File metadata and controls
105 lines (87 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Terraform CD
on:
# push:
# branches:
# - main
# paths:
# - 'terraform/**'
# - '.github/workflows/cd.yml'
workflow_dispatch:
inputs:
environment:
description: 'Environment to deploy'
required: true
default: 'production'
type: choice
options:
- 'production'
- 'staging'
destroy:
description: 'Destroy infrastructure'
required: false
default: 'false'
type: choice
options:
- 'true'
- 'false'
permissions:
contents: read
id-token: write
env:
AWS_REGION: us-west-2
TERRAFORM_VERSION: 1.6.0
jobs:
deploy:
name: Deploy to ${{ github.event.inputs.environment || 'production' }}
runs-on: ubuntu-latest
environment:
name: ${{ github.event.inputs.environment || 'production' }}
defaults:
run:
working-directory: terraform/stacks/${{ github.event.inputs.environment || 'production' }}
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_SECRET_ACCESS_ID }} # DO NOT CHANGE THIS LINE
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # DO NOT CHANGE THIS LINE
aws-region: ${{ env.AWS_REGION }}
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Terraform Init
run: terraform init
- name: Terraform Plan
if: github.event.inputs.destroy != 'true'
run: terraform plan -var-file=terraform.tfvars
- name: Terraform Apply
if: github.event.inputs.destroy != 'true'
run: terraform apply -var-file=terraform.tfvars -auto-approve
- name: Terraform Destroy
if: github.event.inputs.destroy == 'true'
run: terraform destroy -var-file=terraform.tfvars -auto-approve
- name: Get Outputs
if: github.event.inputs.destroy != 'true'
id: outputs
run: |
echo "instance_id=$(terraform output -raw instance_id)" >> $GITHUB_OUTPUT
echo "instance_public_ip=$(terraform output -raw instance_public_ip)" >> $GITHUB_OUTPUT
echo "instance_private_ip=$(terraform output -raw instance_private_ip)" >> $GITHUB_OUTPUT
continue-on-error: true
- name: Deployment Summary
if: always()
run: |
echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
echo "- **Environment:** ${{ github.event.inputs.environment || 'production' }}" >> $GITHUB_STEP_SUMMARY
echo "- **Action:** ${{ github.event.inputs.destroy == 'true' && 'Destroy' || 'Deploy' }}" >> $GITHUB_STEP_SUMMARY
echo "- **Triggered by:** ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
if [ "${{ github.event.inputs.destroy }}" != "true" ] && [ "${{ steps.outputs.outputs.instance_id }}" != "" ]; then
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Instance Details" >> $GITHUB_STEP_SUMMARY
echo "- **Instance ID:** ${{ steps.outputs.outputs.instance_id }}" >> $GITHUB_STEP_SUMMARY
echo "- **Public IP:** ${{ steps.outputs.outputs.instance_public_ip }}" >> $GITHUB_STEP_SUMMARY
echo "- **Private IP:** ${{ steps.outputs.outputs.instance_private_ip }}" >> $GITHUB_STEP_SUMMARY
fi