Skip to content

feat: setup smurf terraform #1

feat: setup smurf terraform

feat: setup smurf terraform #1

---

Check failure on line 1 in .github/workflows/smurf_terraform.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/smurf_terraform.yaml

Invalid workflow file

(Line: 106, Col: 9): Unexpected value 'with', (Line: 182, Col: 15): Unrecognized named-value: 'inputs'. Located at position 1 within expression: inputs.terraform_directory, (Line: 197, Col: 15): Unrecognized named-value: 'inputs'. Located at position 1 within expression: inputs.terraform_directory
name: 🦸‍♂️ Smurf Terraform
'on':
workflow_call:
inputs:
aws_region:
required: false
description: AWS region
type: string
default: us-east-1
aws_auth_method:
description: AWS auth method to use like oidc and keys
type: string
required: false
terraform_directory:
description: Terraform Directory
type: string
required: false
terraform_destroy:
description: Set true for Terraform Destroy
type: string
required: false
default: 'false'
terraform_enable:
description: Set true for Terraform Enable
type: string
required: false
default: 'true'
terraform_version:
type: string
default: 1.3.6
description: Required Terraform version
aws_role:
description: AWS OIDC role for aws authentication.
type: string
default: 'false'
timeout:
required: false
type: number
default: 10
description: Timeout for approval step
approvers:
required: false
type: string
description: Approvals list to approve apply or destroy
minimum-approvals:
required: false
type: number
default: 1
description: Minimum approvals required to accept the plan
gcp_auth_method:
description: GCP auth method to use like wip and json
type: string
required: false
gcp_project_id:
required: false
type: string
description: 'ID of the default project to use for future API calls and invocations.'
secrets:
AWS_ACCESS_KEY_ID:
required: false
description: AWS Access Key ID for direct authentication
AWS_SECRET_ACCESS_KEY:
required: false
description: AWS Secret Access Key for direct authentication
AWS_SESSION_TOKEN:
required: false
description: AWS Session Token for direct authentication
GCP_WIP:
required: false
description: 'WIP Connected with Service Account'
GCP_SERVICE_ACCOUNT:
required: false
description: 'GCP service account'
GOOGLE_CREDENTIALS:
required: false
description: 'GCP service account JSON Key'
jobs:
terraform-format-init-validate:
if: inputs.terraform_enable == 'true'
runs-on: ubuntu-latest
steps:
- name: 📦 Checkout
uses: actions/checkout@v5
- name: 🛠️ Set up Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: '${{ inputs.terraform_version }}'
- name: ⚙️ Set up Smurf Terraform
uses: clouddrove/smurf@master
with:
version: ${{ inputs.terraform_version }}
- name: 🧹 Terraform Format
run: |
smurf stf format -r
- name: 🏗️ Terraform Init
run: |
smurf stf 'init --dir=${{ inputs.terraform_directory }}'
- name: 🔎 Terraform Validate
run: |
with:
smurf stf 'validate --dir=${{ inputs.terraform_directory }}'
terraform-execution:
if: inputs.terraform_enable == 'true'
runs-on: ubuntu-latest
needs: terraform-format-init-validate
steps:
- name: 📦 Checkout
uses: actions/checkout@v5
- name: 🛠️ Set up Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: '${{ inputs.terraform_version }}'
- name: 🔑 Configure AWS credentials with OIDC
if: inputs.aws_auth_method == 'oidc'
uses: aws-actions/configure-aws-credentials@v5
with:
role-to-assume: '${{ inputs.aws_role }}'
aws-region: '${{ inputs.aws_region }}'
- name: 🔑 Configure AWS credentials with access keys
if: inputs.aws_auth_method == 'keys'
env:
AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
AWS_SESSION_TOKEN: '${{ secrets.AWS_SESSION_TOKEN }}'
AWS_REGION: '${{ inputs.aws_region }}'
run: |
aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
if [[ -n "$AWS_SESSION_TOKEN" ]]; then
aws configure set aws_session_token $AWS_SESSION_TOKEN
fi
aws configure set region $AWS_REGION
- name: ☁️ Authenticate Google Cloud with WIP and Service Account
if: inputs.gcp_auth_method == 'wip'
uses: google-github-actions/auth@v3
with:
token_format: access_token
workload_identity_provider: ${{ secrets.GCP_WIP }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
access_token_lifetime: 300s
project_id: ${{ inputs.gcp_project_id }}
- name: ☁️ Authenticate Google Cloud with Service Account JSON Key
if: inputs.gcp_auth_method == 'json'
uses: 'google-github-actions/auth@v3'
with:
credentials_json: '${{ secrets.GOOGLE_CREDENTIALS }}'
- name: ⚙️ Set up Smurf Terraform
uses: clouddrove/smurf@master
with:
version: ${{ inputs.terraform_version }}
- name: 🏗️ Terraform Init
run: |
smurf stf 'init --dir=${{ inputs.terraform_directory }}'
- name: 📋 Terraform Plan
run: |
smurf stf 'plan --dir=${{ inputs.terraform_directory }}'
- name: ✅ Accept plan or deny
uses: trstringer/manual-approval@v1
timeout-minutes: '${{ inputs.timeout }}'
with:
secret: '${{ github.TOKEN }}'
approvers: '${{ inputs.approvers }}'
minimum-approvals: '${{ inputs.minimum-approvals }}'
issue-title: Terraform Plan for Infrastructure Update
- name: 🚀 Terraform Apply
uses: |
smurf stf 'apply --auto-approve --dir=${{ inputs.terraform_directory }}'
terraform-destroy:
if: inputs.terraform_destroy == 'true'
runs-on: ubuntu-latest
steps:
- name: 📦 Checkout
uses: actions/checkout@v5
- name: 🛠️ Set up Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: '${{ inputs.terraform_version }}'
- name: 💣 Terraform Destroy
uses: |
smurf stf 'destroy --auto-approve --dir=${{ inputs.terraform_directory }}'
...