-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (107 loc) · 5.81 KB
/
tf_apply.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: 'Terraform'
on:
workflow_dispatch:
inputs:
destroy:
description: 'Set to 1 to destroy the terraform architecture'
required: false
default: '0'
permissions:
contents: read
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
env:
# statefile environmental variables
TF_VAR_state_resource_group_name: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.STATE_RESOURCE_GROUP_NAME_PROD || vars.STATE_RESOURCE_GROUP_NAME_DEV }}
TF_VAR_state_storage_account_name: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.STATE_STORAGE_ACCOUNT_NAME_PROD || vars.STATE_STORAGE_ACCOUNT_NAME_DEV }}
# infra environmental variables
TF_VAR_infra_resource_group_name: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_RESOURCE_GROUP_NAME_PROD || vars.INFRA_RESOURCE_GROUP_NAME_DEV }}
TF_VAR_infra_subscription_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_SUBSCRIPTION_ID_PROD || vars.INFRA_SUBSCRIPTION_ID_DEV }}
TF_VAR_infra_tenant_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_TENANT_ID_PROD || vars.INFRA_TENANT_ID_DEV }}
# automatic terraform variables
ARM_CLIENT_ID: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_ID_PROD || secrets.ARM_CLIENT_ID_DEV }}
ARM_CLIENT_SECRET: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_SECRET_PROD || secrets.ARM_CLIENT_SECRET_DEV }}
ARM_SUBSCRIPTION_ID: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_SUBSCRIPTION_ID_PROD || vars.INFRA_SUBSCRIPTION_ID_DEV }}
ARM_TENANT_ID: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_TENANT_ID_PROD || vars.INFRA_TENANT_ID_DEV }}
TF_VAR_arm_client_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_ID_PROD || secrets.ARM_CLIENT_ID_DEV }}
TF_VAR_arm_client_secret: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_SECRET_PROD || secrets.ARM_CLIENT_SECRET_DEV }}
TF_VAR_arm_tenant_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_TENANT_ID_PROD || vars.INFRA_TENANT_ID_DEV }}
TF_VERSION: 1.7.5
TF_VAR_notification_email_password: ${{ secrets.NOTIFICATION_EMAIL_PASSWORD }}
TF_VAR_notification_email_address: ${{ secrets.NOTIFICATION_EMAIL_ADDRESS }}
defaults:
run:
shell: bash
working-directory: ./infra
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Verify the Environment
run: |
echo TF_VAR_state_resource_group_name: ${{ env.TF_VAR_state_resource_group_name }}
echo TF_VAR_state_storage_account_name: ${{ env.TF_VAR_state_storage_account_name }}
echo TF_VAR_infra_resource_group_name: ${{ env.TF_VAR_infra_resource_group_name }}
echo TF_VAR_infra_subscription_id: ${{ env.TF_VAR_infra_subscription_id }}
echo TF_VAR_infra_tenant_id: ${{ env.TF_VAR_infra_tenant_id }}
echo ARM_CLIENT_ID: ${{ env.ARM_CLIENT_ID }}
echo ARM_CLIENT_SECRET: ${{ env.ARM_CLIENT_SECRET }}
echo ARM_SUBSCRIPTION_ID: ${{ env.ARM_SUBSCRIPTION_ID }}
echo ARM_TENANT_ID: ${{ env.ARM_TENANT_ID }}
echo TF_VERSION: ${{ env.TF_VERSION }}
- name: Setup Go 1.22.x
uses: actions/setup-go@v5
with:
go-version: 1.22.x
cache-dependency-path: "backend/go.sum"
- name: Build Swagger
run: |
cd ../backend
go install github.com/swaggo/swag/cmd/swag@latest
swag init -g handler.go
- name: Setup AZ CLI
uses: pietrobolcato/install-azure-cli-action@main
- name: Setup azure core tools
run: npm i -g [email protected] --unsafe-perm true
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}
- name: Terraform fmt
id: fmt
run: terraform fmt --check --diff
- name: Terraform init
id: init
run: |
set -a
terraform init \
-backend-config="resource_group_name=$TF_VAR_state_resource_group_name" \
-backend-config="storage_account_name=$TF_VAR_state_storage_account_name"
- name: Terraform validate
id: validate
run: terraform validate -no-color
- name: Terraform plan
id: plan
run: terraform plan -no-color
- name: Terraform apply
id: apply
run: terraform apply -auto-approve $DESTROY
env:
DESTROY: ${{ github.event.inputs.destroy == '1' && '-destroy' || '' }}
- name: Build frontend
if: github.event.inputs.destroy != '1'
run: |
cd ../frontend/vue-gewoscout
npm install
npm run build
npm install -g @azure/static-web-apps-cli
export SWA_CLI_DEPLOYMENT_TOKEN=${{ secrets.SWA_TOKEN }}
swa deploy --app-location ./dist --env ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && 'Production' || 'Development' }}
- name: Link the backend
if: github.event.inputs.destroy != '1'
run: |
. ./env.sh
az login --service-principal -u ${{env.ARM_CLIENT_ID}} -p ${{env.ARM_CLIENT_SECRET}} --tenant ${{env.ARM_TENANT_ID}}
az staticwebapp backends unlink --name ${{ vars.SWA_NAME }} --resource-group ${{ vars.SWA_RESOURCE_GROUP }} ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && '' || ' --environment-name Development' }} | true
az staticwebapp backends link --backend-resource-id ${BACKEND_FUNCTION_ID} --name ${{ vars.SWA_NAME }} --resource-group ${{ vars.SWA_RESOURCE_GROUP }} ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && '' || ' --environment-name Development' }} --backend-region ${PROJECT_LOCATION}