-
Notifications
You must be signed in to change notification settings - Fork 0
128 lines (105 loc) · 5.64 KB
/
tf_apply.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: 'Terraform'
on:
workflow_dispatch:
inputs:
destroy:
description: 'Set to 1 to destroy the terraform architecture'
required: false
default: '0'
permissions:
contents: read
jobs:
terraform:
name: 'Terraform'
runs-on: ubuntu-latest
env:
# statefile environmental variables
TF_VAR_state_resource_group_name: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.STATE_RESOURCE_GROUP_NAME_PROD || vars.STATE_RESOURCE_GROUP_NAME_DEV }}
TF_VAR_state_storage_account_name: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.STATE_STORAGE_ACCOUNT_NAME_PROD || vars.STATE_STORAGE_ACCOUNT_NAME_DEV }}
# infra environmental variables
TF_VAR_infra_resource_group_name: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_RESOURCE_GROUP_NAME_PROD || vars.INFRA_RESOURCE_GROUP_NAME_DEV }}
TF_VAR_infra_subscription_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_SUBSCRIPTION_ID_PROD || vars.INFRA_SUBSCRIPTION_ID_DEV }}
TF_VAR_infra_tenant_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_TENANT_ID_PROD || vars.INFRA_TENANT_ID_DEV }}
# automatic terraform variables
ARM_CLIENT_ID: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_ID_PROD || secrets.ARM_CLIENT_ID_DEV }}
ARM_CLIENT_SECRET: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_SECRET_PROD || secrets.ARM_CLIENT_SECRET_DEV }}
ARM_SUBSCRIPTION_ID: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_SUBSCRIPTION_ID_PROD || vars.INFRA_SUBSCRIPTION_ID_DEV }}
ARM_TENANT_ID: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_TENANT_ID_PROD || vars.INFRA_TENANT_ID_DEV }}
TF_VAR_arm_client_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_ID_PROD || secrets.ARM_CLIENT_ID_DEV }}
TF_VAR_arm_client_secret: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && secrets.ARM_CLIENT_SECRET_PROD || secrets.ARM_CLIENT_SECRET_DEV }}
TF_VAR_arm_tenant_id: ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && vars.INFRA_TENANT_ID_PROD || vars.INFRA_TENANT_ID_DEV }}
TF_VERSION: 1.7.5
defaults:
run:
shell: bash
working-directory: ./infra
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Verify the Environment
run: |
echo TF_VAR_state_resource_group_name: ${{ env.TF_VAR_state_resource_group_name }}
echo TF_VAR_state_storage_account_name: ${{ env.TF_VAR_state_storage_account_name }}
echo TF_VAR_infra_resource_group_name: ${{ env.TF_VAR_infra_resource_group_name }}
echo TF_VAR_infra_subscription_id: ${{ env.TF_VAR_infra_subscription_id }}
echo TF_VAR_infra_tenant_id: ${{ env.TF_VAR_infra_tenant_id }}
echo ARM_CLIENT_ID: ${{ env.ARM_CLIENT_ID }}
echo ARM_CLIENT_SECRET: ${{ env.ARM_CLIENT_SECRET }}
echo ARM_SUBSCRIPTION_ID: ${{ env.ARM_SUBSCRIPTION_ID }}
echo ARM_TENANT_ID: ${{ env.ARM_TENANT_ID }}
echo TF_VERSION: ${{ env.TF_VERSION }}
- name: Setup Go 1.22.x
uses: actions/setup-go@v5
with:
go-version: 1.22.x
cache-dependency-path: "backend/go.sum"
- name: Build Swagger
run: |
cd ../backend
go install github.com/swaggo/swag/cmd/swag@latest
swag init -g handler.go
- name: Setup AZ CLI
uses: pietrobolcato/install-azure-cli-action@main
- name: Setup azure core tools
run: npm i -g azure-functions-core-tools@4 --unsafe-perm true
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}
- name: Terraform fmt
id: fmt
run: terraform fmt --check --diff
- name: Terraform init
id: init
run: |
set -a
terraform init \
-backend-config="resource_group_name=$TF_VAR_state_resource_group_name" \
-backend-config="storage_account_name=$TF_VAR_state_storage_account_name"
- name: Terraform validate
id: validate
run: terraform validate -no-color
- name: Terraform plan
id: plan
run: terraform plan -no-color
- name: Terraform apply
id: apply
run: terraform apply -auto-approve $DESTROY
env:
DESTROY: ${{ github.event.inputs.destroy == '1' && '-destroy' || '' }}
- name: Build frontend
if: github.event.inputs.destroy != '1'
run: |
cd ../frontend/vue-gewoscout
npm install
npm run build
npm install -g @azure/static-web-apps-cli
export SWA_CLI_DEPLOYMENT_TOKEN=${{ secrets.SWA_TOKEN }}
swa deploy --app-location ./dist --env ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && 'Production' || 'Development' }}
- name: Link the backend
if: github.event.inputs.destroy != '1'
run: |
. ./env.sh
az login --service-principal -u ${{env.ARM_CLIENT_ID}} -p ${{env.ARM_CLIENT_SECRET}} --tenant ${{env.ARM_TENANT_ID}}
az staticwebapp backends unlink --name ${{ vars.SWA_NAME }} --resource-group ${{ vars.SWA_RESOURCE_GROUP }} ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && '' || ' --environment-name Development' }} | true
az staticwebapp backends link --backend-resource-id ${BACKEND_FUNCTION_ID} --name ${{ vars.SWA_NAME }} --resource-group ${{ vars.SWA_RESOURCE_GROUP }} ${{ startsWith(github.ref, vars.PRODUCTION_BRANCH_PREFIX) && '' || ' --environment-name Development' }} --backend-region ${PROJECT_LOCATION}