- Created build-infra to handle CI

- Delete unecessary reusable function
bcgov · Aug 21, 2024 · f8e022e · f8e022e
1 parent 70e5021
commit f8e022e
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 37 deletions.
diff --git a/.github/workflows/actions/scan-infra/action.yml b/.github/workflows/actions/scan-infra/action.yml
diff --git a/.github/workflows/aws-template-terraform.yml b/.github/workflows/aws-template-terraform.yml
@@ -15,6 +15,10 @@ on:
       TEST_BUCKET_NAME:
         required: true
         type: string
+      APPLY_TF_CODE:
+        required: true
+        default: false
+        type: boolean
 
 permissions:
   id-token: write
@@ -54,10 +58,17 @@ jobs:
 
   scan:
     name: Scan TF Code
-    uses: ./actions/scan-infra
-    with:
-      working_directory: ${{ inputs.CONTEXT_FOLDER }}
-      environment: ${{ inputs.ENVIRONMENT_NAME }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: tfsec
+        uses: aquasecurity/tfsec-action@v1.0.3
+        with:
+          working_directory: ${{ inputs.CONTEXT_FOLDER }}
+          additional_args: "--tfvars-file=${{ inputs.CONTEXT_FOLDER }}/${{ inputs.ENVIRONMENT_NAME }}.tfvars"
+          soft_fail: false
+          github_token: ${{ secrets.GITHUB_TOKEN }}
     needs: [check_changes]
 
   deploy_infra:
@@ -108,6 +119,7 @@ jobs:
         if: steps.plan.outcome == 'failure'
         run: exit 1
       - name: Terraform Apply
+        if: inputs.APPLY_TF_CODE == true
         env:
           CONTEXT_FOLDER: ${{ inputs.CONTEXT_FOLDER }}
           #TF_VAR_test_s3_bucket_name: ${{ inputs.TEST_BUCKET_NAME }}

diff --git a/.github/workflows/deploy-infra-dev.yml → .github/workflows/build-infra.yml b/.github/workflows/deploy-infra-dev.yml → .github/workflows/build-infra.yml
@@ -1,8 +1,8 @@
-name: Publish Infra
+name: Build Infra
 
 on:
-  # PR targeting master is created or new commits are pushed
-  push:
+  # When a PR is created targeting master branch
+  pull_request:
     branches:
       - master
     paths:
@@ -25,8 +25,9 @@ jobs:
   deploy:
     uses: ./.github/workflows/aws-template-terraform.yml
     with:
-      CONTEXT_FOLDER: "./infrastructure/cloud/environments/${{ inputs.environment }}"
-      CHANGE_FOLDER_NAME: environments/${{ inputs.environment }}
-      ENVIRONMENT_NAME: ${{ inputs.environment }}
+      CONTEXT_FOLDER: "./infrastructure/cloud/environments/${{ inputs.environment || 'dev' }}"
+      CHANGE_FOLDER_NAME: environments/${{ inputs.environment || 'dev' }}
+      ENVIRONMENT_NAME: ${{ inputs.environment || 'dev' }}
       TEST_BUCKET_NAME: jasper-test-bucket
+      APPLY_TF_CODE: false
     secrets: inherit
diff --git a/.github/workflows/publish-infra.yml b/.github/workflows/publish-infra.yml
@@ -25,8 +25,9 @@ jobs:
   deploy:
     uses: ./.github/workflows/aws-template-terraform.yml
     with:
-      CONTEXT_FOLDER: "./infrastructure/cloud/environments/${{ inputs.environment }}"
-      CHANGE_FOLDER_NAME: environments/${{ inputs.environment }}
-      ENVIRONMENT_NAME: ${{ inputs.environment }}
+      CONTEXT_FOLDER: "./infrastructure/cloud/environments/${{ inputs.environment || 'dev' }}"
+      CHANGE_FOLDER_NAME: environments/${{ inputs.environment || 'dev' }}
+      ENVIRONMENT_NAME: ${{ inputs.environment || 'dev' }}
       TEST_BUCKET_NAME: jasper-test-bucket
+      APPLY_TF_CODE: true
     secrets: inherit