.github/workflows/terraform-v2-batch.yml

name: Terraform V2 Batch

on: workflow_dispatch

env:
  TF_VERSION: 1.1.4
  KEYCLOAK_V2_DEV_URL: https://dev.loginproxy.gov.bc.ca
  KEYCLOAK_V2_TEST_URL: https://test.loginproxy.gov.bc.ca
  KEYCLOAK_V2_PROD_URL: https://loginproxy.gov.bc.ca
  TF_LOG: ERROR
  TF_LOG_PATH: ${{ github.workspace }}/terraform.log

jobs:
  terraform:
    runs-on: ubuntu-22.04
    timeout-minutes: 30
    env:
      API_URL: ${{ secrets.WEBAPP_API_URL }}
    steps:
    - uses: hmarr/debug-action@v2

    - name: Wake Up API
      uses: fjogeleit/http-request-action@master
      with:
        url: ${{ env.API_URL }}/heartbeat
        method: GET
        customHeaders: '{"Authorization": "${{ secrets.GH_SECRET }}"}'
        timeout: '60000'
      continue-on-error: true

    - name: Fetch Requests Count
      id: requests
      uses: fjogeleit/http-request-action@master
      with:
        url: ${{ env.API_URL }}/batch/items/gold
        method: GET
        customHeaders: '{"Authorization": "${{ secrets.GH_SECRET }}"}'
        timeout: '60000'

    - name: Get Requests Count
      id: count
      run: |
        count=$(jq length <<< ${{ steps.requests.outputs.response }})
        echo "$count"
        echo "count=$count" >> $GITHUB_OUTPUT

    - name: Checkout Terraform Modules
      if: steps.count.outputs.count != '0'
      uses: actions/checkout@v3
      with:
        repository: bcgov/sso-terraform-modules
        ref: main

    - id: tf-modules
      if: steps.count.outputs.count != '0'
      name: Get Terraform Modules Latest SHA
      run: echo "latest-sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
      shell: bash

    - uses: actions/checkout@v2

    - name: Pull the main branch again
      if: steps.count.outputs.count != '0'
      run: |
        git pull origin main --rebase

    - name: Setup Terraform
      if: steps.count.outputs.count != '0'
      id: tf
      uses: bcgov/sso-requests-actions/actions/setup-terraform@v0.63.0
      with:
        context: ./terraform-v2
        tf-version: ${{ env.TF_VERSION }}
        tf-s3-bucket: xgr00q-prod-keycloak
        tf-s3-bucket-key: keycloak/gold
        tf-s3-dynamodb-table: xgr00q-prod-state-locking
        tf-s3-access-key: ${{ secrets.TF_S3_ACCESS_KEY }}
        tf-s3-secret-key: ${{ secrets.TF_S3_SECRET_KEY }}
        tf-s3-role-arn: ${{ secrets.TF_S3_ROLE_ARN }}
        kc-provider-version: 3.10.0
        kc-dev-url: ${{ env.KEYCLOAK_V2_DEV_URL }}
        kc-test-url: ${{ env.KEYCLOAK_V2_TEST_URL }}
        kc-prod-url: ${{ env.KEYCLOAK_V2_PROD_URL }}
        kc-dev-secret: ${{ secrets.KEYCLOAK_V2_DEV_CLIENT_SECRET }}
        kc-test-secret: ${{ secrets.KEYCLOAK_V2_TEST_CLIENT_SECRET }}
        kc-prod-secret: ${{ secrets.KEYCLOAK_V2_PROD_CLIENT_SECRET }}
        test-siteminder-signing-certificate: ${{ secrets.TEST_SITEMINDER_SIGNING_CERTIFICATE }}
        prod-siteminder-signing-certificate: ${{ secrets.PROD_SITEMINDER_SIGNING_CERTIFICATE }}
        dev-azureidir-tenant-id: ${{ secrets.DEV_AZUREIDIR_TENANT_ID }}
        dev-azureidir-client-id: ${{ secrets.DEV_AZUREIDIR_CLIENT_ID }}
        dev-azureidir-client-secret: ${{ secrets.DEV_AZUREIDIR_CLIENT_SECRET }}
        test-azureidir-tenant-id: ${{ secrets.TEST_AZUREIDIR_TENANT_ID }}
        test-azureidir-client-id: ${{ secrets.TEST_AZUREIDIR_CLIENT_ID }}
        test-azureidir-client-secret: ${{ secrets.TEST_AZUREIDIR_CLIENT_SECRET }}
        prod-azureidir-tenant-id: ${{ secrets.PROD_AZUREIDIR_TENANT_ID }}
        prod-azureidir-client-id: ${{ secrets.PROD_AZUREIDIR_CLIENT_ID }}
        prod-azureidir-client-secret: ${{ secrets.PROD_AZUREIDIR_CLIENT_SECRET }}
        dev-github-client-id: ${{ secrets.DEV_GITHUB_CLIENT_ID }}
        dev-github-client-secret: ${{ secrets.DEV_GITHUB_CLIENT_SECRET }}
        test-github-client-id: ${{ secrets.TEST_GITHUB_CLIENT_ID }}
        test-github-client-secret: ${{ secrets.TEST_GITHUB_CLIENT_SECRET }}
        prod-github-client-id: ${{ secrets.PROD_GITHUB_CLIENT_ID }}
        prod-github-client-secret: ${{ secrets.PROD_GITHUB_CLIENT_SECRET }}
        apply: true
        tf-modules-cache-key: ${{ steps.tf-modules.outputs.latest-sha }}
      continue-on-error: true

    - name: Setup NPM Packages
      if: steps.count.outputs.count != '0'
      uses: bcgov/sso-requests-actions/actions/setup-yarn@v0.63.0

    - name: Update Requests Status
      if: steps.count.outputs.count != '0'
      uses: fjogeleit/http-request-action@master
      with:
        url: ${{ env.API_URL }}/batch/items
        method: PUT
        data: "{\"ids\": ${{ steps.requests.outputs.response }}, \"success\": \"${{ steps.tf.outputs.apply != 'failure' }}\"}"
        customHeaders: '{"Authorization": "${{ secrets.GH_SECRET }}"}'
        timeout: '60000'
    - name: Fetch Terraform Log
      if: steps.tf.outputs.init == 'failure' || steps.tf.outputs.apply == 'failure'
      id: summary
      run: |
        # `tr` joins lines and `sed` removes single/double quotes
        summary=$(cat ${{ github.workspace }}/terraform.log | awk 'match($0, /\[ERROR\] .*/) {print substr($0, RSTART, RLENGTH)}' | tr '\n' ',' | sed -e 's|["'\'']||g')
        echo "$summary"
        echo "summary=$summary" >> "$GITHUB_OUTPUT"
    - name: Rocket.Chat Notification
      if: steps.tf.outputs.init == 'failure' || steps.tf.outputs.apply == 'failure'
      uses: fjogeleit/http-request-action@master
      with:
        url: ${{ secrets.RC_SSO_ALERTS_WEBHOOK }}
        method: POST
        customHeaders: '{"Content-Type": "application/json"}'
        data: '{"text": "Terraform Batch Job Failed! @jsharman @jlanglois @Marco  @zorin.samji @nithinshekar.kuruba", "attachments": [{"color": "#FF0000","author_name": "${{ github.actor }}", "title": "Failed job", "title_link": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "text": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "fields": [{"title": "Error Summary", "value": "${{ steps.summary.outputs.summary }}", "short": false}]}]}'

    - name: Set Failure Code
      if: steps.tf.outputs.init == 'failure' || steps.tf.outputs.apply == 'failure'
      run: exit 1