From e7cd4c5fd1afd226750eb6403e641f53dd2c3683 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 05:06:04 +0530 Subject: [PATCH 1/5] feat: added the gcs backend and updated the readme --- tf-variables/README.md | 5 +++++ tf-variables/backend.tf | 20 +++++++++++++++++++ .../{providers.tf => providers.tf.disabled} | 0 3 files changed, 25 insertions(+) create mode 100644 tf-variables/backend.tf rename tf-variables/{providers.tf => providers.tf.disabled} (100%) diff --git a/tf-variables/README.md b/tf-variables/README.md index 340327d..e07dd9a 100644 --- a/tf-variables/README.md +++ b/tf-variables/README.md @@ -7,6 +7,11 @@ This sub-project contains terraform code to understand the concept of `variable ## Prerequisites All the prerequisites mentioned in top level README file must be fulfilled for successful execution of code. +## Considerations +To run the code from your local machine, please make below changes: +- rename the provider.tf.disabled to provider.tf and backend.tf to backed.tf.disabled, if you want to use local backend. +- Make sure to give "roles/iam.serviceAccountTokenCreator" role to an identity (who will trigger the terraform code) on the service account for the impersonation to succeed. + ## TF Code Execution To execute the terraform code, go to command prompt and then run the following commands: diff --git a/tf-variables/backend.tf b/tf-variables/backend.tf new file mode 100644 index 0000000..5870106 --- /dev/null +++ b/tf-variables/backend.tf @@ -0,0 +1,20 @@ +/* +1. Create the GCS Bucket using Cloud SDK / Cloud Shell: +> gcloud auth login +> gcloud config set project PROJECT_ID +> gsutil mb -c standard -l eu gs://bkt-tfstates-xxxxxx + +2. Set the Bucket versioning. +> gsutil versioning set on gs://bkt-tfstates-xxxxxx + +3. Clean-up process +> gcloud storage rm --recursive gs://bkt-tfstates-xxxxxx +*/ + +// Configure Google Cloud Storage (GCS) Backend +terraform { + backend "gcs" { + bucket = "bkt-tfstates-15062024" + prefix = "terraform/tst" + } +} diff --git a/tf-variables/providers.tf b/tf-variables/providers.tf.disabled similarity index 100% rename from tf-variables/providers.tf rename to tf-variables/providers.tf.disabled From 23068c2060e8e45cfabf408aa30e1eeb7126632b Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 05:10:20 +0530 Subject: [PATCH 2/5] feat: added the gitops workflow pipeline --- .github/workflows/gitops.yml | 146 +++++++++++++++++++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 .github/workflows/gitops.yml diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml new file mode 100644 index 0000000..3b1644e --- /dev/null +++ b/.github/workflows/gitops.yml @@ -0,0 +1,146 @@ +name: GitOps Workflow +on: + pull_request: + branches: + - master + push: + branches: + - master + workflow_dispatch: +defaults: + run: + working-directory: ./tf-variables/ +env: + TERRAFORM_VER: 1.8.0 + TERRAFORM_DIR: "./tf-variables/" + CLOUDSDK_VER: 480.0.0 +permissions: + pull-requests: write +jobs: + infrastructure-deployment: + name: Infrastructure Deployment + runs-on: ubuntu-latest + permissions: + contents: read + id-token: write + pull-requests: write + steps: + # Checkout the repository code + - name: Code checkout + id: code_checkout + uses: actions/checkout@v2 + + # Scan the repo for any sensitive information like secrets etc + - name: Secret Scanning + uses: trufflesecurity/trufflehog@main + with: + path: ./ # Code repository path + base: main # Start scanning from here (usually main branch). + head: HEAD # Scan commits until here (usually dev branch). + + # Static code analysis using aqua security's tfsec + - name: Run tfsec scan + id: static_code_analysis + uses: aquasecurity/tfsec-action@v1.0.3 + with: + working_directory: ${{ env.TERRAFORM_DIR }} + + # Install the latest version of Google Cloud SDK + - id: cloud_sdk_installation + name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v0.3.0 + with: + version: ${{ env.CLOUDSDK_VER }} + + # Setup the authentication for the Google Cloud using WIF + - id: gcp_auth + name: Authenticate to GCP + uses: google-github-actions/auth@v0.3.1 + with: + create_credentials_file: 'true' + workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER_ID }} + service_account: ${{ secrets.SERVICE_ACCOUNT }} + + # Install the specified version of Terraform CLI + - id: tf_installation + name: Terraform Installation + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: ${{ env.TERRAFORM_VER }} + + # Checks that Terraform configuration files adhere to a canonical format + - name: Terraform fmt + id: tf_fmt + run: terraform fmt -check + continue-on-error: true + + # Initialize the Terraform working directory + - name: Terraform Init + id: tf_init + run: terraform init + + # Validate the terraform configuration files + - name: Terraform Validate + id: tf_validate + run: terraform validate -no-color + + # Generates an execution plan for Terraform + - name: Terraform Plan + id: tf_plan + run: terraform plan -no-color + continue-on-error: true + + # Comments the terraform plan output on pull request + - id: comment_output + name: Comment Terraform Plan Output + uses: actions/github-script@v7 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` +
Validation Output + + \`\`\`\n + ${{ steps.validate.outputs.stdout }} + \`\`\` + +
+ + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ + *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + # Executes the apply operation to deploy the actual infrastructure + - name: Terraform Apply + id: tf_apply + if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' + run: terraform apply -auto-approve + + - name: Notify success + if: success() # this step runs only if the previous steps succeeded. + run: echo "[SUCCESS] The build is successful without any errors." + + - name: Notify failure + if: failure() # this step runs only if any of the previous steps failed. + run: | + echo "[FAILED] This job has been failed due to earlier errors." + echo "An eamil notification can be setup later sometime." From d9c025a20c3b7ea3463f701b5a2074d2cb792a8f Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 05:17:15 +0530 Subject: [PATCH 3/5] feat: updated the if condition in pipeline --- .github/workflows/gitops.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 3b1644e..54b7647 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -132,7 +132,7 @@ jobs: # Executes the apply operation to deploy the actual infrastructure - name: Terraform Apply id: tf_apply - if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' + if: github.ref == 'refs/heads/master' && github.event_name == 'push' run: terraform apply -auto-approve - name: Notify success From 6366c251e07bc67fbaf99a5162fb870f16ad5261 Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 05:28:54 +0530 Subject: [PATCH 4/5] feat: removed continuation on error for steps --- .github/workflows/gitops.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/gitops.yml b/.github/workflows/gitops.yml index 54b7647..49e69dc 100644 --- a/.github/workflows/gitops.yml +++ b/.github/workflows/gitops.yml @@ -72,7 +72,6 @@ jobs: - name: Terraform fmt id: tf_fmt run: terraform fmt -check - continue-on-error: true # Initialize the Terraform working directory - name: Terraform Init @@ -88,7 +87,6 @@ jobs: - name: Terraform Plan id: tf_plan run: terraform plan -no-color - continue-on-error: true # Comments the terraform plan output on pull request - id: comment_output From 90033bb2f3d097acc43e059ff76d9ec8115946ea Mon Sep 17 00:00:00 2001 From: Anupam Date: Sat, 15 Jun 2024 05:29:23 +0530 Subject: [PATCH 5/5] feat: updated the formatting of files --- tf-variables/backend.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf-variables/backend.tf b/tf-variables/backend.tf index 5870106..5bb6c88 100644 --- a/tf-variables/backend.tf +++ b/tf-variables/backend.tf @@ -14,7 +14,7 @@ // Configure Google Cloud Storage (GCS) Backend terraform { backend "gcs" { - bucket = "bkt-tfstates-15062024" - prefix = "terraform/tst" + bucket = "bkt-tfstates-15062024" + prefix = "terraform/tst" } }