-
Notifications
You must be signed in to change notification settings - Fork 27
112 lines (105 loc) · 7.82 KB
/
Marketplace_Example.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# I have created public github marketplace actions (plan and apply) as well that can be used as shown in this example.
#Plan: https://github.com/marketplace/actions/terraform-plan-for-azure
#Apply: https://github.com/marketplace/actions/terraform-apply-for-azure
name: "Marketplace-Example"
on:
workflow_dispatch:
#pull_request:
# branches:
# - master
jobs:
##### PLAN A DEPLOYMENT #####
Plan_Dev_Deploy:
runs-on: ubuntu-latest
permissions: #Permission is required if enabling TFSEC == true
actions: read
contents: read
security-events: write
if: ${{ github.actor != 'dependabot[bot]' }}
environment: null #(Optional) If using GitHub Environments
steps:
- name: Checkout
uses: actions/checkout@v4.1.7
- name: Dev TF Plan Deploy
uses: Pwd9000-ML/terraform-azurerm-plan@v1.3.0
with:
path: 01_Foundation ## (Optional) Specify path TF module relevant to repo root. Default="."
plan_mode: deploy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy"
tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest"
tf_vars_file: config-dev.tfvars ## (Required) Specifies Terraform TFVARS file name inside module path.
tf_key: foundation-dev ## (Required) AZ backend - Specifies name that will be given to terraform state file and plan artifact
enable_TFSEC: true ## (Optional) Enable TFSEC IaC scans (Private repo requires GitHub enterprise). Default=false
az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc
az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc
az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files
arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID
arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret
arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID
arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID
github_token: ${{ secrets.GITHUB_TOKEN }} ## (Required) Needed to comment output on PR's. ${{ secrets.GITHUB_TOKEN }} already has permissions
##### APPLY DEPLOY #####
Apply_Dev_Deploy:
needs: Plan_Dev_Deploy
runs-on: ubuntu-latest
environment: Development #(Optional) If using GitHub Environments
steps:
- name: Dev TF Deploy
if: ${{ github.actor != 'dependabot[bot]' }}
uses: Pwd9000-ML/terraform-azurerm-apply@v1.3.0
with:
plan_mode: deploy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy"
tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest"
tf_key: foundation-dev ## (Required) Specifies name of the terraform state file and plan artifact to download
az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc
az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc
az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files
arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID
arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret
arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID
arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID
##### PLAN A DESTROY #####
Plan_Dev_Destroy:
needs: Apply_Dev_Deploy
runs-on: ubuntu-latest
if: ${{ github.actor != 'dependabot[bot]' }}
environment: null #(Optional) If using GitHub Environments
steps:
- name: Checkout
uses: actions/checkout@v4.1.7
- name: Dev TF Plan Destroy
uses: Pwd9000-ML/terraform-azurerm-plan@v1.3.0
with:
path: 01_Foundation ## (Optional) Specify path TF module relevant to repo root. Default="."
plan_mode: destroy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy"
tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest"
tf_vars_file: config-dev.tfvars ## (Required) Specifies Terraform TFVARS file name inside module path.
tf_key: foundation-dev ## (Required) AZ backend - Specifies name that will be given to terraform state file and plan artifact
enable_TFSEC: false ## (Optional) Enable TFSEC IaC scans (Private repo requires GitHub enterprise). Default=false
az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc
az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc
az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files
arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID
arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret
arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID
arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID
github_token: ${{ secrets.GITHUB_TOKEN }} ## (Required) Needed to comment output on PR's. ${{ secrets.GITHUB_TOKEN }} already has permissions
##### APPLY DESTROY #####
Apply_Dev_Destroy:
needs: Plan_Dev_Destroy
runs-on: ubuntu-latest
environment: Development #(Optional) If using GitHub Environments
steps:
- name: Dev TF Destroy
if: ${{ github.actor != 'dependabot[bot]' }}
uses: Pwd9000-ML/terraform-azurerm-apply@v1.3.0
with:
plan_mode: destroy ## (Optional) Specify plan mode. Valid options are "deploy" or "destroy". Default="deploy"
tf_version: latest ## (Optional) Specifies version of Terraform to use. e.g: 1.1.0 Default="latest"
tf_key: foundation-dev ## (Required) Specifies name of the terraform state file and plan artifact to download
az_resource_group: Terraform-GitHub-Backend ## (Required) AZ backend - AZURE Resource Group hosting terraform backend storage acc
az_storage_acc: tfgithubbackendsa ## (Required) AZ backend - AZURE terraform backend storage acc
az_container_name: gh-terraform-deployments ## (Required) AZ backend - AZURE storage container hosting state files
arm_client_id: ${{ secrets.ARM_CLIENT_ID }} ## (Required - Actions Secrets) ARM Client ID
arm_client_secret: ${{ secrets.ARM_CLIENT_SECRET }} ## (Required - Actions Secrets) ARM Client Secret
arm_subscription_id: ${{ secrets.ARM_SUBSCRIPTION_ID }} ## (Required - Actions Secrets) ARM Subscription ID
arm_tenant_id: ${{ secrets.ARM_TENANT_ID }} ## (Required - Actions Secrets) ARM Tenant ID