feat(jenkins): Adds GHA deployment workflow #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Jenkins Deployment Test | |
| env: | |
| TF_VAR_fully_qualified_domain_name: ${{ secrets.CI_FULLY_QUALIFIED_DOMAIN_NAME }} | |
| STATE_BUCKET_NAME: ${{ secrets.TF_REMOTE_STATE_BUCKET_NAME }} | |
| GITHUB_ENVIRONMENT: aws-ci | |
| # Triggers on any changes to modules/jenkins | |
| on: | |
| pull_request: # change to pull_request before publish | |
| paths: | |
| - 'modules/jenkins/**' | |
| # - '.github/workflows/**' | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| issues: write | |
| jobs: | |
| # Plan: Generates a tf plan of the deployment and posts it as a comment in the triggering PR | |
| plan: | |
| runs-on: ubuntu-latest | |
| environment: $GITHUB_ENVIRONMENT | |
| defaults: | |
| run: | |
| working-directory: modules/jenkins/examples/complete | |
| steps: | |
| # Retrieve necessary AWS permissions | |
| - name: configure aws credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ vars.AWS_REGION }} | |
| # Checkout Repository | |
| - name: Checkout Git Repository | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.ref }} | |
| # Install Terraform | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| terraform_version: 1.6.3 | |
| # Inject remote state block | |
| # This is required to enable remote state | |
| - name: Inject Remote State | |
| run: | | |
| cat > backend.tf << EOF | |
| terraform { | |
| backend "s3" { | |
| } | |
| } | |
| # Initialize S3 remote state | |
| # The triggering commit hash is used as the key of the remote state | |
| - name: Terraform init | |
| id: init | |
| run: | | |
| terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | |
| # Generate tf plan | |
| - name: Terraform plan | |
| id: plan | |
| run: | | |
| terraform plan -no-color | |
| # Post the tf plan as a comment in the triggering PR | |
| - name: Update Pull Request | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.USER_TOKEN }} | |
| script: | | |
| const output = #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\`\n | |
| ${{ steps.plan.outputs.stdout }} | |
| \`\`\` | |
| </details> | |
| *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: output | |
| }) | |
| # Deploy: After manual approval, deploys the solution to the designated AWS account | |
| deploy: | |
| needs: [ plan ] | |
| environment: $GITHUB_ENVIRONMENT | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: modules/jenkins/examples/complete | |
| steps: | |
| # Checkout Repository | |
| - name: Checkout Git Repository | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.ref }} | |
| # Retrieve necessary AWS permissions | |
| - name: configure aws credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ vars.AWS_REGION }} | |
| # Install Terraform | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| terraform_version: 1.6.3 | |
| # Inject remote state block | |
| # This is required to enable remote state | |
| - name: Inject Remote State | |
| run: | | |
| cat > backend.tf << EOF | |
| terraform { | |
| backend "s3" { | |
| } | |
| } | |
| # Initialize S3 remote state | |
| # The triggering commit hash is used as the key of the remote state | |
| - name: Terraform init | |
| id: init | |
| run: | | |
| terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | |
| # Deploys the solution | |
| - name: Terraform apply | |
| run: | | |
| terraform apply -auto-approve | |
| # Destroy: After manual approval, destroy the solution in the designated AWS account | |
| destroy: | |
| needs: [ deploy ] | |
| runs-on: ubuntu-latest | |
| environment: $GITHUB_ENVIRONMENT | |
| defaults: | |
| run: | |
| working-directory: modules/jenkins/examples/complete | |
| steps: | |
| # Checkout Repository | |
| - name: Checkout Git Repository | |
| uses: actions/[email protected] | |
| with: | |
| ref: ${{ github.ref }} | |
| # Retrieve necessary AWS permissions | |
| - name: configure aws credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | |
| role-session-name: GitHub_to_AWS_via_FederatedOIDC | |
| aws-region: ${{ vars.AWS_REGION }} | |
| # Install Terraform | |
| - name: Install Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| terraform_version: 1.6.3 | |
| # Inject remote state block | |
| # This is required to enable remote state | |
| - name: Inject Remote State | |
| run: | | |
| cat > backend.tf << EOF | |
| terraform { | |
| backend "s3" { | |
| } | |
| } | |
| # Initialize S3 remote state | |
| # The triggering commit hash is used as the key of the remote state | |
| - name: Terraform init | |
| id: init | |
| run: | | |
| terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | |
| # Destroys the solution | |
| - name: Terraform Destroy | |
| run: | | |
| terraform destroy -auto-approve |