-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into ochmang-helixcore-improvments
- Loading branch information
Showing
20 changed files
with
248 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,186 @@ | ||
name: Jenkins Deployment Test | ||
|
||
env: | ||
TF_VAR_fully_qualified_domain_name: ${{ secrets.CI_FULLY_QUALIFIED_DOMAIN_NAME }} | ||
STATE_BUCKET_NAME: ${{ secrets.TF_REMOTE_STATE_BUCKET_NAME }} | ||
|
||
# Triggers on any changes to modules/jenkins | ||
on: | ||
pull_request: # change to pull_request before publish | ||
paths: | ||
- 'modules/jenkins/**' | ||
# - '.github/workflows/**' | ||
workflow_dispatch: | ||
|
||
permissions: | ||
id-token: write | ||
contents: read | ||
issues: write | ||
|
||
jobs: | ||
# Plan: Generates a tf plan of the deployment and posts it as a comment in the triggering PR | ||
plan: | ||
runs-on: ubuntu-latest | ||
environment: aws-ci | ||
permissions: | ||
id-token: write | ||
issues: write | ||
pull-requests: write | ||
defaults: | ||
run: | ||
working-directory: modules/jenkins/examples/complete | ||
steps: | ||
# Retrieve necessary AWS permissions | ||
- name: configure aws credentials | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.AWS_REGION }} | ||
# Checkout Repository | ||
- name: Checkout Git Repository | ||
uses: actions/[email protected] | ||
with: | ||
ref: ${{ github.ref }} | ||
# Install Terraform | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
terraform_version: 1.6.3 | ||
# Inject remote state block | ||
# This is required to enable remote state | ||
- name: Inject Remote State | ||
run: | | ||
cat > backend.tf << EOF | ||
terraform { | ||
backend "s3" { | ||
} | ||
} | ||
# Initialize S3 remote state | ||
# The triggering commit hash is used as the key of the remote state | ||
- name: Terraform init | ||
id: init | ||
run: | | ||
terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | ||
# Generate tf plan | ||
- name: Terraform plan | ||
id: plan | ||
run: | | ||
terraform plan -no-color | ||
# Post the tf plan as a comment in the triggering PR | ||
- name: Update Pull Request | ||
uses: actions/github-script@v7 | ||
with: | ||
script: | | ||
const output = `#### Terraform Plan 📖\`${{ steps.plan.outcome }}\` | ||
<details><summary>Show Plan</summary> | ||
\`\`\`\n | ||
${{ steps.plan.outputs.stdout }} | ||
\`\`\` | ||
</details> | ||
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | ||
github.rest.issues.createComment({ | ||
issue_number: context.issue.number, | ||
owner: context.repo.owner, | ||
repo: context.repo.repo, | ||
body: output | ||
}) | ||
# Deploy: After manual approval, deploys the solution to the designated AWS account | ||
deploy: | ||
needs: [ plan ] | ||
environment: aws-ci | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: modules/jenkins/examples/complete | ||
steps: | ||
# Checkout Repository | ||
- name: Checkout Git Repository | ||
uses: actions/[email protected] | ||
with: | ||
ref: ${{ github.ref }} | ||
# Retrieve necessary AWS permissions | ||
- name: configure aws credentials | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.AWS_REGION }} | ||
# Install Terraform | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
terraform_version: 1.6.3 | ||
# Inject remote state block | ||
# This is required to enable remote state | ||
- name: Inject Remote State | ||
run: | | ||
cat > backend.tf << EOF | ||
terraform { | ||
backend "s3" { | ||
} | ||
} | ||
# Initialize S3 remote state | ||
# The triggering commit hash is used as the key of the remote state | ||
- name: Terraform init | ||
id: init | ||
run: | | ||
terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | ||
# Deploys the solution | ||
- name: Terraform apply | ||
run: | | ||
terraform apply -auto-approve | ||
# Destroy: After manual approval, destroy the solution in the designated AWS account | ||
destroy: | ||
needs: [ deploy ] | ||
runs-on: ubuntu-latest | ||
environment: aws-ci | ||
defaults: | ||
run: | ||
working-directory: modules/jenkins/examples/complete | ||
steps: | ||
# Checkout Repository | ||
- name: Checkout Git Repository | ||
uses: actions/[email protected] | ||
with: | ||
ref: ${{ github.ref }} | ||
# Retrieve necessary AWS permissions | ||
- name: configure aws credentials | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: ${{ secrets.AWS_CI_ROLE_ARN }} | ||
role-session-name: GitHub_to_AWS_via_FederatedOIDC | ||
aws-region: ${{ vars.AWS_REGION }} | ||
# Install Terraform | ||
- name: Install Terraform | ||
uses: hashicorp/setup-terraform@v1 | ||
with: | ||
terraform_version: 1.6.3 | ||
# Inject remote state block | ||
# This is required to enable remote state | ||
- name: Inject Remote State | ||
run: | | ||
cat > backend.tf << EOF | ||
terraform { | ||
backend "s3" { | ||
} | ||
} | ||
# Initialize S3 remote state | ||
# The triggering commit hash is used as the key of the remote state | ||
- name: Terraform init | ||
id: init | ||
run: | | ||
terraform init -backend-config="bucket=${STATE_BUCKET_NAME}" -backend-config="key=${{ github.sha }}" -backend-config="region=${{ vars.AWS_REGION }}" | ||
# Destroys the solution | ||
- name: Terraform Destroy | ||
run: | | ||
terraform destroy -auto-approve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FROM python:3.12.7 | ||
FROM python:3.13.0 | ||
WORKDIR /build | ||
COPY . . | ||
ARG VERSION ALIAS | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
# Include required packages for mkdocs | ||
mkdocs-material==9.5.39 | ||
mkdocs-material==9.5.42 | ||
mkdocs-material-extensions==1.3.1 | ||
mike==2.1.3 | ||
mkdocs-git-revision-date-plugin==0.3.2 | ||
mkdocs-open-in-new-tab==1.0.6 | ||
mkdocs-open-in-new-tab==1.0.7 |
Oops, something went wrong.