Merge remote-tracking branch 'origin/main' #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
jobs: | |
ci: | |
runs-on: ubuntu-22.04 | |
steps: | |
- run: | | |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" &&\ | |
unzip awscliv2.zip &&\ | |
sudo ./aws/install --update | |
- env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
VAULT_CLI_VERSION: "1.10.4" | |
TERRAFORM_VERSION: "1.2.9" | |
VAULT_ADDR: ${{ secrets.VAULT_ADDR }} | |
# python3 vault/create_policy.py readonly | |
# python3 vault/create_approle.py terraform_readonly readonly | |
VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} | |
VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} | |
run: | | |
curl -s https://raw.githubusercontent.com/OriHoch/uumpa-ci-toolbox/65a0704332e63d51f63981dbb25cd83682dc4078/bin/github_actions_install.sh \ | |
| bash -s 4ed9d7055f0aa9629de1291fe0f42e154709b0b6 OriHoch/uumpa-ci-toolbox &&\ | |
uci github actions self-checkout --config-user-name "dfc-iac-ci" &&\ | |
uci vault install --version $VAULT_CLI_VERSION &&\ | |
uci terraform install --version $TERRAFORM_VERSION &&\ | |
uci kubectl install --version "v1.24.2" &&\ | |
pip install -r requirements.txt &&\ | |
export VAULT_TOKEN="$(uci vault approle-login $VAULT_ROLE_ID $VAULT_SECRET_ID)" &&\ | |
terraform init "-backend-config=$(bin/get_backend_config.py)" &&\ | |
eval "$(bin/get_secret_envvars.py)" &&\ | |
terraform plan -input=false -lock=false |