Skip to content

Commit

Permalink
Added Terraform files and GitHub Actions. & git push -f
Browse files Browse the repository at this point in the history
  • Loading branch information
BadgerHobbs committed Sep 8, 2023
1 parent 725e144 commit 9afd765
Show file tree
Hide file tree
Showing 6 changed files with 299 additions and 0 deletions.
43 changes: 43 additions & 0 deletions .github/workflows/test_artifact_encrypted.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Test Terraform State Artifact Encrypted
on:
workflow_dispatch:
push:

jobs:
test_artifact_encrypted:
runs-on: ubuntu-latest
name: Test Terraform State Artifact Encrypted
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Download Encrypted Artifact & Decrypt Artifact
uses: badgerhobbs/terraform-state@main
with:
encryption_key: ${{ secrets.encryption_key }}
operation: download
location: artifact
continue-on-error: true

- name: Configure Terraform
uses: hashicorp/setup-terraform@v2

- name: Initialize Terraform
run: terraform init

- name: Run Terraform Plan
run: |
terraform plan -var="run_id=${{ github.run_id }}"
- name: Run Terraform Apply
run: |
terraform apply -auto-approve -var="run_id=${{ github.run_id }}"
- name: Encrypt Artifact & Upload Encrypted Artifact
uses: badgerhobbs/terraform-state@main
with:
encryption_key: ${{ secrets.encryption_key }}
operation: upload
location: artifact
41 changes: 41 additions & 0 deletions .github/workflows/test_artifact_raw.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
name: Test Terraform State Artifact Raw
on:
workflow_dispatch:
push:

jobs:
test_artifact_raw:
runs-on: ubuntu-latest
name: Test Terraform State Artifact Raw
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Download Raw Artifact
uses: badgerhobbs/terraform-state@main
with:
operation: upload
location: artifact
continue-on-error: true

- name: Configure Terraform
uses: hashicorp/setup-terraform@v2

- name: Initialize Terraform
run: terraform init

- name: Run Terraform Plan
run: |
terraform plan -var="run_id=${{ github.run_id }}"
- name: Run Terraform Apply
run: |
terraform apply -auto-approve -var="run_id=${{ github.run_id }}"
- name: Upload Raw Artifact
uses: badgerhobbs/terraform-state@main
with:
operation: upload
location: artifact
43 changes: 43 additions & 0 deletions .github/workflows/test_repository_file_encrypted.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Test Terraform State Repository File Encrypted
on:
workflow_dispatch:
push:

jobs:
test_repository_file_encrypted:
runs-on: ubuntu-latest
name: Test Terraform State Repository File Encrypted
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Decrypt Repository File
uses: badgerhobbs/terraform-state@main
with:
encryption_key: ${{ secrets.encryption_key }}
operation: download
location: repository
continue-on-error: true

- name: Configure Terraform
uses: hashicorp/setup-terraform@v2

- name: Initialize Terraform
run: terraform init

- name: Run Terraform Plan
run: |
terraform plan -var="run_id=${{ github.run_id }}"
- name: Run Terraform Apply
run: |
terraform apply -auto-approve -var="run_id=${{ github.run_id }}"
- name: Encrypt and Commit Repository File
uses: badgerhobbs/terraform-state@main
with:
encryption_key: ${{ secrets.encryption_key }}
operation: upload
location: repository
34 changes: 34 additions & 0 deletions .github/workflows/test_repository_file_raw.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Test Terraform State Repository File Raw
on:
workflow_dispatch:
push:

jobs:
test_repository_file_raw:
runs-on: ubuntu-latest
name: Test Terraform State Repository File Raw
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Configure Terraform
uses: hashicorp/setup-terraform@v2

- name: Initialize Terraform
run: terraform init

- name: Run Terraform Plan
run: |
terraform plan -var="run_id=${{ github.run_id }}"
- name: Run Terraform Apply
run: |
terraform apply -auto-approve -var="run_id=${{ github.run_id }}"
- name: Commit Repository File
uses: badgerhobbs/terraform-state@main
with:
operation: upload
location: repository
119 changes: 119 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,119 @@
name: "terraform-state"
description: "Stores Terraform state file as encrypted artifact or repository file."
author: "Andrew Riggs"

inputs:
encryption_key:
description: "AES-256 Encryption key used to encrypt/decrypt the Terraform state file."
required: false
default: ""

operation:
description: "Specifies if the operation is to download or upload the Terraform state file. [Options: download/upload]"
required: true

location:
description: "Specifies the storage location of the Terraform state file. [Options: repository/artifact]"
required: true

directory:
description: "Directory of the Terraform state file."
required: false
default: "."

runs:
using: "composite"
steps:

- name: Configure Git User
shell: bash
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
# Raw Artifact
- name: Download Raw Artifact
if: "${{ inputs.location == 'artifact' && inputs.operation == 'download' && inputs.encryption_key == '' }}"
shell: bash
run: |
REPO="${{ github.repository }}"
ARTIFACT_URI="https://api.github.com/repos/$REPO/actions/artifacts"
TOKEN="${{ github.token }}"
RESPONSE=$(curl -H "Authorization: token $TOKEN" -s $ARTIFACT_URI | jq -r '.artifacts[]')
if [ "$RESPONSE" ] ; then
LATEST_ARTIFACT_URI=$(echo $RESPONSE | jq -r 'select(.name=="Raw Terraform State") | .url' | sort -r | head -n 1)
echo "Most recent artifact URI = $LATEST_ARTIFACT_URI"
if [ "$LATEST_ARTIFACT_URI" ] ; then
curl -L -H "Authorization: token $TOKEN" -o ${{ inputs.directory }}/terraform.tfstate.zip $LATEST_ARTIFACT_URI
unzip ${{ inputs.directory }}/terraform.tfstate.zip
fi
fi
- name: Upload Raw Artifact
if: "${{ inputs.location == 'artifact' && inputs.operation == 'upload' && inputs.encryption_key == '' }}"
uses: actions/upload-artifact@v3
with:
name: Raw Terraform State
path: "${{ inputs.directory }}/terraform.tfstate"

# Encrypted Artifact
- name: Download Encrypted Artifact
if: "${{ inputs.location == 'artifact' && inputs.operation == 'download' && inputs.encryption_key != '' }}"
shell: bash
run: |
REPO="${{ github.repository }}"
ARTIFACT_URI="https://api.github.com/repos/$REPO/actions/artifacts"
TOKEN="${{ github.token }}"
RESPONSE=$(curl -H "Authorization: token $TOKEN" -s $ARTIFACT_URI | jq -r '.artifacts[]')
if [ "$RESPONSE" ] ; then
LATEST_ARTIFACT_URI=$(echo $RESPONSE | jq -r 'select(.name=="Encrypted Terraform State") | .url' | sort -r | head -n 1)
echo "Most recent artifact URI = $LATEST_ARTIFACT_URI"
if [ "$LATEST_ARTIFACT_URI" ] ; then
curl -L -H "Authorization: token $TOKEN" -o ${{ inputs.directory }}/terraform.tfstate.encrypted.zip $LATEST_ARTIFACT_URI
unzip ${{ inputs.directory }}/terraform.tfstate.encrypted.zip
fi
fi
- name: Decrypt Artifact
if: "${{ inputs.location == 'artifact' && inputs.operation == 'download' && inputs.encryption_key != '' }}"
shell: bash
run: |
openssl enc -d -aes256 -in ${{ inputs.directory }}/terraform.tfstate.encrypted -out ${{ inputs.directory }}/terraform.tfstate -k ${{ inputs.encryption_key }}
- name: Encrypt Artifact
if: "${{ inputs.location == 'artifact' && inputs.operation == 'upload' && inputs.encryption_key != '' }}"
shell: bash
run: |
openssl enc -e -aes256 -in ${{ inputs.directory }}/terraform.tfstate -out ${{ inputs.directory }}/terraform.tfstate.encrypted -k ${{ inputs.encryption_key }}
- name: Upload Encrypted Artifact
if: "${{ inputs.location == 'artifact' && inputs.operation == 'upload' && inputs.encryption_key != '' }}"
uses: actions/upload-artifact@v3
with:
name: Encrypted Terraform State
path: "${{ inputs.directory }}/terraform.tfstate.encrypted"

# Raw Repository File
- name: Commit Repository File
if: "${{ inputs.location == 'repository' && inputs.operation == 'upload' && inputs.encryption_key == '' }}"
shell: bash
run: |
git add ${{ inputs.directory }}/terraform.tfstate
git commit -m "Update Encrypted Terraform State."
git push
# Encrypted Repository File
- name: Decrypt Repository File
if: "${{ inputs.location == 'repository' && inputs.operation == 'download' && inputs.encryption_key != '' }}"
shell: bash
run: |
openssl enc -d -aes256 -in ${{ inputs.directory }}/terraform.tfstate.encrypted -out ${{ inputs.directory }}/terraform.tfstate -k ${{ inputs.encryption_key }}
- name: Encrypt and Commit Repository File
if: "${{ inputs.location == 'repository' && inputs.operation == 'upload' && inputs.encryption_key != '' }}"
shell: bash
run: |
openssl enc -e -aes256 -in ${{ inputs.directory }}/terraform.tfstate -out ${{ inputs.directory }}/terraform.tfstate.encrypted -k ${{ inputs.encryption_key }}
git add ${{ inputs.directory }}/terraform.tfstate.encrypted
git commit -m "Update Encrypted Terraform State."
git push
19 changes: 19 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
terraform {
required_providers {
random = {
source = "hashicorp/random"
version = "3.1.0"
}
}
}

resource "random_id" "random" {
keepers = {
random_id = "${var.run_id}"
}
byte_length = 8
}

variable "run_id" {
type = string
}

0 comments on commit 9afd765

Please sign in to comment.