From 262df405f2bfb00c5783457948782f73aee380d7 Mon Sep 17 00:00:00 2001
From: "Kwiatosz, Krzysztof" <krzysztof.kwiatosz@sap.com>
Date: Tue, 3 Dec 2024 09:55:34 +0100
Subject: [PATCH 1/2] Introduce re-usable gh actions

---
 .../actions/create-sap-btp-kyma/action.yaml   | 71 +++++++++++++++++++
 .github/actions/create-sap-btp-kyma/main.tf   | 46 ++++++++++++
 .../actions/create-sap-btp-kyma/variables.tf  | 54 ++++++++++++++
 .../action.yaml                               | 36 ++++++++++
 .github/actions/setup-btp/action.yaml         | 21 ++++++
 .github/workflows/pull-tmp.yml                | 39 ++++++++++
 6 files changed, 267 insertions(+)
 create mode 100644 .github/actions/create-sap-btp-kyma/action.yaml
 create mode 100644 .github/actions/create-sap-btp-kyma/main.tf
 create mode 100644 .github/actions/create-sap-btp-kyma/variables.tf
 create mode 100644 .github/actions/force-delete-sap-btp-subaccount/action.yaml
 create mode 100644 .github/actions/setup-btp/action.yaml
 create mode 100644 .github/workflows/pull-tmp.yml

diff --git a/.github/actions/create-sap-btp-kyma/action.yaml b/.github/actions/create-sap-btp-kyma/action.yaml
new file mode 100644
index 0000000..c6faf42
--- /dev/null
+++ b/.github/actions/create-sap-btp-kyma/action.yaml
@@ -0,0 +1,71 @@
+name: 'Create SAP BTP Kyma Environment'
+description: 'Action for creating Kyma environment in the SAP BTP Platform'
+
+inputs:
+  btp_subaccount_name:
+    description: 'Name of the new SAP BTP subaccount to be created'
+    required: true
+  btp_backend_url:
+    description: 'URL of the BTP CLI API'
+    required: true
+  btp_user: 
+    description: 'SAP BTP username on behalf of whom the BTP platform resources are created'
+    required: true
+  btp_password: 
+    description: 'SAP BTP user password'
+    required: true
+  btp_global_account:
+    description: 'Global account in the context of which the BTP platform resources are created'
+    required: true
+  btp_idp_tenant: 
+    description: 'Identity provider that recognizes identity of the given username'
+    required: true
+  btp_subaccount_region: 
+    description: 'Region of the new SAP BTP platform where new subaccount will be created'
+    required: true
+  btp_kyma_region: 
+    description: 'Region where Kyma environment will be created'
+    required: true
+  btp_kyma_plan: 
+    description: 'Service plan of the kyma environment'
+    required: true
+  btp_kyma_modules:
+    description: 'String representation of the requested kyma modules list that should be pre-installed on the kyma environments'
+    required: false
+    default: "[{name = 'istio', channel = 'fast'},{name = 'api-gateway', channel = 'fast'},{name = 'btp-operator', channel = 'fast'}]"
+  btp_kyma_autoscaler_min:
+    description: 'Minimum numbers of worker nodes the new kyma environment shoud start with'
+    required: false
+    default: '3'
+
+outputs:
+  subaccount_id: 
+    value: ${{ steps.create-btp-resources.outputs.subaccount_id }}
+    description: "ID of the created SAP BTP subaccount"
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Create btp resources
+      id: create-btp-resources
+      run: |
+        terraform -chdir=${{ github.action_path }} init 
+        terraform -chdir=${{ github.action_path }} apply -auto-approve 
+        SUBACCOUNT_ID=$(terraform -chdir=${{ github.action_path }} output -raw subaccount_id)
+        echo ${SUBACCOUNT_ID}
+        echo "subaccount_id=$SUBACCOUNT_ID" >> "$GITHUB_OUTPUT"
+        echo "KUBECONFIG=${{ github.action_path }}/kubeconfig.yaml" >> "$GITHUB_ENV"
+      shell: bash
+      env:
+        TF_VAR_BTP_NEW_SUBACCOUNT_NAME: ${{ inputs.btp_subaccount_name }}
+        TF_VAR_BTP_NEW_SUBACCOUNT_REGION: ${{ inputs.btp_subaccount_region }}
+        TF_VAR_BTP_BACKEND_URL: ${{ inputs.btp_backend_url }}
+        TF_VAR_BTP_BOT_USER: ${{ inputs.btp_user }}
+        TF_VAR_BTP_BOT_PASSWORD: ${{ inputs.btp_password }}
+        TF_VAR_BTP_CUSTOM_IAS_TENANT: ${{ inputs.btp_idp_tenant }}
+        TF_VAR_BTP_GLOBAL_ACCOUNT: ${{ inputs.btp_global_account }}
+        TF_VAR_BTP_KYMA_PLAN: ${{ inputs.btp_kyma_plan }}
+        TF_VAR_BTP_KYMA_REGION: ${{ inputs.btp_kyma_region }}
+        TF_VAR_BTP_KYMA_MODULES_STRINGIFIED: ${{ inputs.btp_kyma_modules }}
+        TF_VAR_BTP_KYMA_AUTOSCALER_MIN: ${{ inputs.btp_kyma_autoscaler_min }}
+        
\ No newline at end of file
diff --git a/.github/actions/create-sap-btp-kyma/main.tf b/.github/actions/create-sap-btp-kyma/main.tf
new file mode 100644
index 0000000..e722e67
--- /dev/null
+++ b/.github/actions/create-sap-btp-kyma/main.tf
@@ -0,0 +1,46 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "SAP/btp"
+      version = ">= 1.7.0"
+    }
+    http = {
+      source = "hashicorp/http"
+    }
+    http-full = {
+      source = "salrashid123/http-full"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.32.0"
+    }   
+  }
+}
+
+provider "http" {}
+provider "http-full" {}
+provider "btp" {
+  globalaccount = var.BTP_GLOBAL_ACCOUNT
+  cli_server_url = var.BTP_BACKEND_URL
+  idp            = var.BTP_CUSTOM_IAS_TENANT
+  username = var.BTP_BOT_USER
+  password = var.BTP_BOT_PASSWORD
+}
+
+module "kyma" {
+  source = "git::https://github.com/kyma-project/terraform-module.git?ref=v0.4.0"
+  BTP_KYMA_PLAN = var.BTP_KYMA_PLAN
+  BTP_NEW_SUBACCOUNT_NAME = var.BTP_NEW_SUBACCOUNT_NAME
+  BTP_KYMA_REGION = var.BTP_KYMA_REGION
+  BTP_NEW_SUBACCOUNT_REGION = var.BTP_NEW_SUBACCOUNT_REGION
+  BTP_KYMA_MODULES = jsondecode(var.BTP_KYMA_MODULES_STRINGIFIED)
+  BTP_KYMA_AUTOSCALER_MIN = var.BTP_KYMA_AUTOSCALER_MIN
+}
+
+output "subaccount_id" {
+  value = module.kyma.subaccount_id
+}
+
+output "domain" {
+  value = module.kyma.domain
+}
diff --git a/.github/actions/create-sap-btp-kyma/variables.tf b/.github/actions/create-sap-btp-kyma/variables.tf
new file mode 100644
index 0000000..d7fce01
--- /dev/null
+++ b/.github/actions/create-sap-btp-kyma/variables.tf
@@ -0,0 +1,54 @@
+variable "BTP_GLOBAL_ACCOUNT" {
+  type        = string
+  description = "Global account name"
+}
+
+variable "BTP_BOT_USER" {
+  type        = string
+  description = "Bot account name"
+}
+
+variable "BTP_BOT_PASSWORD" {
+  type        = string
+  description = "Bot account password"
+}
+
+variable "BTP_BACKEND_URL" {
+  type        = string
+  description = "BTP backend URL"
+}
+
+variable "BTP_NEW_SUBACCOUNT_NAME" {
+  type        = string
+  description = "Subaccount name"
+}
+
+variable "BTP_KYMA_PLAN" {
+  type        = string
+  description = "Plan name"
+}
+
+variable "BTP_NEW_SUBACCOUNT_REGION" {
+  type        = string
+  description = "Region name"
+}
+
+variable "BTP_CUSTOM_IAS_TENANT" {
+  type        = string
+  description = "Custom IAS tenant"
+}
+
+variable "BTP_KYMA_REGION" {
+  type        = string
+  description = "Kyma region"
+}
+
+variable "BTP_KYMA_MODULES_STRINGIFIED" {
+  type        = string
+  description = "Kyma modules as stringified json"
+}
+
+variable "BTP_KYMA_AUTOSCALER_MIN" {
+  type = number
+  default = 3
+}
\ No newline at end of file
diff --git a/.github/actions/force-delete-sap-btp-subaccount/action.yaml b/.github/actions/force-delete-sap-btp-subaccount/action.yaml
new file mode 100644
index 0000000..c988cdf
--- /dev/null
+++ b/.github/actions/force-delete-sap-btp-subaccount/action.yaml
@@ -0,0 +1,36 @@
+name: 'Force Delete SAP BTP Subaccount'
+description: 'Action for force deleting SAP BTP subaccount'
+
+inputs:
+  btp_subaccount_id:
+    description: 'btp subaccount id'
+    required: true
+  btp_backend_url:
+    description: 'btp backend url'
+    required: true
+  btp_user:
+    description: 'btp user'
+    required: true
+  btp_password:
+    description: 'btp password'
+    required: true
+  btp_global_account:
+    description: 'btp global account'
+    required: true
+  btp_idp_tenant:
+    description: 'btp idp tenant'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - uses: ./.github/actions/setup-btp
+
+    - name: Force delete btp resources
+      shell: bash
+      run: |
+        btp login --url "${{ inputs.btp_backend_url }}" --user "${{ inputs.btp_user }}" --password "${{ inputs.btp_password }}" --idp "${{ inputs.btp_idp_tenant }}"  --subdomain "${{ inputs.btp_global_account }}"
+        echo "Deleting ${{ inputs.btp_global_account }}/${{ inputs.btp_subaccount_id }}".
+        btp delete accounts/subaccount "${{ inputs.btp_subaccount_id }}" --global-account "${{ inputs.btp_global_account }}" --force-delete true --confirm true
+        echo "Deletion request for subaccount ${{ inputs.btp_subaccount_id }} sent."
+        
diff --git a/.github/actions/setup-btp/action.yaml b/.github/actions/setup-btp/action.yaml
new file mode 100644
index 0000000..7515995
--- /dev/null
+++ b/.github/actions/setup-btp/action.yaml
@@ -0,0 +1,21 @@
+name: 'Setup BTP CLI'
+description: 'Action for the BTP CLI setup'
+
+inputs:
+  path:
+    description: 'path where BTP CLI should be installed'
+    required: false
+    default: "/usr/local/bin"
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install BTP CLI
+      shell: bash
+      run: |
+        sudo ln -sf bash /bin/sh
+        mkdir -p ${{ inputs.path }}
+        curl -LJO https://tools.hana.ondemand.com/additional/btp-cli-linux-amd64-latest.tar.gz --cookie "eula_3_2_agreed=tools.hana.ondemand.com/developer-license-3_2.txt"
+        tar -zxf btp-cli-linux-amd64-latest.tar.gz --strip-components=1 -C ${{ inputs.path }}
+        rm -f btp-cli-linux-amd64-latest.tar.gz
+        echo "BTP CLI downloaded into ${{ inputs.path }}"
\ No newline at end of file
diff --git a/.github/workflows/pull-tmp.yml b/.github/workflows/pull-tmp.yml
new file mode 100644
index 0000000..c74b795
--- /dev/null
+++ b/.github/workflows/pull-tmp.yml
@@ -0,0 +1,39 @@
+name: pull-temp
+on:
+  pull_request:
+    types: [opened, edited, synchronize, reopened, ready_for_review]
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: ./.github/actions/create-sap-btp-kyma
+        id: create-btp-resources
+        with:
+          btp_subaccount_name: terraform-module-actions-tst-${{ github.sha }}-${{ github.run_attempt }}
+          btp_backend_url: '${{ secrets.btp_api_url }}'
+          btp_user: '${{ secrets.username }}'
+          btp_password: '${{ secrets.password }}'
+          btp_global_account: '${{ secrets.global_account }}'
+          btp_idp_tenant: '${{ secrets.ias_tenant }}'
+          btp_subaccount_region: '${{ secrets.sa_region }}'
+          btp_kyma_region: '${{ secrets.kyma_region }}'
+          btp_kyma_plan: '${{ secrets.kyma_plan }}'
+          btp_kyma_modules: "[]"
+          btp_kyma_autoscaler_min: 3
+      - name: run tests
+        run: |
+          kubectl get nodes
+      - uses: ./.github/actions/force-delete-sap-btp-subaccount
+        if: always()
+        with:
+          btp_subaccount_id: ${{ steps.create-btp-resources.outputs.subaccount_id }}
+          btp_backend_url: ${{ secrets.btp_api_url}}
+          btp_user: ${{ secrets.username}}
+          btp_password: ${{ secrets.password}}
+          btp_global_account: ${{ secrets.global_account }}
+          btp_idp_tenant: ${{ secrets.ias_tenant }}
+

From b736c36c2b6fc6b071415946229dec1d95b7c409 Mon Sep 17 00:00:00 2001
From: "Kwiatosz, Krzysztof" <krzysztof.kwiatosz@sap.com>
Date: Tue, 3 Dec 2024 09:58:30 +0100
Subject: [PATCH 2/2] Introduce re-usable gh actions

---
 .github/workflows/{pull-tmp.yml => push-actions.yml} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename .github/workflows/{pull-tmp.yml => push-actions.yml} (93%)

diff --git a/.github/workflows/pull-tmp.yml b/.github/workflows/push-actions.yml
similarity index 93%
rename from .github/workflows/pull-tmp.yml
rename to .github/workflows/push-actions.yml
index c74b795..6cf8b27 100644
--- a/.github/workflows/pull-tmp.yml
+++ b/.github/workflows/push-actions.yml
@@ -1,7 +1,7 @@
-name: pull-temp
+name: push-actions
 on:
-  pull_request:
-    types: [opened, edited, synchronize, reopened, ready_for_review]
+  push:
+    branches: ["main", "release-*"]
 
 jobs:
   scan: