change nginx to ingresses #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tofu Apply | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| permissions: | |
| contents: "read" | |
| id-token: "write" | |
| concurrency: | |
| group: tofu-apply-${{ github.ref_name }} | |
| cancel-in-progress: false | |
| jobs: | |
| load-stack-matrix: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref_name == 'main' && 'prod' || 'dev' }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Read plan-jobs.json | |
| id: set-matrix | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y jq gettext | |
| delimiter="$(openssl rand -hex 8)" | |
| JSON="$(cat .github/workflows/stacks.json)" | |
| # Replace strings starting with TF_ with their respective environment variables | |
| JSON=$(echo "$JSON" | sed -e "s/TF_STATE_BUCKET/\$TF_STATE_BUCKET/g" | sed -e "s/: \"TF_/: \"\$TF_/g") | |
| echo "matrix<<${delimiter}" >> "${GITHUB_OUTPUT}" | |
| echo "$JSON" >> "${GITHUB_OUTPUT}" | |
| echo "${delimiter}" >> "${GITHUB_OUTPUT}" | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix || '[]' }} | |
| apply: | |
| needs: load-stack-matrix | |
| name: Apply stack ${{ matrix.stack.name }} | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref_name == 'main' && 'prod' || 'dev' }} | |
| strategy: | |
| matrix: | |
| stack: ${{fromJson(needs.load-stack-matrix.outputs.matrix)}} | |
| steps: | |
| - name: Set environment vars | |
| env: | |
| TF_ARGOCD_ADMIN_PASSWORD: ${{ secrets.TF_ARGOCD_ADMIN_PASSWORD }} | |
| TF_ARGOCD_GROUPS_SA_JSON: ${{ secrets.TF_ARGOCD_GROUPS_SA_JSON }} | |
| TF_CLUSTER_CA_CERTIFICATE: ${{ secrets.TF_CLUSTER_CA_CERTIFICATE }} | |
| TF_CLUSTER_ENDPOINT: ${{ secrets.TF_CLUSTER_ENDPOINT }} | |
| TF_CLUSTER_NAME: ${{ secrets.TF_CLUSTER_NAME }} | |
| TF_CTRL_PLANE_DEV_PROJECT_ID: ${{ secrets.TF_CTRL_PLANE_PROJECT_ID }} | |
| TF_CTRL_PLANE_DEV_REGION: ${{ secrets.TF_CTRL_PLANE_REGION }} | |
| TF_CTRL_PLANE_IP_RANGE_PODS: ${{ vars.TF_CTRL_PLANE_IP_RANGE_PODS }} | |
| TF_CTRL_PLANE_IP_RANGE_SERVICES: ${{ vars.TF_CTRL_PLANE_IP_RANGE_SERVICES }} | |
| TF_CTRL_PLANE_IP_RANGE_SUBNET: ${{ vars.TF_CTRL_PLANE_IP_RANGE_SUBNET }} | |
| TF_DEFAULT_MAX_PODS_PER_NODE: ${{ vars.TF_DEFAULT_MAX_PODS_PER_NODE }} | |
| TF_DEX_GOOGLE_ADMIN_EMAIL: ${{ secrets.TF_DEX_GOOGLE_ADMIN_EMAIL }} | |
| TF_DEX_GOOGLE_CLIENT_ID: ${{ secrets.TF_DEX_GOOGLE_CLIENT_ID }} | |
| TF_DEX_GOOGLE_CLIENT_SECRET: ${{ secrets.TF_DEX_GOOGLE_CLIENT_SECRET }} | |
| TF_ENVIRONMENT: ${{ vars.TF_ENVIRONMENT }} | |
| TF_GRAFANA_GOOGLE_CLIENT_ID: ${{ secrets.TF_GRAFANA_GOOGLE_CLIENT_ID }} | |
| TF_GRAFANA_GOOGLE_CLIENT_SECRET: ${{ secrets.TF_GRAFANA_GOOGLE_CLIENT_SECRET }} | |
| TF_STATE_BUCKET: ${{ secrets.TF_STATE_BUCKET }} | |
| run: | | |
| json=$(echo '${{ toJson(matrix) }}' | envsubst) | |
| # set the matrix values as environment variables | |
| for key in $(echo $json | jq -r '.stack.variables | to_entries[] | "\(.key)=\(.value)"'); do | |
| echo "$key" >> $GITHUB_ENV | |
| done | |
| # set init_param variable | |
| echo "init_param=$(echo $json | jq -r '.stack.init_param')" >> $GITHUB_ENV | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install OpenTofu | |
| uses: opentofu/setup-opentofu@v1 | |
| - name: Setup GCloud | |
| uses: "google-github-actions/auth@v2.1.2" | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Set up Cloud SDK | |
| uses: "google-github-actions/setup-gcloud@v2.1.0" | |
| with: | |
| version: ">= 363.0.0" | |
| - name: Setup Tofu workspace | |
| run: | | |
| cd ${{ matrix.stack.path }} | |
| tofu init ${{ env.init_param }} | |
| - name: Apply stack | |
| run: | | |
| cd ${{ matrix.stack.path }} | |
| tofu apply -auto-approve |