|
1 | | -name: Terraform Apply |
| 1 | +name: OpenTofu Automation |
2 | 2 |
|
3 | 3 | on: |
4 | 4 | push: |
5 | 5 | paths: |
6 | 6 | - 'terraform/**' |
7 | 7 |
|
8 | 8 | jobs: |
9 | | - terraform: |
| 9 | + deploy: |
10 | 10 | runs-on: ubuntu-latest |
11 | 11 | steps: |
12 | 12 | - name: Checkout code |
13 | 13 | uses: actions/checkout@v4 |
14 | 14 |
|
15 | | - - name: Download OpenTofu Installer |
| 15 | + - name: Get Secrets from Bitwarden |
| 16 | + id: bitwarden-secrets |
| 17 | + uses: https://github.com/bitwarden/sm-action@v2 |
| 18 | + with: |
| 19 | + access_token: ${{ secrets.BW_ACCESS_TOKEN }} |
| 20 | + base_url: https://vault.bitwarden.com |
| 21 | + secrets: | |
| 22 | + c65f8886-f6fb-4c17-bc79-b208000604bf > arrbuntu_ip_address |
| 23 | + a54974b8-c6b3-4df7-9042-b20800064050 > downloaders_ip_address |
| 24 | + dacbeafa-c671-4b9c-9334-b2080006f75b > init_password |
| 25 | + 9ceabbd0-6492-4674-9bab-b2080006e333 > init_username |
| 26 | + 0bc3c1a3-fc48-48ce-85c5-b2080007136a > kasm_ip |
| 27 | + 63ca1819-5090-4e30-9dba-b20800072718 > kasm_ssh_ip |
| 28 | + 47ef68aa-32a9-45b0-835d-b2080006ce38 > npm_ip_address |
| 29 | + d0c7f3ec-8277-4b1b-9a1b-b2080006b842 > prox_ip_address |
| 30 | + 17ab7869-c7a1-4ece-8c64-b20800075213 > pve2_ip_address |
| 31 | + f8f85ab2-5f6d-46a7-9e06-b20800076d26 > s3_endpoint |
| 32 | + 68f1d77d-4e96-498a-9464-b208000679a4 > ssh_password |
| 33 | + d0762ced-73de-4f30-aa1c-b20800069536 > ssh_username |
| 34 | + d8017351-7a11-42e6-9e8d-b208000739b8 > ubu_ip_address |
| 35 | + 1d250f4a-ae18-4e19-934c-b2080005e132 > virtual_environment_api |
| 36 | + a4ed343a-bb92-4beb-a421-b2080005bf98 > virtual_environment_endpoint |
| 37 | + af0ed579-05f8-405f-b0f3-b208000620ca > vlan_gateway |
| 38 | +
|
| 39 | + - name: Write secrets to terraform.tfvars |
16 | 40 | run: | |
17 | | - curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh |
18 | | - chmod +x install-opentofu.sh |
| 41 | + SECRETS=("arrbuntu_ip_address" "downloaders_ip_address" "init_password" "kasm_ip" "kasm_ssh_ip" "npm_ip_address" "prox_ip_address" "pve2_ip_address" "s3_endpoint" "ssh_password" "ssh_username" "ubu_ip_address" "virtual_environment_api" "virtual_environment_endpoint" "vlan_gateway") |
| 42 | + for secret in "${SECRETS[@]}"; do |
| 43 | + echo "${secret} = \"${{ steps.bitwarden-secrets.outputs[secret] }}\"" >> ./terraform/terraform.tfvars |
| 44 | + done |
19 | 45 |
|
20 | | - - name: Inspect and Install OpenTofu |
21 | | - run: ./install-opentofu.sh --install-method deb |
| 46 | + - name: Configure AWS Credentials |
| 47 | + uses: https://github.com/aws-actions/configure-aws-credentials@v2 |
| 48 | + env: |
| 49 | + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 50 | + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
22 | 51 |
|
23 | | - - name: Clean up Installer Script |
24 | | - run: rm -f install-opentofu.sh |
| 52 | + - name: Setup OpenTofu |
| 53 | + uses: https://github.com/opentofu/setup-opentofu@v1 |
25 | 54 |
|
26 | | - - name: Initialize OpenTofu |
| 55 | + - name: Run OpenTofu Init |
27 | 56 | run: tofu init |
28 | | - working-directory: ./terraform |
29 | 57 |
|
30 | | - - name: Apply OpenTofu |
31 | | - run: tofu apply -input=false |
32 | | - working-directory: ./terraform |
| 58 | + - name: Run OpenTofu Plan |
| 59 | + id: plan |
| 60 | + run: tofu plan -no-color |
| 61 | + |
| 62 | + - name: Display Plan Output |
| 63 | + run: | |
| 64 | + echo "Plan output:" |
| 65 | + echo "${{ steps.plan.outputs.stdout }}" |
| 66 | +
|
| 67 | + - name: Apply the Plan |
| 68 | + if: success() |
| 69 | + run: tofu apply -auto-approve |
0 commit comments