From b24c1f6d553673a9b1554397096001e65f43080c Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Sat, 2 Mar 2024 00:46:48 +0530 Subject: [PATCH 1/2] fix: terraform(data-type for destroy variable) and helm(--set parameter to pass secrets and multiple values) --- .github/workflows/helm.yml | 65 +++++++++++++++--------- .github/workflows/terraform_workflow.yml | 21 ++++---- 2 files changed, 53 insertions(+), 33 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index f048c5f7..89072bef 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -36,28 +36,36 @@ on: required: true type: string description: 'Timeout for helm install step in seconds' - default: '120s' - set-parameters: - required: false - type: string - description: 'Overriding the default values' values-file-path: - required: true + required: false type: string description: 'Values file path from helm chart directory' history-max: required: true type: number description: 'number of revisions stored in the revision history.' - default: 7 namespace: required: false type: string description: 'Boundary for Kubernetes resources' rollback: required: false - type: string - description: 'Environment name for rollback' + type: boolean + description: 'Environment name for rollback' + revision: + required: false + type: number + description: 'If this argument is omitted or set to 0, it will roll back to the previous release.' + uninstall: + required: false + type: boolean + default: false + description: 'Set true to uninstall helmchart' + role-duration-seconds: + required: false + type: number + default: 900 + description: 'The assumed role duration in seconds, if assuming a role. Defaults to 1 hour.' secrets: AWS_ACCESS_KEY_ID: description: 'AWS Access Key ID' @@ -74,6 +82,9 @@ on: AZURE_CREDENTIALS: description: 'Azure Credentilas' required: false + set-parameters: + required: false + description: 'Overriding the default values using --set flag' jobs: helm-action: runs-on: ubuntu-latest @@ -91,7 +102,7 @@ jobs: aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} role-to-assume: ${{ secrets.BUILD_ROLE }} aws-region: ${{ inputs.aws_region }} - role-duration-seconds: 900 + role-duration-seconds: ${{ inputs.role-duration-seconds }} role-skip-session-tagging: true - name: Install Azure CLI @@ -105,32 +116,38 @@ jobs: if [ "${{ inputs.provider }}" = "azure" ]; then az aks get-credentials --resource-group ${{ inputs.resource-group }} --name ${{ inputs.azure-cluster-name }} else - aws eks --region ${{ inputs.aws-region }} update-kubeconfig --name ${{ inputs.eks-cluster-name }} + aws eks update-kubeconfig --name ${{ inputs.eks-cluster-name }} --region ${{ inputs.aws_region }} fi - name: helm lint - if: ${{ inputs.rollback != 'rollback' }} + if: ${{ inputs.rollback != true && inputs.uninstall != true }} run: | - helm lint ${{ inputs.helm-chart-directory }} + helm lint ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} - name: helm template - if: ${{ inputs.rollback != 'rollback' }} + if: ${{ inputs.rollback != true && inputs.uninstall != true }} run: | - helm template ${{ inputs.helm-chart-directory }} + helm template ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} - name: helm install and upgrade2 - if: ${{ inputs.rollback != 'rollback' }} + if: ${{ inputs.rollback != true && inputs.uninstall != true }} run: | - if [ -n "${{ inputs.set-parameters }}" ]; then - helm upgrade --install --atomic --create-namespace --wait --history-max ${{ inputs.history-max }} --debug \ - ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} ${{ inputs.set-parameters }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --timeout ${{ inputs.timeout }} + if [ -n "${{ secrets.set-parameters }}" ]; then + helm upgrade --install ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --create-namespace ${{ secrets.set-parameters }} \ + --history-max ${{ inputs.history-max }} --atomic --wait --debug --timeout ${{ inputs.timeout }} else - helm upgrade --install --atomic --create-namespace --wait --history-max ${{ inputs.history-max }} --debug \ - ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --timeout ${{ inputs.timeout }} + helm upgrade --install ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --create-namespace \ + --history-max ${{ inputs.history-max }} --atomic --wait --debug --timeout ${{ inputs.timeout }} fi - name: Rollback Helm Release - if: ${{ inputs.rollback == 'rollback' }} + if: ${{ inputs.rollback == true && inputs.uninstall != true }} + run: | + export HISTORY_COUNT=$(helm history ${{ inputs.release-name }} -n ${{ inputs.namespace }} | head -2 | tail -1 | awk '{print $1}') + helm rollback ${{ inputs.release-name }} -n ${{ inputs.namespace }} ${{ inputs.revision }} --debug || ( echo "Valid revision values can be greater than or equal to $HISTORY_COUNT" && exit 1 ) + + - name: Uninstall Helm Release + if: ${{ inputs.uninstall == true }} run: | - helm rollback ${{ inputs.release-name }} -n ${{ inputs.namespace }} -... + helm uninstall ${{ inputs.release-name }} -n ${{ inputs.namespace }} +... \ No newline at end of file diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index 2194f6fc..bfafa002 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -10,7 +10,6 @@ on: provider: required: true type: string - default: aws description: 'Cloud provider to run the workflow. e.g. azurerm, aws, gcp or digitalocean' aws_region: required: false @@ -26,9 +25,10 @@ on: type: string description: 'Terraform var file directory. e.g. vars/dev.tfvars' destroy: - type: string + required: false + type: boolean default: false - description: 'you want to destroy infra or not' + description: 'Set true to to destroy terraform infrastructure.' approvers: required: false type: string @@ -66,6 +66,9 @@ on: GCP_CREDENTIALS: required: false description: 'The Google Cloud JSON service account key to use for authentication' + DIGITALOCEAN_ACCESS_TOKEN: + required: false + description: 'The DigitalOcean Personal Access Token for Application & API' env-vars: required: false description: 'Pass required environment variables' @@ -124,7 +127,7 @@ jobs: terraform_version: ${{ inputs.terraform_version }} - name: 'Terraform Format' - if: ${{ inputs.destroy != 'true' }} + if: ${{ inputs.destroy != true }} id: fmt uses: 'dflook/terraform-fmt-check@v1' with: @@ -137,7 +140,7 @@ jobs: terraform init - name: 'Terraform validate' - if: ${{ inputs.destroy != 'true' }} + if: ${{ inputs.destroy != true }} id: validate uses: dflook/terraform-validate@v1 with: @@ -148,7 +151,7 @@ jobs: run: | export exitcode=0 cd ${{ inputs.working_directory }} - if [ "${{ inputs.destroy }}" = "true" ]; then + if [ "${{ inputs.destroy }}" = true ]; then if [ -n "${{ inputs.var_file }}" ]; then terraform plan -destroy -out tfplan --var-file=${{ inputs.var_file }} else @@ -194,7 +197,7 @@ jobs: issue-title: "Terraform Plan for Infrastructure Update" - name: terraform apply - if: ${{ inputs.destroy != 'true' }} + if: ${{ inputs.destroy != true }} run: | if [ -n "${{ inputs.var_file }}" ]; then cd ${{ inputs.working_directory }} @@ -205,7 +208,7 @@ jobs: fi - name: Terraform destroy - if: ${{ inputs.destroy == 'true' }} + if: ${{ inputs.destroy == true }} id: destroy run: | if [ -n "${{ inputs.var_file }}" ]; then @@ -215,4 +218,4 @@ jobs: cd ${{ inputs.working_directory }} terraform destroy -auto-approve fi -... +... \ No newline at end of file From ee627b579a89f601bcff54cc33c09d468dcad454 Mon Sep 17 00:00:00 2001 From: Himanshu Ahirwar Date: Sat, 2 Mar 2024 00:55:07 +0530 Subject: [PATCH 2/2] fix- yaml lint --- .github/workflows/helm.yml | 6 +++--- .github/workflows/terraform_workflow.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 89072bef..e867a228 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -51,7 +51,7 @@ on: rollback: required: false type: boolean - description: 'Environment name for rollback' + description: 'Environment name for rollback' revision: required: false type: number @@ -84,7 +84,7 @@ on: required: false set-parameters: required: false - description: 'Overriding the default values using --set flag' + description: 'Overriding the default values using --set flag' jobs: helm-action: runs-on: ubuntu-latest @@ -150,4 +150,4 @@ jobs: if: ${{ inputs.uninstall == true }} run: | helm uninstall ${{ inputs.release-name }} -n ${{ inputs.namespace }} -... \ No newline at end of file +... diff --git a/.github/workflows/terraform_workflow.yml b/.github/workflows/terraform_workflow.yml index bfafa002..23a3318d 100644 --- a/.github/workflows/terraform_workflow.yml +++ b/.github/workflows/terraform_workflow.yml @@ -218,4 +218,4 @@ jobs: cd ${{ inputs.working_directory }} terraform destroy -auto-approve fi -... \ No newline at end of file +...