Skip to content

Commit 99a5ac2

Browse files
DaMandal0rianDaMandal0rian
committed
Permission fixes and paths
- fix permissions - write to /tmp path and not directly in repo for transcrypt - fix backend config path
1 parent 55c06e4 commit 99a5ac2

File tree

4 files changed

+26
-28
lines changed

4 files changed

+26
-28
lines changed

.github/workflows/terraform_gh_runner.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,12 +56,12 @@ jobs:
5656
5757
- name: Fetch and write terraform.tfvars
5858
run: |
59-
echo ${{ secrets.TF_VARS_FILE }} > terraform.tfvars
60-
chmod 600 terraform.tfvars
59+
echo ${{ secrets.TF_VARS_FILE }} > /tmp/terraform.tfvars
60+
chmod 600 /tmp/terraform.tfvars
6161
6262
- name: Run Terraform
6363
working-directory: ./github-runners/terraform/base
6464
run: |
6565
terraform init-backend-config="organization=subspace" -backend-config="workspaces=${{ secrets.WORKSPACE_NAME }}"
66-
terraform plan -var-file=terraform.tfvars
67-
terraform apply -auto-approve -var "gh_token=${{ env.RUNNER_TOKEN }}"
66+
terraform plan -var-file=/tmp/terraform.tfvars
67+
terraform apply -auto-approve -var "gh_token=${{ env.RUNNER_TOKEN }}" -var-file=/tmp/terraform.tfvars

.github/workflows/terraform_template_deploy.yml

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,7 @@ jobs:
4949

5050
- name: Decrypt the secrets
5151
run: |
52-
chmod +x ./scripts/transcrypt
53-
scripts/transcrypt -c aes-256-cbc -p ${{ secrets.TRANSCRYPT }} -y
52+
bash scripts/transcrypt -c aes-256-cbc -p ${{ secrets.TRANSCRYPT }} -y
5453
5554
- uses: hashicorp/setup-terraform@v2
5655
with:
@@ -60,11 +59,11 @@ jobs:
6059

6160
- name: Setup Remote Config Backend
6261
run: |
63-
cat > config.remote.tfbackend <<EOT
62+
cat > /tmp/config.remote.tfbackend <<EOF
6463
workspaces { name = "${{ inputs.tf_workspace_name }}"}
6564
hostname = "app.terraform.io"
6665
organization = "${{ inputs.tf_organization }}"
67-
EOT
66+
EOF
6867
6968
- name: Terraform fmt
7069
working-directory: ${{ inputs.project }}/${{ inputs.resource }}
@@ -74,33 +73,33 @@ jobs:
7473
- name: Terraform Init for ${{ inputs.project }}/${{ inputs.resource }}
7574
working-directory: ${{ inputs.project }}/${{ inputs.resource }}
7675
run: |
77-
cat config.remote.tfbackend
78-
terraform init -backend-config=config.remote.tfbackend
76+
cat /tmp/config.remote.tfbackend
77+
terraform init -backend-config=/tmp/config.remote.tfbackend
7978
8079
- name: Terraform Validate
8180
working-directory: ${{ inputs.project }}/${{ inputs.resource }}
8281
run: terraform validate
8382

8483
- name: Fetch and write terraform.tfvars
8584
run: |
86-
echo ${{ secrets.TF_VARS_FILE }} > terraform.tfvars
87-
chmod 600 terraform.tfvars
85+
echo ${{ secrets.TF_VARS_FILE }} > /tmp/terraform.tfvars
86+
chmod 600 /tmp/terraform.tfvars
8887
8988
- name: Terraform Plan for ${{ inputs.project }}/${{ inputs.resource }}
9089
if: ${{ (inputs.run_destroy == 'no') }}
9190
working-directory: ${{ inputs.project }}/${{ inputs.resource }}
9291
run: |
93-
terraform plan -var-file=terraform.tfvars
92+
terraform plan -var-file=/tmp/terraform.tfvars
9493
9594
- name: Terraform Apply for ${{ inputs.project }}/${{ inputs.resource }}
9695
if: ${{ (inputs.run_apply == 'yes') && (inputs.run_destroy == 'no') }}
9796
working-directory: ${{ inputs.project }}/${{ inputs.resource }}
9897
run: |
99-
terraform apply -auto-approve -var-file=terraform.tfvars
98+
terraform apply -auto-approve -var-file=/tmp/terraform.tfvars
10099
101100
- name: Terraform Destroy for ${{ inputs.project }}/${{ inputs.resource }}
102101
if: ${{ (inputs.run_destroy == 'yes') }}
103102
working-directory: ${{ inputs.project }}/${{ inputs.resource }}
104103
run: |
105-
terraform plan -destroy -var-file=terraform.tfvars
106-
terraform destroy -auto-approve -var-file=terraform.tfvars
104+
terraform plan -destroy -var-file=/tmp/terraform.tfvars
105+
terraform destroy -auto-approve -var-file=/tmp/terraform.tfvars

.github/workflows/terraform_template_ephemeral_deploy.yml

Lines changed: 11 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -53,8 +53,7 @@ jobs:
5353

5454
- name: Decrypt the secrets
5555
run: |
56-
chmod +x ./scripts/transcrypt
57-
scripts/transcrypt -c aes-256-cbc -p ${{ secrets.TRANSCRYPT }} -y
56+
bash scripts/transcrypt -c aes-256-cbc -p ${{ secrets.TRANSCRYPT }} -y
5857
5958
- uses: hashicorp/setup-terraform@v2
6059
with:
@@ -64,11 +63,11 @@ jobs:
6463

6564
- name: Setup Remote Config Backend
6665
run: |
67-
cat > config.remote.tfbackend <<EOT
66+
cat > /tmp/config.remote.tfbackend <<EOF
6867
workspaces { name = "${{ inputs.tf_workspace_name }}"}
6968
hostname = "app.terraform.io"
7069
organization = "${{ inputs.tf_organization }}"
71-
EOT
70+
EOF
7271
7372
- name: Terraform fmt
7473
working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
@@ -78,33 +77,33 @@ jobs:
7877
- name: Terraform Init for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
7978
working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
8079
run: |
81-
cat config.remote.tfbackend
82-
terraform init -backend-config=config.remote.tfbackend
80+
cat /tmp/config.remote.tfbackend
81+
terraform init -backend-config=/tmp/config.remote.tfbackend
8382
8483
- name: Terraform Validate
8584
working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
8685
run: terraform validate
8786

8887
- name: Fetch and write terraform.tfvars
8988
run: |
90-
echo ${{ secrets.TF_VARS_FILE }} > terraform.tfvars
91-
chmod 600 terraform.tfvars
89+
echo ${{ secrets.TF_VARS_FILE }} > /tmp/terraform.tfvars
90+
chmod 600 /tmp/terraform.tfvars
9291
9392
- name: Terraform Plan for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
9493
if: ${{ (inputs.run_destroy == 'no') }}
9594
working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
9695
run: |
97-
terraform plan -var-file=terraform.tfvars
96+
terraform plan -var-file=/tmp/terraform.tfvars
9897
9998
- name: Terraform Apply for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
10099
if: ${{ (inputs.run_apply == 'yes') && (inputs.run_destroy == 'no') }}
101100
working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
102101
run: |
103-
terraform apply -auto-approve -var-file=terraform.tfvars
102+
terraform apply -auto-approve -var-file=/tmp/terraform.tfvars
104103
105104
- name: Terraform Destroy for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
106105
if: ${{ (inputs.run_destroy == 'yes') }}
107106
working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
108107
run: |
109-
terraform plan -destroy -var-file=terraform.tfvars
110-
terraform destroy -auto-approve -var-file=terraform.tfvars
108+
terraform plan -destroy -var-file=/tmp/terraform.tfvars
109+
terraform destroy -auto-approve -var-file=/tmp/terraform.tfvars

scripts/transcrypt

100644100755
File mode changed.

0 commit comments

Comments
 (0)