remove tfvars secret and add branch input

DaMandal0rian · DaMandal0rian · commit d865c7c6eaf9 · 2023-12-05T13:53:44.000+03:00
- remove tfvars secret and storing in github, use the encrypted terraform.tfvars file with transcrypt.
- add branch as input
- change API token name and remove vars secret file
- change path for dedicated runners
diff --git a/.github/workflows/ephemeral_devnet_aws_deploy.yml b/.github/workflows/ephemeral_devnet_aws_deploy.yml
@@ -2,6 +2,10 @@ name: Main CD for Ephememeral Devnet Deployment
 
 on:
   workflow_dispatch:
+    inputs:
+      branch:
+        required: true
+        type: string
   pull_request:
     branches:
       - main
@@ -20,6 +24,7 @@ jobs:
     uses: ./.github/workflows/terraform_template_ephemeral_deploy.yml
     with:
       project: testing-framework
+      branch: ${{ github.event.inputs.branch }}
       instance: ec2
       resource: network
       tf_workspace_name: ephemeral-devnet
diff --git a/.github/workflows/ephemeral_devnet_hetzner_deploy.yml b/.github/workflows/ephemeral_devnet_hetzner_deploy.yml
@@ -2,6 +2,10 @@ name: Main CD for Ephememeral Devnet Deployment
 
 on:
   workflow_dispatch:
+    inputs:
+      branch:
+        required: true
+        type: string
   pull_request:
     branches:
       - main
@@ -20,6 +24,7 @@ jobs:
     uses: ./.github/workflows/terraform_template_ephemeral_deploy.yml
     with:
       project: testing-framework
+      branch: ${{ github.event.inputs.branch }}
       instance: hetzner
       resource: network
       tf_workspace_name: ephemeral-devnet-hetzner
diff --git a/.github/workflows/terraform_gh_runner.yml b/.github/workflows/terraform_gh_runner.yml
@@ -6,7 +6,7 @@ on:
     branches:
       - main
     paths:
-      - "github-runners/terraform/base/**"
+      - "github-runners/terraform/dedicated/**"
 
 jobs:
   terraform_gh_runner:
@@ -22,11 +22,11 @@ jobs:
         uses: hashicorp/setup-terraform@v1
         with:
           terraform_version: "1.5.7"
-          cli_config_credentials_token: ${{ secrets.TF_CLOUD_TOKEN }}
+          cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
-      - name: Install dependencies
+      - name: Decrypt the secrets
         run: |
-          # Install any dependencies required by your Terraform code
+          bash scripts/transcrypt -c aes-256-cbc -p ${{ secrets.TRANSCRYPT }} -y
 
       - name: Run Bash Script
         id: generate_runner_token
@@ -54,14 +54,9 @@ jobs:
           # in subsequent steps with terraform for runner registration
           echo "::set-output name=runner_token::$runner_token"
 
-      - name: Fetch and write terraform.tfvars
-        run: |
-          echo ${{ secrets.TF_VARS_FILE }} > /tmp/terraform.tfvars
-          chmod 600 /tmp/terraform.tfvars
-
       - name: Run Terraform
-        working-directory: ./github-runners/terraform/base
+        working-directory: ./github-runners/terraform/dedicated
         run: |
           terraform init
-          terraform plan -var-file=/tmp/terraform.tfvars
-          terraform apply -auto-approve -var "gh_token=${{ steps.generate_runner_token.outputs.runner_token }}" -var-file=/tmp/terraform.tfvars
+          terraform plan -var-file=terraform.tfvars
+          terraform apply -auto-approve -var "gh_token=${{ steps.generate_runner_token.outputs.runner_token }}" -var-file=terraform.tfvars
diff --git a/.github/workflows/terraform_template_deploy.yml b/.github/workflows/terraform_template_deploy.yml
@@ -71,26 +71,21 @@ jobs:
         working-directory: ${{ inputs.project }}/${{ inputs.resource }}
         run: terraform validate
 
-      - name: Fetch and write terraform.tfvars
-        run: |
-          echo ${{ secrets.TF_VARS_FILE }} > /tmp/terraform.tfvars
-          chmod 600 /tmp/terraform.tfvars
-
       - name: Terraform Plan for ${{ inputs.project }}/${{ inputs.resource }}
         if: ${{ (inputs.run_destroy == 'no') }}
         working-directory: ${{ inputs.project }}/${{ inputs.resource }}
         run: |
-          terraform plan -var-file=/tmp/terraform.tfvars
+          terraform plan -var-file=terraform.tfvars
 
       - name: Terraform Apply for ${{ inputs.project }}/${{ inputs.resource }}
         if: ${{ (inputs.run_apply == 'yes') && (inputs.run_destroy == 'no') }}
         working-directory: ${{ inputs.project }}/${{ inputs.resource }}
         run: |
-          terraform apply -auto-approve -var-file=/tmp/terraform.tfvars
+          terraform apply -auto-approve -var-file=terraform.tfvars
 
       - name: Terraform Destroy for ${{ inputs.project }}/${{ inputs.resource }}
         if: ${{ (inputs.run_destroy == 'yes') }}
         working-directory: ${{ inputs.project }}/${{ inputs.resource }}
         run: |
-          terraform plan -destroy -var-file=/tmp/terraform.tfvars
-          terraform destroy -auto-approve -var-file=/tmp/terraform.tfvars
+          terraform plan -destroy -var-file=terraform.tfvars
+          terraform destroy -auto-approve -var-file=terraform.tfvars
diff --git a/.github/workflows/terraform_template_ephemeral_deploy.yml b/.github/workflows/terraform_template_ephemeral_deploy.yml
@@ -6,6 +6,9 @@ on:
       project:
         required: true
         type: string
+      branch:
+        required: true
+        type: string
       instance:
         required: true
         type: string
@@ -75,26 +78,21 @@ jobs:
         working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         run: terraform validate
 
-      - name: Fetch and write terraform.tfvars
-        run: |
-          echo ${{ secrets.TF_VARS_FILE }} > /tmp/terraform.tfvars
-          chmod 600 /tmp/terraform.tfvars
-
       - name: Terraform Plan for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         if: ${{ (inputs.run_destroy == 'no') }}
         working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         run: |
-          terraform plan -var-file=/tmp/terraform.tfvars
+          terraform plan -var-file=terraform.tfvars -var "branch_name=${{ inputs.branch }}"
 
       - name: Terraform Apply for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         if: ${{ (inputs.run_apply == 'yes') && (inputs.run_destroy == 'no') }}
         working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         run: |
-          terraform apply -auto-approve -var-file=/tmp/terraform.tfvars
+          terraform apply -auto-approve -var-file=terraform.tfvars -var "branch_name=${{ inputs.branch }}"
 
       - name: Terraform Destroy for ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         if: ${{ (inputs.run_destroy == 'yes') }}
         working-directory: ${{ inputs.project }}/${{ inputs.instance }}/${{ inputs.resource }}
         run: |
-          terraform plan -destroy -var-file=/tmp/terraform.tfvars
-          terraform destroy -auto-approve -var-file=/tmp/terraform.tfvars
+          terraform plan -destroy -var-file=terraform.tfvars -var "branch_name=${{ inputs.branch }}"
+          terraform destroy -auto-approve -var-file=terraform.tfvars -var "branch_name=${{ inputs.branch }}"
