Skip to content
terraform-infra-provisioning

Create ECS Task container from Docker image in central AWS account (cross AWS account access) #110

Sign in to view logs

Create ECS Task container from Docker image in central AWS account (cross AWS account access)

Create ECS Task container from Docker image in central AWS account (cross AWS account access) #110

Workflow file for this run

.github/workflows/terraform.yml at 9700426
name: terraform-infra-provisioning
on:
workflow_dispatch:
push:
branches: [ '*' ]
paths:
- 'infra/**'
- '.github/workflows/terraform.yml'
pull_request:
branches: ["main"]
paths:
- 'infra/**'
- '.github/workflows/terraform.yml'
env:
AWS_REGION: us-east-2 # set this to your preferred AWS region, e.g. us-west-1
permissions: read-all
#--------------------------
#
# PLEASE READ: Add a GitHub Actions variable 'INFRACOST_SCAN_TYPE' and set the value to either 'hcl_code' or 'tf_plan' depending on what type of Infracost scan desired.
#
#--------------------------
jobs:
terraform:
name: 'continuous-integration'
runs-on: ubuntu-latest
environment: development
permissions:
contents: read
id-token: write
pull-requests: write
# Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
working-directory: ./infra
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS Credentials Action For GitHub Actions
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ secrets.IAM_ROLE }}
role-session-name: AWSSession
aws-region: ${{ env.AWS_REGION }}
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
- name: Setup Infracost
uses: infracost/actions/setup@v2
# See https://github.com/infracost/actions/tree/master/setup for other inputs
# If you can't use this action, see Docker images in https://infracost.io/cicd
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
if: github.event_name == 'pull_request'
# Checkout the base branch of the pull request (e.g. main/master).
- name: Checkout base branch
if: ${{ (github.event_name == 'pull_request') && (vars.INFRACOST_SCAN_TYPE == 'hcl_code') }}
uses: actions/checkout@v3
with:
ref: '${{ github.event.pull_request.base.ref }}'
# Generate Infracost JSON file as the baseline.
- name: Generate Infracost cost estimate baseline
if: ${{ (github.event_name == 'pull_request') && (vars.INFRACOST_SCAN_TYPE == 'hcl_code') }}
run: |
infracost breakdown --path=. \
--format=json \
--out-file=/tmp/infracost-base.json
# Checkout the current PR branch so we can create a diff.
- name: Checkout PR branch
if: ${{ (github.event_name == 'pull_request') && (vars.INFRACOST_SCAN_TYPE == 'hcl_code') }}
uses: actions/checkout@v3
# Generate an Infracost diff and save it to a JSON file.
- name: Generate Infracost diff
if: ${{ (github.event_name == 'pull_request') && (vars.INFRACOST_SCAN_TYPE == 'hcl_code') }}
run: |
infracost diff --path=. \
--format=json \
--compare-to=/tmp/infracost-base.json \
--out-file=/tmp/infracost.json
# Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
id: init
run: terraform init
# Checks that all Terraform configuration files adhere to a canonical format
- name: Terraform Format
id: fmt
run: terraform fmt -check
# Checks that all Terraform configuration files are correctly written
- name: Terraform Validate
id: validate
run: terraform validate -no-color
# Generates an execution plan for Terraform
- name: Terraform Plan
id: plan
if: github.ref != 'refs/heads/main' || github.event_name == 'pull_request'
run: |
terraform plan -no-color -input=false \
-var="ecs_secret=${{ secrets.ECS_SECRECT }}" \
-out=TFplan.JSON
continue-on-error: true
# Generate an Infracost diff and save it to a JSON file.
- name: Generate Infracost diff
if: ${{ (github.event_name == 'pull_request') && (vars.INFRACOST_SCAN_TYPE == 'tf_plan') }}
run: |
infracost diff --path=TFplan.JSON \
--format=json \
--out-file=/tmp/infracost.json
- name: Post Infracost estimate
if: github.event_name == 'pull_request'
run: |
infracost comment github --path=/tmp/infracost.json \
--repo=$GITHUB_REPOSITORY \
--github-token=${{github.token}} \
--pull-request=${{github.event.pull_request.number}} \
--show-skipped \
--behavior=update
- name: Post Terraform Plan output
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
# On push to "main", build or change infrastructure according to Terraform configuration files
# Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks
- name: Terraform Apply
if: github.ref == 'refs/heads/main'
run: |
terraform apply -auto-approve -input=false \
-var="ecs_secret=${{ secrets.ECS_SECRECT }}"