From d8bda6fb43a3436af25c306b4f7d91219ec12554 Mon Sep 17 00:00:00 2001 From: Katalina Okano Date: Sun, 6 Dec 2020 22:36:11 -0500 Subject: [PATCH] try pulling secrets from gcloud for tf --- .github/workflows/deploy.yml | 18 +++++++++++++----- terraform/mappings.tf | 12 ++++++++++++ terraform/providers.tf | 6 ------ 3 files changed, 25 insertions(+), 11 deletions(-) create mode 100644 terraform/mappings.tf diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2f7e62d..4c3a360 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -104,6 +104,13 @@ jobs: service_account_key: ${{ secrets.GCS_TF_KEY }} export_default_credentials: true + - name: Get Google Secrets (they keep them in a box under a tree) + id: secrets + uses: google-github-actions/get-secretmanager-secrets@main + with: + secrets: |- + secretJSON:${{ secrets.GCS_PROJECT_ID }}/${{github.event.inputs.environment}}-tfvars + - name: Pull necessary artifacts working-directory: ./terraform run: | @@ -119,24 +126,25 @@ jobs: run: | terraform init --backend-config "prefix=${{github.event.inputs.environment}}" - - name: Write tags to tags.tfvars.auto.json + - name: Write *.auto.tfvars.json files working-directory: ./terraform run: | echo '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "worker_path": "./worker-dist/backend-worker.js"}' | jq . | tee tags.tfvars.auto.json + echo ${SECRET_TFVARS} > secrets.auto.tfvars.json + env: + SECRET_TFVARS: ${{ steps.secrets.outputs.secretJSON }} - name: Terraform plan working-directory: ./terraform run: | terraform plan \ - --var-file variables/global.tfvars \ - --var-file variables/${{github.event.inputs.environment}}.tfvars \ + -var-file variables/global.tfvars \ + -var-file variables/${{github.event.inputs.environment}}.tfvars \ -out=./deployment.tfplan - name: Terraform apply working-directory: ./terraform run: | terraform apply \ - --var-file variables/global.tfvars \ - --var-file variables/${{github.event.inputs.environment}}.tfvars \ -auto-approve \ deployment.tfplan diff --git a/terraform/mappings.tf b/terraform/mappings.tf new file mode 100644 index 0000000..49f35c8 --- /dev/null +++ b/terraform/mappings.tf @@ -0,0 +1,12 @@ +locals { + artifactBaseMap = { + us-east4 = "us-docker.pkg.dev/roleypoly/roleypoly/" + us-central1 = "us-docker.pkg.dev/roleypoly/roleypoly/" + us-west1 = "us-docker.pkg.dev/roleypoly/roleypoly/" + europe-west2 = "europe-docker.pkg.dev/roleypoly/roleypoly/" + europe-west3 = "europe-docker.pkg.dev/roleypoly/roleypoly/" + australia-southeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/" + asia-northeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/" + asia-southeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/" + } +} diff --git a/terraform/providers.tf b/terraform/providers.tf index af13c54..9c712bf 100644 --- a/terraform/providers.tf +++ b/terraform/providers.tf @@ -32,11 +32,6 @@ terraform { } } -variable "cloudflare_email" { - type = string - sensitive = true -} - variable "cloudflare_api_token" { type = string sensitive = true @@ -53,7 +48,6 @@ variable "cloudflare_zone_id" { } provider "cloudflare" { - email = var.cloudflare_email api_token = var.cloudflare_api_token account_id = var.cloudflare_account_id }