roleypoly/v3
1
0
Fork 0
mirror of https://github.com/roleypoly/roleypoly.git synced 2025-04-25 03:49:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

try pulling secrets from gcloud for tf

Browse source
This commit is contained in:
41666 2020-12-06 22:36:11 -05:00
parent 441b24045d
commit d8bda6fb43
3 changed files with 25 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.github/workflows/deploy.yml vendored
View file

@ -104,6 +104,13 @@ jobs:
service_account_key: ${{ secrets.GCS_TF_KEY }} service_account_key: ${{ secrets.GCS_TF_KEY }}
export_default_credentials: true export_default_credentials: true
- name: Get Google Secrets (they keep them in a box under a tree)
id: secrets
uses: google-github-actions/get-secretmanager-secrets@main
with:
secrets: |-
secretJSON:${{ secrets.GCS_PROJECT_ID }}/${{github.event.inputs.environment}}-tfvars
- name: Pull necessary artifacts - name: Pull necessary artifacts
working-directory: ./terraform working-directory: ./terraform
run: | run: |
@ -119,24 +126,25 @@ jobs:
run: | run: |
terraform init --backend-config "prefix=${{github.event.inputs.environment}}" terraform init --backend-config "prefix=${{github.event.inputs.environment}}"
- name: Write tags to tags.tfvars.auto.json - name: Write *.auto.tfvars.json files
working-directory: ./terraform working-directory: ./terraform
run: | run: |
echo '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "worker_path": "./worker-dist/backend-worker.js"}' | jq . | tee tags.tfvars.auto.json echo '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "worker_path": "./worker-dist/backend-worker.js"}' | jq . | tee tags.tfvars.auto.json
echo ${SECRET_TFVARS} > secrets.auto.tfvars.json
env:
SECRET_TFVARS: ${{ steps.secrets.outputs.secretJSON }}
- name: Terraform plan - name: Terraform plan
working-directory: ./terraform working-directory: ./terraform
run: | run: |
terraform plan \ terraform plan \
--var-file variables/global.tfvars \ -var-file variables/global.tfvars \
--var-file variables/${{github.event.inputs.environment}}.tfvars \ -var-file variables/${{github.event.inputs.environment}}.tfvars \
-out=./deployment.tfplan -out=./deployment.tfplan
- name: Terraform apply - name: Terraform apply
working-directory: ./terraform working-directory: ./terraform
run: | run: |
terraform apply \ terraform apply \
--var-file variables/global.tfvars \
--var-file variables/${{github.event.inputs.environment}}.tfvars \
-auto-approve \ -auto-approve \
deployment.tfplan deployment.tfplan

12
terraform/mappings.tf Normal file
View file

@ -0,0 +1,12 @@
locals {
artifactBaseMap = {
us-east4 = "us-docker.pkg.dev/roleypoly/roleypoly/"
us-central1 = "us-docker.pkg.dev/roleypoly/roleypoly/"
us-west1 = "us-docker.pkg.dev/roleypoly/roleypoly/"
europe-west2 = "europe-docker.pkg.dev/roleypoly/roleypoly/"
europe-west3 = "europe-docker.pkg.dev/roleypoly/roleypoly/"
australia-southeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/"
asia-northeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/"
asia-southeast1 = "asia-docker.pkg.dev/roleypoly/roleypoly/"
}
}

6
terraform/providers.tf
View file

@ -32,11 +32,6 @@ terraform {
} }
} }
variable "cloudflare_email" {
type = string
sensitive = true
}
variable "cloudflare_api_token" { variable "cloudflare_api_token" {
type = string type = string
sensitive = true sensitive = true
@ -53,7 +48,6 @@ variable "cloudflare_zone_id" {
} }
provider "cloudflare" { provider "cloudflare" {
email = var.cloudflare_email
api_token = var.cloudflare_api_token api_token = var.cloudflare_api_token
account_id = var.cloudflare_account_id account_id = var.cloudflare_account_id
} }