earlier changes #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Infrastructure | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| paths: [ 'terraform/**' ] | |
| pull_request: | |
| branches: [ main ] | |
| paths: [ 'terraform/**' ] | |
| env: | |
| AWS_REGION: us-west-2 | |
| TERRAFORM_VERSION: 1.6.0 | |
| jobs: | |
| # Terraform Plan | |
| plan: | |
| name: Terraform Plan | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| environment: [dev, staging, prod] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Terraform Format Check | |
| run: | | |
| cd terraform | |
| terraform fmt -check -recursive | |
| - name: Terraform Init | |
| run: | | |
| cd terraform | |
| terraform init | |
| - name: Terraform Validate | |
| run: | | |
| cd terraform | |
| terraform validate | |
| - name: Terraform Plan | |
| run: | | |
| cd terraform | |
| terraform plan \ | |
| -var-file=environments/${{ matrix.environment }}.tfvars \ | |
| -out=tfplan-${{ matrix.environment }} \ | |
| -var="environment=${{ matrix.environment }}" | |
| - name: Upload Terraform Plan | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: tfplan-${{ matrix.environment }} | |
| path: terraform/tfplan-${{ matrix.environment }} | |
| # Terraform Apply (for main branch) | |
| apply: | |
| name: Terraform Apply | |
| runs-on: ubuntu-latest | |
| needs: plan | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| strategy: | |
| matrix: | |
| environment: [dev, staging, prod] | |
| environment: ${{ matrix.environment }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Download Terraform Plan | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: tfplan-${{ matrix.environment }} | |
| path: terraform/ | |
| - name: Terraform Init | |
| run: | | |
| cd terraform | |
| terraform init | |
| - name: Terraform Apply | |
| run: | | |
| cd terraform | |
| terraform apply tfplan-${{ matrix.environment }} | |
| - name: Output Terraform values | |
| run: | | |
| cd terraform | |
| terraform output -json > terraform-outputs-${{ matrix.environment }}.json | |
| - name: Upload Terraform Outputs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: terraform-outputs-${{ matrix.environment }} | |
| path: terraform/terraform-outputs-${{ matrix.environment }}.json | |
| # Terraform Destroy (for cleanup) | |
| destroy: | |
| name: Terraform Destroy | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' | |
| environment: destroy | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Terraform Init | |
| run: | | |
| cd terraform | |
| terraform init | |
| - name: Terraform Destroy | |
| run: | | |
| cd terraform | |
| terraform destroy \ | |
| -var-file=environments/${{ github.event.inputs.environment }}.tfvars \ | |
| -var="environment=${{ github.event.inputs.environment }}" \ | |
| -auto-approve | |