[PLT-1340] Convert terraform to opentofu #1212
Conversation
.github/workflows/deploy-all.yml
Outdated
| - name: Install terraform | ||
| - name: Install Opentofu | ||
| uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 | ||
| with: | ||
| directory: ./terraform | ||
| uses: cmsgov/cdap/actions/setup-tfenv-terraform@main | ||
| - name: Init, Plan Terraform | ||
| - uses: cmsgov/cdap/actions/setup-tenv@8343fb96563ce4b74c4dececee9b268f42bd4a40 |
There was a problem hiding this comment.
This section should look like this:
- name: Install Cosign to verify OpenTofu install
uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
- name: Install OpenTofu
uses: cmsgov/cdap/actions/setup-tenv@8343fb96563ce4b74c4dececee9b268f42bd4a40| - name: Get AMIs | ||
| run: | | ||
| export BCDA_AMI=`aws ec2 describe-images --region ${{ vars.AWS_REGION }} --filters 'Name=tag:app,Values=bcda-app' 'Name=tag:version,Values=${{ env.RELEASE_VERSION }}' --query 'Images[*][CreationDate,ImageId] | reverse(sort_by(@,&[0])) | [0][1]' --output text` | ||
| echo "BCDA_AMI=$BCDA_AMI" >> $GITHUB_ENV |
There was a problem hiding this comment.
Add TENV_GITHUB_TOKEN to the workflow env as noted here: https://github.com/CMSgov/cdap/tree/d4da904e786cd8c6b0ef17272a9bed2d0494a662/actions/setup-tenv
There was a problem hiding this comment.
As noted in the README I linked, the TENV_GITHUB_TOKEN must be available to all steps running tofu commands. Set it at the top level of the workflow.
.github/workflows/deploy-all.yml
Outdated
| export TF_CLI_ARGS="-no-color" | ||
| terraform init | ||
| terraform apply bcda-release-api-worker.tfplan | ||
| tofu init |
There was a problem hiding this comment.
This line can be dropped. No need to init again.
.github/workflows/deploy-all.yml
Outdated
| export APP_DB_PW=${STRS[2]} | ||
| cd terraform/${{ env.RELEASE_ENV }} | ||
| touch bcda-release-api-worker-vars.tfvars | ||
| export TF_CLI_ARGS="-no-color" |
There was a problem hiding this comment.
These -no-color args can be dropped here and in the next step. Unlike Jenkins, GHA can handle color output.
Co-authored-by: Sean Fern <[email protected]>
Co-authored-by: Sean Fern <[email protected]>
| - name: Get AMIs | ||
| run: | | ||
| export BCDA_AMI=`aws ec2 describe-images --region ${{ vars.AWS_REGION }} --filters 'Name=tag:app,Values=bcda-app' 'Name=tag:version,Values=${{ env.RELEASE_VERSION }}' --query 'Images[*][CreationDate,ImageId] | reverse(sort_by(@,&[0])) | [0][1]' --output text` | ||
| echo "BCDA_AMI=$BCDA_AMI" >> $GITHUB_ENV |
There was a problem hiding this comment.
As noted in the README I linked, the TENV_GITHUB_TOKEN must be available to all steps running tofu commands. Set it at the top level of the workflow.
| - name: Install Cosign to verify OpenTofu install | ||
| uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 | ||
| - name: Install OpenTofu |
There was a problem hiding this comment.
Apologies, I'm realizing these names are more correct:
| - name: Install Cosign to verify OpenTofu install | |
| uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 | |
| - name: Install OpenTofu | |
| - name: Install Cosign to verify tenv and tofu installs | |
| uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2 | |
| - name: Install tenv |
.github/workflows/deploy-all.yml
Outdated
| - name: Terraform Apply | ||
| - name: OpenTofu Apply | ||
| run: | | ||
| cd terraform/${{ env.RELEASE_ENV }} |
There was a problem hiding this comment.
Add working-directory to this step and drop the cd command.
Co-authored-by: Sean Fern <[email protected]>
Co-authored-by: Sean Fern <[email protected]>
Co-authored-by: Sean Fern <[email protected]>
Co-authored-by: Sean Fern <[email protected]>
.github/workflows/deploy-all.yml
Outdated
| contents: read | ||
|
|
||
| env: | ||
| TENV_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
🎫 Ticket
https://jira.cms.gov/browse/PLT-1340
🛠 Changes
Removed terraform commands. Added opentofu commands.
ℹ️ Context
To standardize on Opentofu.
🧪 Validation
Validated by running the bcda-app Deploy-All workflow: https://github.com/CMSgov/bcda-app/actions/runs/17836121473/job/50713768183