.github/workflows/terraform.yml

name: Workflow for deploying and destroying an ACR or AKS or EKS, as well as installing or uninstalling Helm charts on those Kubernetes clusters

on:
  workflow_dispatch:
    inputs:
      INFRASTRUCTURE_OPERATIONS:
        type: choice
        options: [ 'storage-account-backend-deploy', 'k8s-service-deploy', 'k8s-service-destroy', 'helm-charts-install', 'helm-charts-uninstall' ]
        default: k8s-service-deploy
        description: 'Infrastructure operations: [ storage-account-backend-deploy, k8s-service-deploy, k8s-service-destroy, helm-charts-install, helm-charts-uninstall ]'
      GITOPS_TOOL:
        type: choice
        options: [ 'argocd', 'fluxcd' ]
        default: 
        description: 'Select GitOps tool: [ argocd, fluxcd ]'
      ENVIRONMENT:
        type: choice
        options: [ 'sbx' ]
        default: sbx
        description: 'Environment on which to deploy: [ sbx ]. Dev, staging, prod environments not considered'
env:
  ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
  ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}'
  ARM_CLIENT_ID: '${{ secrets.ARM_CLIENT_ID }}'
  ARM_CLIENT_SECRET: '${{ secrets.ARM_CLIENT_SECRET }}'

jobs:
  deploy-tf-backend:
    runs-on: ubuntu-latest
    if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'storage-account-backend-deploy' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@master
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v3  
      - name: Terraform Init
        run: terraform init # should be only deployed once. Ensure to manually destroy the ACR in the Azure Portal Web UI
        working-directory: ./devops/terraform
      - name: Deploy Storage Account backend
        run: terraform apply --auto-approve
        continue-on-error: false
        working-directory: ./devops/terraform
  tf-k8s-service-operations:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@master
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-deploy' || github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-destroy' }}
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v3  
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-deploy' || github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-destroy' }}
      - name: Terraform Init # requires a Storage Account backend deployed trough storage-account-backend-deploy workflow step
        run: |
          terraform init \
          -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \
          -backend-config="storage_account_name=gftfbesbxsa001" \
          -backend-config="resource_group_name=gftfbe-sbx-rg001" \
          -backend-config="container_name=gftfbesbxsac001" \
          -backend-config="key=sbx-k8s-service-deployment/terraform.tfstate"
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-deployment
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-deploy' || github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-destroy' }}
      - name: Deploy Kubernetes service and related resources
        run: terraform apply --auto-approve
        continue-on-error: false
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-deployment
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-deploy' }}
      - name: Destroy Kubernetes service and related resources
        run: terraform destroy --auto-approve
        continue-on-error: false
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-deployment
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-destroy' }}
  tf-helm-charts-operations:
    runs-on: ubuntu-latest
    needs: tf-k8s-service-operations
    if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-deploy' || github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'helm-charts-install' || github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'helm-charts-uninstall' }}
    steps:
      - name: Checkout code
        uses: actions/checkout@master
      - name: Set up Terraform
        uses: hashicorp/setup-terraform@v3  
      - name: Download the ~/.kube/config
        shell: bash
        run: |
          terraform init \
          -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \
          -backend-config="storage_account_name=gftfbesbxsa001" \
          -backend-config="resource_group_name=gftfbe-sbx-rg001" \
          -backend-config="container_name=gftfbesbxsac001" \
          -backend-config="key=sbx-k8s-service-deployment/terraform.tfstate"

          terraform output aks_kube_config_list | awk '/^  apiVersion:/,/^  EOT,$/' | sed 's/^  //' > ./config
          mkdir -vp ~/.kube
          head -n -3 ./config > ~/.kube/config
          cat ~/.kube/config
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-deployment
      - name: Terraform Init # requires a Storage Account backend deployed trough storage-account-backend-deploy workflow step
        run: |
          terraform init \
          -backend-config="subscription_id=${{ env.ARM_SUBSCRIPTION_ID }}" \
          -backend-config="storage_account_name=gftfbesbxsa001" \
          -backend-config="resource_group_name=gftfbe-sbx-rg001" \
          -backend-config="container_name=gftfbesbxsac001" \
          -backend-config="key=sbx-k8s-service-configuration/terraform.tfstate"
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-configuration
      - name: Install helm charts
        shell: bash
        run: terraform apply --auto-approve
        continue-on-error: false
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-configuration
        env:
          TF_VAR_acr_username: "${{ secrets.ACR_USERNAME }}"
          TF_VAR_acr_password: "${{ secrets.ACR_PASSWORD }}"
          TF_VAR_acr_login_server_name: "${{ secrets.ACR_LOGIN_SERVER_NAME }}"
          TF_VAR_gitops_tool: "${{ github.event.inputs.GITOPS_TOOL }}"
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'helm-charts-install' || github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'k8s-service-deploy' }}
      - name: Uninstall helm charts
        run: terraform destroy --auto-approve
        continue-on-error: false
        working-directory: ./terraform/envs/${{ github.event.inputs.ENVIRONMENT }}-k8s-configuration
        if: ${{ github.event.inputs.INFRASTRUCTURE_OPERATIONS == 'helm-charts-uninstall' }}