-
Notifications
You must be signed in to change notification settings - Fork 0
93 lines (75 loc) · 2.64 KB
/
oci-cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Name of the workflow
name: 'Execute OCI Pipeline'
on:
# This workflow is triggered manually
workflow_dispatch:
# Define permissions for this workflow
permissions:
# Only read access to the contents is needed
contents: read
# Define jobs in this workflow
jobs:
# Define a job for Terraform actions
terraform:
# Name of the job
name: 'Terraform OCI Pipeline'
# Define the type of runner that the job will run on
runs-on: ubuntu-latest
# Define the environment in which the job will run
environment: production
# Set default options for steps in this job
defaults:
run:
# Use the bash shell
shell: bash
# Define steps for this job
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT_TOKEN }}
# Setup Node.js environment with a specific version
- name: Node Setup
uses: actions/setup-node@v3
with:
node-version: '16'
# Setup Terraform CLI on the runner
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Populate the private key file
- name: Setup SSH Private Key
run: |
echo "${{ secrets.PKEY }}" > pkey.pem
chmod 600 pkey.pem
echo "TF_VAR_pkey_path=$(pwd)/pkey.pem" >> $GITHUB_ENV
# Set up Terraform variables from GitHub Secrets
- name: Setup Terraform Vars
run: |
echo "TF_VAR_tenancy_ocid=${{ secrets.TENANCY_OCID }}" >> $GITHUB_ENV
echo "TF_VAR_user_ocid=${{ secrets.USER_OCID }}" >> $GITHUB_ENV
echo "TF_VAR_fp=${{ secrets.FP }}" >> $GITHUB_ENV
echo "TF_VAR_ssh_pub_key=${{ secrets.SSH_PUB_KEY }}" >> $GITHUB_ENV
# Initialise Terraform
- name: Terraform Init
run: terraform init
# Generate an execution plan for Terraform
- name: Terraform Plan
run: terraform plan
# Apply the changes required to reach the desired state of the configuration
- name: Terraform Apply
id: apply
continue-on-error: true
run: terraform apply -auto-approve
# Check if Terraform Apply failed and set an output variable
- name: Check Terraform Apply Outcome
id: check
run: echo "apply_failed=${{ steps.apply.outcome == 'failure' }}" >> $GITHUB_ENV
# Destroy if Terraform Apply failed
- name: Terraform Destroy
if: env.apply_failed == 'true'
id: failure-handler
run: |
echo "Terraform Apply failed. Initiating cleanup..."
terraform destroy -auto-approve
echo "cleanup_done=true" >> $GITHUB_ENV