Skip to content

terraform, aws: simplify resource tagging by using aws provider's def… #2

terraform, aws: simplify resource tagging by using aws provider's def…

terraform, aws: simplify resource tagging by using aws provider's def… #2

name: Ensure Uptime Checks
on:
push:
branches:
- main
paths:
# Config of prometheus or hubs might have changed
- helm-charts/**
# Hubs & clusters might be added or removed
- config/clusters/**
# The terraform code for the checks might have changed
- terraform/uptime-checks/**
# The way terraform is deployed might have changed!
- .github/workflows/ensure-uptime-checks.yaml
# Queue executions of this workflow to avoid conflicts
# ref: https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency: ${{ github.workflow }}
# This environment variable triggers the deployer to colourise print statements in the
# GitHub Actions logs for easy reading
env:
TERM: xterm
jobs:
ensure-uptime-checks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Uptime checks are set up and managed via terraform
- uses: hashicorp/setup-terraform@v3
# We use sops to store encrypted GCP ServiceAccount Key that terraform uses
# to run, as well as PagerDuty config terraform uses
- name: Install sops
uses: mdgreenwald/[email protected]
# Authenticate with the correct KMS key that sops will use.
- name: Setup sops credentials to decrypt repo secrets
uses: google-github-actions/auth@v2
with:
credentials_json: "${{ secrets.GCP_KMS_DECRYPTOR_KEY }}"
- name: ensure uptime checks are set up
run: |
cd terraform/uptime-checks
# Decrypt the GCP ServiceAccount key with permissions to run terraform
sops -d secret/enc-service-account-key.secret.json > service-account-key.json
export GOOGLE_APPLICATION_CREDENTIALS=service-account-key.json
# Setup Terraform
terraform init
# Run terraform automatically
terraform apply -auto-approve