-
Notifications
You must be signed in to change notification settings - Fork 0
83 lines (78 loc) · 2.96 KB
/
akamai_pm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: Akamai Property Manager
on:
workflow_dispatch:
inputs:
environment:
description: 'Environment: dev, qa, prod. Default is dev'
required: true
default: 'dev'
type: choice
options:
- dev
- qa
- prod
push:
branches:
- main
paths:
- 'rules.tf'
env:
TF_VAR_akamai_client_secret: "${{ secrets.AKAMAI_CREDENTIAL_CLIENT_SECRET }}"
TF_VAR_akamai_host: "${{ secrets.AKAMAI_CREDENTIAL_HOST }}"
TF_VAR_akamai_access_token: "${{ secrets.AKAMAI_CREDENTIAL_ACCESS_TOKEN }}"
TF_VAR_akamai_client_token: "${{ secrets.AKAMAI_CREDENTIAL_CLIENT_TOKEN }}"
TF_VAR_akamai_account_key: "${{ secrets.AKAMAI_ACCOUNT_KEY}}"
TF_VAR_version_notes: "${{ github.repository }} run #${{ github.run_number }} Commit ${{ github.sha }}"
ENV: ${{ inputs.environment }}
jobs:
tf-property-update:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
# Install Python requirements
- name: Install Python Dependencies
uses: py-actions/py-dependency-install@v4
with:
path: "./scripts/requirements.txt"
# Get any values required by TF. For example key ID stored in Akamai Cloud Access Manager
- name: Get CAM key GUID
run: |
export CAM_KEY_ID=$(grep 'cam_key_id' ./environments/$ENV.tfvars | awk -F'"' '{print $2}')
# Get the latest active in production CAM key GUID.
echo -e "\n$(python3 ./scripts/ak_get_cam_key_guid.py $CAM_KEY_ID)" >> ./environments/$ENV.tfvars
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.4.7
- name: Add Linode S3 Backend for Terraform
run: |
echo $TF_VAR_activation_notes
cat << EOF > ./backend
skip_credentials_validation=true
skip_region_validation=true
bucket="${{ secrets.LINODE_OBJECT_STORAGE_BUCKET }}"
key="$ENV-terraform.tfstate"
region="us-mia-1"
endpoint="us-mia-1.linodeobjects.com"
access_key="${{ secrets.LINODE_OBJECT_STORAGE_ACCESS_KEY }}"
secret_key="${{ secrets.LINODE_OBJECT_STORAGE_SECRET_KEY }}"
EOF
- name: Terraform Init
run: terraform init -backend-config=backend
# The import step is optional and used only once to import existing resources to TF.
- name: Terraform Import
run: sh import.sh $ENV
- name: Terraform Validate
run: terraform validate -no-color
- name: Terraform Apply Changes
run: |
terraform plan -var-file=./environments/$ENV.tfvars -out=tfplan
terraform show -json tfplan > tfplan.json
- name: Terraform Apply Changes
run: terraform apply -var-file=./environments/$ENV.tfvars -auto-approve
- name: Store Rule Tree as Artifact
uses: actions/upload-artifact@v4
with:
name: Rule-Tree
path: tfplan.json