updated action

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: '[BUG]'
+labels: 'bug'
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: "[FEATURE]"
+labels: enhancement
+assignees: ''
+
+---
+
+**Feature Description**
+A clear and concise description of what you want to happen.
+
+**Example(s)**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Possible Approaches or Libraries to Consider**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,15 @@
+---
+name: Question
+about: Pose a question to the StackQL team
+title: "[QUESTION]"
+labels: question
+assignees: ''
+
+---
+
+
+## Question
+
+This channel is an opportunity to ask ad-hoc questions to the `stackql` team.  This channel is in lieu of an official platform for ongoing discussions and questions.  Please ask your question :)
+
+**Note**: Questions over github issues will be deprecated and retired once we settle on a platform / process ongoing.

.github/workflows/stackql-deploy-actions-test.yml

@@ -0,0 +1,24 @@
+name: Test StackQL Deploy Action
+
+on:
+  push:
+    branches:
+      - main
+jobs:
+  stackql-actions-test:
+    name: StackQL Actions Test
+    runs-on: ubuntu-latest
+    env:
+      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }}
+
+    steps:
+      - name: Checkout
+        uses: actions/[email protected]
+
+      - name: Run StackQL Deploy Action
+        uses: ./
+        with:
+          command: 'test'
+          stack_dir: 'examples/k8s-the-hard-way'
+          stack_env: 'dev'
+          env_vars: 'GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo'

README.md

@@ -1,2 +1,62 @@
-# stackql-deploy-action
-Runs stackql-deploy in your GitHub Actions workflow.
+[![StackQL Deploy Actions Test](https://github.com/stackql/stackql-deploy/actions/workflows/stackql-deploy-actions-test.yml/badge.svg)](https://github.com/stackql/stackql-deploy/actions/workflows/stackql-deploy-actions-test.yml)
+
+# stackql-deploy
+Github Action to execute `stackql-deploy` to deploy or test a stack.  [`stackql-deploy`](https://github.com/stackql/stackql-deploy) is a declarative, state-file-less IaC framework, based upon [`stackql`](https://github.com/stackql/stackql) queries.
+
+# Usage
+
+## Provider Authentication
+Authentication to StackQL providers is done via environment variables source from GitHub Actions Secrets.  To learn more about authentication, see the setup instructions for your provider or providers at the [StackQL Provider Registry Docs](https://stackql.io/registry).  
+
+## Inputs
+- **`command`** - stackql-deploy command to run (__`build`__ or __`test`__)
+- **`stack_dir`** - repo directory containing `stackql_manifest.yml` and `resources` dir
+- **`stack_env`** - environment to deploy or test (e.g., `dev`, `prod`)
+- **`env_vars`** - (optional) environment variables or secrets imported into a stack (format: __`KEY=value,KEY2=value2`__)
+- **`env_file`** - (optional) environment variables sourced from a file 
+- **`show_queries`** - (optional) show queries run in the output logs
+- **`log_level`** - (optional) set the logging level (__`INFO`__ or __`DEBUG`__, defaults to __`INFO`__)
+- **`dry_run`** - (optional) perform a dry run of the operation
+- **`custom_registry`** - (optional) custom registry URL to be used for stackql
+- **`on_failure`** - (optional) action on failure (*not implemented yet*)
+
+## Examples
+
+### Deploy a stack
+
+this example shows how to build a stack (`examples/k8s-the-hard-way`) for a `dev` environment:
+
+```yaml
+...
+jobs:
+  stackql-actions-test:
+    name: StackQL Actions Test
+    runs-on: ubuntu-latest
+    env:
+      GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} # add additional cloud provider creds here as needed
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Deploy a Stack
+        uses: stackql/[email protected]
+        with:
+          command: 'build'
+          stack-dir: 'examples/k8s-the-hard-way'
+          stack-env: 'dev'
+          env-vars: 'GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo'
+```
+
+this example shows how to test stack for a given environment:
+
+```yaml
+...
+      - name: Test a Stack
+        uses: stackql/[email protected]
+        with:
+          command: 'test'
+          stack-dir: 'examples/k8s-the-hard-way'
+          stack-env: 'sit'
+          env-vars: 'GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo'
+```

action.yml

@@ -0,0 +1,84 @@
+name: 'stackql-deploy'
+description: 'Deploy and test stacks using stackql-deploy'
+inputs:
+  command:
+    description: 'stackql-deploy command to run (`build` or `test`)'
+    required: true
+  stack_dir:
+    description: 'repo directory containing `stackql_manifest.yml` and `resources` dir'
+    required: true
+  stack_env:
+    description: 'environment to deploy or test (e.g., `dev`, `prod`)'
+    required: true
+  env_vars:
+    description: 'environment variables or secrets imported into a stack (format: `KEY=value,KEY2=value2`)'
+    required: false
+  env_file:
+    description: 'environment variables sourced from a file'
+    required: false
+  show_queries:
+    description: 'show queries run in the output logs'
+    required: false
+  log_level:
+    description: 'set the logging level (`INFO` or `DEBUG`, defaults to `INFO`)'
+    required: false    
+  dry_run:
+    description: 'perform a dry run of the operation'
+    required: false
+  custom_registry:
+    description: 'custom registry URL to be used for stackql'
+    required: false
+  on_failure:
+    description: 'action on failure'
+    required: false        
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Install Python
+      uses: actions/[email protected]
+      with:
+        python-version: '3.10'  
+
+    - name: Install stackql-deploy
+      shell: bash
+      run: pip install -q stackql-deploy pyyaml || { echo "pip install failed"; exit 1; }
+
+    - name: Run stackql-deploy
+      shell: bash
+      run: |
+        ENV_OPTS=""
+        if [ -n "${{ inputs.env_vars }}" ]; then
+          IFS=',' read -r -a env_array <<< "${{ inputs.env_vars }}"
+          for env_var in "${env_array[@]}"; do
+            ENV_OPTS+=" -e $env_var"
+          done
+        fi
+
+        STACKQL_DEPLOY_CMD="stackql-deploy ${{ inputs.command }} ${{ inputs.stack_dir }} ${{ inputs.stack_env }}"
+
+        if [ -n "${{ inputs.env_file }}" ]; then
+          STACKQL_DEPLOY_CMD+=" --env-file ${{ inputs.env_file }}"
+        fi
+        if [ "${{ inputs.show_queries }}" == "true" ]; then
+          STACKQL_DEPLOY_CMD+=" --show-queries"
+        fi
+        if [ -n "${{ inputs.log_level }}" ]; then
+          STACKQL_DEPLOY_CMD+=" --log-level ${{ inputs.log_level }}"
+        fi
+        if [ "${{ inputs.dry_run }}" == "true" ]; then
+          STACKQL_DEPLOY_CMD+=" --dry-run"
+        fi
+        if [ -n "${{ inputs.custom_registry }}" ]; then
+          STACKQL_DEPLOY_CMD+=" --custom-registry ${{ inputs.custom_registry }}"
+        fi
+        if [ -n "${{ inputs.on_failure }}" ]; then
+          STACKQL_DEPLOY_CMD+=" --on-failure ${{ inputs.on_failure }}"
+        fi
+
+        echo "executing: $STACKQL_DEPLOY_CMD $ENV_OPTS"
+        $STACKQL_DEPLOY_CMD $ENV_OPTS
+
+branding:
+  icon: 'server'
+  color: 'blue'

examples/k8s-the-hard-way/README.md

@@ -0,0 +1,57 @@
+# example `stackql-deploy` stack
+
+Based upon the [Kubernetes the Hard Way](https://github.com/kelseyhightower/kubernetes-the-hard-way) project.
+
+## about `stackql-deploy`
+
+[`stackql-deploy`](https://pypi.org/project/stackql-deploy/) is a multi cloud deployment automation and testing framework which is an alternative to Terraform or similar IaC tools.  `stackql-deploy` uses a declarative model/ELT based approach to cloud resource deployment (inspired by [`dbt`](https://www.getdbt.com/)).  Advantages of `stackql-deploy` include:
+
+- declarative framework
+- no state file (state is determined from the target environment)
+- multi-cloud/omni-cloud ready
+- includes resource tests which can include secure config tests
+
+## instaling `stackql-deploy`
+
+`stackql-deploy` is installed as a python based CLI using...
+
+```bash
+pip install stackql-deploy
+```
+
+## getting started with `stackql-deploy`
+
+Once installed, use the `init` command to scaffold a sample project directory to get started:
+
+```bash
+stackql-deploy init k8s-the-hard-way
+```
+
+this will create a directory named `k8s-the-hard-way` which can be updated for your stack, as you can see in this project.
+
+## deploying using `stackql-deploy`
+
+```bash
+export GOOGLE_CREDENTIALS=$(cat ./creds.json)
+# deploy a stack
+stackql-deploy build \
+k8s-the-hard-way \
+dev \
+-e GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo \
+--dry-run \
+--log-leve DEBUG
+
+# test a stack
+stackql-deploy test \
+examples/k8s-the-hard-way \
+dev \
+-e GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo \
+--dry-run
+
+# teardown a stack
+stackql-deploy teardown \
+k8s-the-hard-way \
+dev \
+-e GOOGLE_PROJECT=stackql-k8s-the-hard-way-demo \
+--dry-run
+```

examples/k8s-the-hard-way/resources/firewalls.iql

@@ -0,0 +1,33 @@
+/*+ preflight */
+SELECT COUNT(*) as count FROM google.compute.firewalls
+WHERE project = '{{ project }}'
+AND name = '{{ fw_name }}'
+
+/*+ create */
+INSERT INTO google.compute.firewalls
+(
+ project,
+ data__name,
+ data__network,
+ data__direction,
+ data__sourceRanges,
+ data__allowed
+) 
+SELECT
+ '{{ project }}',
+ '{{ fw_name}}',
+ '{{ vpc_link }}',
+ '{{ fw_direction }}',
+ '{{ fw_source_ranges }}',
+ '{{ fw_allowed }}'
+
+/*+ postdeploy, retries=5, retry_delay=10 */
+SELECT COUNT(*) as count FROM google.compute.firewalls
+WHERE project = '{{ project }}'
+AND name = '{{ fw_name }}'
+AND network = '{{ vpc_link }}'
+
+/*+ delete, retries=20, retry_delay=10 */
+DELETE FROM google.compute.firewalls
+WHERE project = '{{ project }}'
+AND firewall = '{{ fw_name }}'

examples/k8s-the-hard-way/resources/forwarding_rule.iql

@@ -0,0 +1,36 @@
+/*+ preflight */
+SELECT COUNT(*) as count FROM google.compute.forwarding_rules
+WHERE region = '{{ region }}' 
+AND project = '{{ project }}'
+AND forwardingRule = '{{ forwarding_rule_name }}'
+
+/*+ create */
+INSERT INTO google.compute.forwarding_rules(
+  project,
+  region,
+  data__name,
+  data__IPAddress,
+  data__loadBalancingScheme,
+  data__portRange,
+  data__target
+)
+SELECT
+  '{{ project }}',
+  '{{ region }}',
+  '{{ forwarding_rule_name }}',
+  '{{ address }}',
+  '{{ forwarding_rule_load_balancing_scheme }}',
+  '{{ forwarding_rule_port_range }}',
+  '{{ target_pool_link }}'
+
+/*+ postdeploy, retries=5, retry_delay=10 */
+SELECT COUNT(*) as count FROM google.compute.forwarding_rules
+WHERE region = '{{ region }}' 
+AND project = '{{ project }}'
+AND forwardingRule = '{{ forwarding_rule_name }}'
+
+/*+ delete, retries=20, retry_delay=10 */
+DELETE FROM google.compute.forwarding_rules
+WHERE project = '{{ project }}'
+  AND region = '{{ region }}'
+  AND forwardingRule = '{{ forwarding_rule_name }}'

examples/k8s-the-hard-way/resources/get_controller_instances.iql

@@ -0,0 +1,6 @@
+/*+ exports */
+SELECT JSON_GROUP_ARRAY(json_object('instance', selfLink)) as controller_instances
+FROM google.compute.instances 
+WHERE project = '{{ project }}'
+AND zone = '{{ default_zone }}'
+AND name like '%-{{ stack_env }}-controller-%'