Skip to content
Infrastructure CI/CD pipeline

Update the workflow #40

Sign in to view logs

Update the workflow

Update the workflow #40

Workflow file for this run

.github/workflows/infra-pipeline.yml at 313c17d
name: Infrastructure CI/CD pipeline
on:
push:
branches: [ "main" ]
paths-ignore: ["**/*.md"]
pull_request:
branches: [ "main" ]
paths-ignore: ["**/*.md"]
workflow_dispatch:
jobs:
terraform:
env:
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
TF_VAR_ssh_pub_key_file: "./id_rsa.pub"
TF_VAR_admin_user: "ubuntu"
defaults:
run:
working-directory: ./infrastructure
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Init
run: |
terraform init
- name: Validate
run: |
terraform validate
- name: Install tfsec for scanning
run:
go install github.com/aquasecurity/tfsec/cmd/tfsec@latest > /dev/null 2>&1
- name: scan
run: |
export PATH=$PATH:$HOME/go/bin
tfsec
continue-on-error: true
- name: setup SSH
run: |
echo ${{ secrets.SSH_PUB_KEY }} > ./id_rsa.pub
chmod 600 ./id_rsa.pub
- name: plan
run: |
terraform plan
- name: apply
if: github.event_name == 'push'
run: |
terraform apply -auto-approve
- name: save azure VMs public ip address
if: github.event_name == 'push'
run: terraform output > virtual_machines.ini
- name: Upload virtual_machines.ini
if: github.event_name == 'push'
uses: actions/upload-artifact@v4
with:
name: virtual machines ip address
path: ./infrastructure/virtual_machines.ini
retention-days: 1
ansible:
env:
ANSIBLE_HOST_KEY_CHECKING: False
defaults:
run:
working-directory: ./configs
runs-on: ubuntu-latest
needs: terraform
steps:
- uses: actions/checkout@v4
- name: Setup SSH
run: |
cat << EOF > ./id_rsa
${{ secrets.SSH_PRIVATE_KEY}}
EOF
chmod 600 ./id_rsa
- name: Install ansible
run: |
sudo apt update > /dev/null 2>&1
sudo apt install ansible -y > /dev/null 2>&1
- name: Download virtual_machines.ini
uses: actions/download-artifact@v4
with:
name: virtual machines ip address
path: ./configs
- name: set the required environments
run: |
cat << EOF > .env
ROOT_PASSWD=${{ secrets.GITLAB_ROOT_PASSWD }}
RUNNER_REGISTRATION_TOKEN=${{ secrets.GITLAB_RUNNER_REGISTRATION_TOKEN }}
EOF
cat << EOF > inventory.ini
[gitlab-instance]
$(cat virtual_machines.ini | grep main_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n') ansible_user=ubuntu ansible_ssh_private_key_file=./id_rsa
[gitlab-runner]
$(cat virtual_machines.ini | grep runner_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n') ansible_user=ubuntu ansible_ssh_private_key_file=./id_rsa
EOF
cat inventory.ini
cat << EOF > gitlab.rb
external_url 'http://$(cat virtual_machines.ini | grep main_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n')'
gitlab_rails['initial_root_password'] = "${{ secrets.GITLAB_ROOT_PASSWD }}"
gitlab_rails['initial_shared_runners_registration_token'] = "${{ secrets.GITLAB_RUNNER_REGISTRATION_TOKEN }}"
EOF
cat gitlab.rb
- name: test
run: |
ls -l id_rsa
ssh-keygen -l -f id_rsa
continue-on-error: true
- name: Run GitLab instance playbook
run: ssh -o StrictHostKeyChecking=no -i id_rsa ubuntu@$(cat virtual_machines.ini | grep main_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n')
continue-on-error: true
- name: test
run: ansible-playbook -i inventory.ini Gitlab-instance.yml