Update workflow #68

Workflow file for this run

.github/workflows/infra-pipeline.yml at 057d155

	name: Infrastructure CI/CD pipeline

	on:
	push:
	branches: [ "main" ]
	paths-ignore: ["*/.md"]

	pull_request:
	branches: [ "main" ]
	paths-ignore: ["*/.md"]
	workflow_dispatch:

	jobs:
	validate-plan:
	env:
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
	TF_VAR_ssh_pub_key_file: "./id_rsa.pub"
	TF_VAR_admin_user: "ubuntu"
	defaults:
	run:
	working-directory: ./infrastructure
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v4

	- name: Init
	run: \|
	terraform init

	- name: Validate
	run: \|
	terraform validate

	- name: setup SSH
	run: \|
	echo ${{ secrets.SSH_PUB_KEY }} > ./id_rsa.pub
	chmod 600 ./id_rsa.pub

	- name: plan
	run: \|
	terraform plan

	Scan:
	env:
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
	TF_VAR_ssh_pub_key_file: "./id_rsa.pub"
	TF_VAR_admin_user: "ubuntu"
	defaults:
	run:
	working-directory: ./infrastructure
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v4

	- name: Install tfsec for scanning
	run:
	go install github.com/aquasecurity/tfsec/cmd/tfsec@latest > /dev/null 2>&1

	- name: scan
	run: \|
	export PATH=$PATH:$HOME/go/bin
	tfsec
	continue-on-error: true

	Apply:
	env:
	ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
	ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
	ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
	TF_VAR_ssh_pub_key_file: "./id_rsa.pub"
	TF_VAR_admin_user: "ubuntu"
	defaults:
	run:
	working-directory: ./infrastructure
	if: github.event_name == 'push'
	needs: [validate-plan, Scan]
	runs-on: ubuntu-22.04
	steps:
	- uses: actions/checkout@v4

	- name: Init
	run: terraform init

	- name: setup SSH
	run: \|
	echo ${{ secrets.SSH_PUB_KEY }} > ./id_rsa.pub
	chmod 600 ./id_rsa.pub

	- name: apply
	run: terraform apply -auto-approve

	- name: save azure VMs public ip address
	run: terraform output > virtual_machines.ini

	- name: Upload virtual_machines.ini
	uses: actions/upload-artifact@v4
	with:
	name: virtual machines ip address
	path: ./infrastructure/virtual_machines.ini
	retention-days: 1

	Configure-GitLab-EE:
	env:
	ANSIBLE_HOST_KEY_CHECKING: False
	defaults:
	run:
	working-directory: ./playbooks
	if: github.event_name == 'push'
	runs-on: ubuntu-22.04
	needs: Apply
	steps:
	- uses: actions/checkout@v4

	- name: Setup SSH
	run: \|
	cat << EOF > ./id_rsa
	${{ secrets.SSH_PRIVATE_KEY}}
	EOF
	chmod 600 ./id_rsa

	- name: Install ansible
	run: \|
	sudo apt update > /dev/null 2>&1
	sudo apt install ansible -y > /dev/null 2>&1

	- name: Download virtual_machines.ini
	uses: actions/download-artifact@v4
	with:
	name: virtual machines ip address
	path: ./playbooks

	- name: set the required environments
	run: \|
	cat << EOF > .env
	ROOT_PASSWD=${{ secrets.GITLAB_ROOT_PASSWD }}
	RUNNER_REGISTRATION_TOKEN=${{ secrets.GITLAB_RUNNER_REGISTRATION_TOKEN }}
	GITLAB_URL=http://$(cat virtual_machines.ini \| grep main_vm \| awk -F' = "' '{print $2}' \| sed 's/"$//' \| tr -d '\n')
	EOF
	cat << EOF > inventory.ini
	[gitlab-instance]
	$(cat virtual_machines.ini \| grep main_vm \| awk -F' = "' '{print $2}' \| sed 's/"$//' \| tr -d '\n') ansible_user=ubuntu ansible_ssh_private_key_file=./id_rsa
	[gitlab-runner]
	$(cat virtual_machines.ini \| grep runner_vm \| awk -F' = "' '{print $2}' \| sed 's/"$//' \| tr -d '\n') ansible_user=ubuntu ansible_ssh_private_key_file=./id_rsa
	EOF
	cat << EOF > gitlab.rb
	external_url 'http://$(cat virtual_machines.ini \| grep main_vm \| awk -F' = "' '{print $2}' \| sed 's/"$//' \| tr -d '\n')'
	gitlab_rails['initial_root_password'] = "${{ secrets.GITLAB_ROOT_PASSWD }}"
	gitlab_rails['initial_shared_runners_registration_token'] = "${{ secrets.GITLAB_RUNNER_REGISTRATION_TOKEN }}"
	# Enable Prometheus monitoring
	prometheus['enable'] = true
	prometheus['listen_address'] = '0.0.0.0:9090'

	# Enable Node Exporter for system metrics
	node_exporter['enable'] = true
	node_exporter['listen_address'] = '0.0.0.0:9100'

	# Enable Redis Exporter
	redis_exporter['enable'] = true
	redis_exporter['listen_address'] = '0.0.0.0:9121'

	# Enable Postgres Exporter
	postgres_exporter['enable'] = true
	postgres_exporter['listen_address'] = '0.0.0.0:9187'

	# Enable GitLab Exporter
	gitlab_exporter['enable'] = true
	gitlab_exporter['listen_address'] = '0.0.0.0:9168'
	EOF

	- name: Configure GitLab EE
	run: ansible-playbook -i inventory.ini Gitlab-instance.yml

	- name: Configure GitLab Runner
	run: ansible-playbook -i inventory.ini Gitlab-runner.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update workflow #68

Workflow file

Update workflow #68

Jobs

Run details

Workflow file for this run