Infra

Infra #27

Workflow file for this run

.github/workflows/infra-setup.yml at 22dfc83

	name: Infra

	on:
	workflow_dispatch:
	inputs:
	tf-extra-args:
	type: string
	default: ""
	description: Extra args for terraform
	push:
	tags: ["*"]

	permissions:
	contents: read
	packages: write
	id-token: write
	security-events: write

	env:
	# ANSIBLE
	ANSIBLE_HOST_KEY_CHECKING: 'false'
	ANSIBLE_FORCE_COLOR: 'true'
	ANSIBLE_PIPELINING: 'true'
	ANSIBLE_GATHERING: smart
	ANSIBLE_FORKS: 12
	ANSIBLE_STDOUT_CALLBACK: yaml
	ANSIBLE_CALLBACKS_ENABLED: timer,profile_tasks,profile_roles
	ANSIBLE_LOOKUP_PLUGINS: '{{ ANSIBLE_HOME ~ "/plugins/lookup:/usr/share/ansible/plugins/lookup":/app/playbooks/lookup_plugins ${{ github.workspace }}/playbooks/lookup_plugins }}'

	jobs:
	k8s-infra:
	runs-on: ubuntu-latest
	environment: default
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	repository: hegerdes/ansible-playbooks
	path: playbooks
	token: ${{ secrets.ORG_GITHUB_PAT }}

	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	repository: hegerdes/inventories
	path: inventories
	token: ${{ secrets.ORG_GITHUB_PAT }}

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v3

	- name: Log in with Azure
	uses: azure/login@v1
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Setting up vars
	run: \|
	# Provison infra
	echo "Setting up secrets and agents"
	mkdir -p ~/.ssh
	chmod 700 -R ~/.ssh
	az keyvault secret show --vault-name ${{ github.repository_owner }} --name ssh-rsa-${{ github.repository_owner }}-pub \
	\| jq -r .value \| base64 -d > ~/.ssh/id_rsa.pub
	az keyvault secret show --vault-name ${{ github.repository_owner }} --name ssh-25519-ci-pub \
	\| jq -r .value \| base64 -d > ~/.ssh/cloud-test.pub
	HCLOUD_TOKEN=$(az keyvault secret show --vault-name ${{ github.repository_owner }} --name hcloud-k8s-token \| jq -r .value)
	echo "::add-mask::$HCLOUD_TOKEN"
	echo "HCLOUD_TOKEN=$HCLOUD_TOKEN" >> "$GITHUB_ENV"

	- name: Run Terraform
	working-directory: inventories/hetzner-test/terraform
	run: \|
	terraform --version
	terraform init
	terraform plan ${{ inputs.tf-extra-args \|\| '' }} -out plan.infra
	terraform apply -auto-approve plan.infra
	env:
	ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
	ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}

	- name: Upload Artifacts
	uses: actions/upload-artifact@v3
	with:
	name: terraform-output
	path: inventories/hetzner-test/terraform/outputs

	- name: Azure Logout
	continue-on-error: true
	run: \|
	az logout
	az cache purge
	az account clear

	k8s-bootstab:
	runs-on: ubuntu-latest
	if: ${{ success() && inputs.tf-extra-args != '-destroy' }}
	needs: k8s-infra
	environment: default
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	repository: hegerdes/ansible-playbooks
	path: playbooks
	token: ${{ secrets.ORG_GITHUB_PAT }}

	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	repository: hegerdes/inventories
	path: inventories
	token: ${{ secrets.ORG_GITHUB_PAT }}

	- name: Download Artifacts
	uses: actions/download-artifact@v3
	with:
	name: terraform-output
	path: inventories/hetzner-test/terraform/outputs

	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: '3.11'
	cache: 'pip'
	cache-dependency-path: playbooks/requirements.txt

	- name: Log in with Azure
	uses: azure/login@v1
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	- name: Install Ansible
	working-directory: playbooks
	run: pip install -r requirements.txt && pip freeze

	- name: Setting up vars
	run: \|
	# Provison infra
	echo "Setting up secrets and agents"
	mkdir -p ~/.ssh
	chmod 700 -R ~/.ssh
	az keyvault secret show --vault-name ${{ github.repository_owner }} --name ssh-rsa-${{ github.repository_owner }}-pub \
	\| jq -r .value \| base64 -d > ~/.ssh/id_rsa.pub
	az keyvault secret show --vault-name ${{ github.repository_owner }} --name ssh-25519-ci-pub \
	\| jq -r .value \| base64 -d > ~/.ssh/cloud-test.pub
	HCLOUD_TOKEN=$(az keyvault secret show --vault-name ${{ github.repository_owner }} --name hcloud-k8s-token \| jq -r .value)
	echo "::add-mask::$HCLOUD_TOKEN"
	echo "HCLOUD_TOKEN=$HCLOUD_TOKEN" >> "$GITHUB_ENV"

	# - name: Run Docker image
	# continue-on-error: true
	# uses: docker://hegerdes/playbooks:latest
	# with:
	# entrypoint: ansible-playbook
	# args: --version

	- name: Run Ansible
	timeout-minutes: 30
	run: \|
	# Run ansible
	ansible --version
	eval $(ssh-agent -s) > /dev/null
	az keyvault secret show --vault-name ${{ github.repository_owner }} --name ssh-25519-ci-pvt \
	\| jq -r .value \| base64 -d \| tr -d '\r' \| ssh-add - > /dev/null
	echo "Will run playbook in this inventroy:"
	ansible-inventory -i inventories/hetzner-test/hcloud.yml --playbook-dir playbooks --graph
	echo "Starting playbook run..."
	time ansible-playbook -i inventories/hetzner-test/hcloud.yml playbooks/pb_k8s.yml

	- name: Setup tmate session
	uses: mxschmitt/action-tmate@v3
	if: failure()
	continue-on-error: true
	timeout-minutes: 15

	- name: Azure Logout
	continue-on-error: true
	run: \|
	az logout
	az cache purge
	az account clear

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Infra #27

Workflow file

Infra #27

Jobs

Run details

Workflow file for this run