diff --git a/.github/actions/rosa-cleanup-clusters/README.md b/.github/actions/rosa-cleanup-clusters/README.md
new file mode 100644
index 0000000..59c37cc
--- /dev/null
+++ b/.github/actions/rosa-cleanup-clusters/README.md
@@ -0,0 +1,43 @@
+# Delete ROSA Clusters
+
+## Description
+
+This GitHub Action automates the deletion of ROSA (Red Hat OpenShift Service on AWS) clusters using a shell script.
+
+
+## Inputs
+
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `tf-bucket` |
Bucket containing the clusters states
| `true` | `""` |
+| `tf-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION
| `false` | `""` |
+| `max-age-hours-cluster` | Maximum age of clusters in hours
| `false` | `20` |
+
+
+## Runs
+
+This action is a `composite` action.
+
+## Usage
+
+```yaml
+- uses: camunda/camunda-tf-rosa/.github/actions/rosa-cleanup-clusters@main
+ with:
+ tf-bucket:
+ # Bucket containing the clusters states
+ #
+ # Required: true
+ # Default: ""
+
+ tf-bucket-region:
+ # Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION
+ #
+ # Required: false
+ # Default: ""
+
+ max-age-hours-cluster:
+ # Maximum age of clusters in hours
+ #
+ # Required: false
+ # Default: 20
+```
diff --git a/.github/actions/rosa-cleanup-clusters/action.yml b/.github/actions/rosa-cleanup-clusters/action.yml
index 3e65342..a197477 100644
--- a/.github/actions/rosa-cleanup-clusters/action.yml
+++ b/.github/actions/rosa-cleanup-clusters/action.yml
@@ -1,28 +1,30 @@
+---
name: Delete ROSA Clusters
description: |
- This GitHub Action automates the deletion of ROSA (Red Hat OpenShift Service on AWS) clusters using a shell script.
+ This GitHub Action automates the deletion of ROSA (Red Hat OpenShift Service on AWS) clusters using a shell script.
inputs:
- tf-bucket:
- description: 'Bucket containing the clusters states'
- required: true
- tf-bucket-region:
- description: 'Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION'
- max-age-hours-cluster:
- description: 'Maximum age of clusters in hours'
- required: false
- default: "20"
+ tf-bucket:
+ description: Bucket containing the clusters states
+ required: true
+ tf-bucket-region:
+ description: Region of the bucket containing the resources states, if not set, will fallback on AWS_REGION
+ max-age-hours-cluster:
+ description: Maximum age of clusters in hours
+ required: false
+ default: '20'
runs:
- using: 'composite'
- steps:
- - name: Delete clusters
- id: delete_clusters
- shell: bash
- run: |
- if [ -n "${{ inputs.tf-bucket-region }}" ]; then
- export AWS_S3_REGION="${{ inputs.tf-bucket-region }}"
- fi
+ using: composite
+ steps:
+ - name: Delete clusters
+ id: delete_clusters
+ shell: bash
+ run: |
+ if [ -n "${{ inputs.tf-bucket-region }}" ]; then
+ export AWS_S3_REGION="${{ inputs.tf-bucket-region }}"
+ fi
- ${{ github.action_path }}/scripts/destroy-clusters.sh "${{ inputs.tf-bucket }}" ${{ github.action_path }}/../../../modules/rosa-hcp/ /tmp/rosa/ ${{ inputs.max-age-hours-cluster }}
+ ${{ github.action_path }}/scripts/destroy-clusters.sh "${{ inputs.tf-bucket }}" \
+ ${{ github.action_path }}/../../../modules/rosa-hcp/ /tmp/rosa/ ${{ inputs.max-age-hours-cluster }}
diff --git a/.github/actions/rosa-create-cluster/README.md b/.github/actions/rosa-create-cluster/README.md
index 07da879..1b83d59 100644
--- a/.github/actions/rosa-create-cluster/README.md
+++ b/.github/actions/rosa-create-cluster/README.md
@@ -1,68 +1,164 @@
-# Deploy ROSA HCP Cluster GitHub Action
+# Deploy ROSA HCP Cluster
+
+## Description
+
+This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform.
+This action will also install oc, awscli, rosa cli.
+The kube context will be set on the created cluster.
-This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. It also installs `oc`, `awscli`, and `rosa` CLI tools.
## Inputs
-| Input | Description | Required | Default |
-|---------------------|--------------------------------------------------------------|----------|------------------|
-| `rh-token` | Red Hat Hybrid Cloud Console Token | true | |
-| `cluster-name` | Name of the ROSA cluster to deploy | true | |
-| `admin-password` | Admin password for the ROSA cluster | true | |
-| `admin-username` | Admin username for the ROSA cluster | false | `kube-admin` |
-| `aws-region` | AWS region where the ROSA cluster will be deployed | true | |
-| `rosa-cli-version` | Version of the ROSA CLI to use | false | `latest` |
-| `awscli-version` | Version of the AWS CLI to use | false | __see `action.yml`__ |
-| `openshift-version` | Version of the OpenShift to install | false | __see `action.yml`__ |
-| `replicas` | Number of replicas for the ROSA cluster | false | `2` |
-| `s3-backend-bucket` | Name of the S3 bucket to store Terraform state | true | |
-| `s3-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on `aws-region` | false | |
-| `tf-modules-revision`| Git revision of the Terraform modules to use | false | `main` |
-| `tf-modules-path` | Path where the Terraform ROSA modules will be cloned | false | `./.action-tf-modules/rosa/` |
-| `login` | Authenticate the current kube context on the created cluster | false | `true` |
-| `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`. | false | `app.terraform.io` |
-| `tf-cli-config-credentials-token` | The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. | false | |
-| `tf-terraform-version` | The version of Terraform CLI to install. Defaults to `latest`. | false | `latest` |
-| `tf-terraform-wrapper` | Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`. | false | `true` |
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `rh-token` | Red Hat Hybrid Cloud Console Token
| `true` | `""` |
+| `cluster-name` | Name of the ROSA cluster to deploy
| `true` | `""` |
+| `admin-password` | Admin password for the ROSA cluster
| `true` | `""` |
+| `admin-username` | Admin username for the ROSA cluster
| `true` | `kube-admin` |
+| `aws-region` | AWS region where the ROSA cluster will be deployed
| `true` | `""` |
+| `rosa-cli-version` | Version of the ROSA CLI to use
| `true` | `latest` |
+| `awscli-version` | Version of the aws cli to use
| `true` | `2.15.52` |
+| `openshift-version` | Version of the OpenShift to install
| `true` | `4.16.10` |
+| `replicas` | Number of replicas for the ROSA cluster
| `true` | `2` |
+| `s3-backend-bucket` | Name of the S3 bucket to store Terraform state
| `true` | `""` |
+| `s3-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on aws-region
| `false` | `""` |
+| `tf-modules-revision` | Git revision of the tf modules to use
| `true` | `main` |
+| `tf-modules-path` | Path where the tf rosa modules will be cloned
| `true` | `./.action-tf-modules/rosa/` |
+| `login` | Authenticate the current kube context on the created cluster
| `true` | `true` |
+| `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to app.terraform.io
.
| `false` | `app.terraform.io` |
+| `tf-cli-config-credentials-token` | The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.
| `false` | `""` |
+| `tf-terraform-version` | The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example <1.13.0
) to install the latest version satisfying the constraint. A value of latest
will install the latest version of Terraform CLI. Defaults to latest
.
| `false` | `latest` |
+| `tf-terraform-wrapper` | Whether or not to install a wrapper to wrap subsequent calls of the terraform
binary and expose its STDOUT, STDERR, and exit code as outputs named stdout
, stderr
, and exitcode
respectively. Defaults to true
.
| `false` | `true` |
+
## Outputs
-| Output | Description |
-|--------------------------|------------------------------------------------------------|
-| `openshift-server-api` | The server API URL of the deployed ROSA cluster |
-| `openshift-cluster-id` | The ID of the deployed ROSA cluster |
-| `terraform-state-url` | URL of the Terraform state file in the S3 bucket |
+| name | description |
+| --- | --- |
+| `openshift-server-api` | The server API URL of the deployed ROSA cluster
|
+| `openshift-cluster-id` | The ID of the deployed ROSA cluster
|
+| `terraform-state-url` | URL of the Terraform state file in the S3 bucket
|
-## Usage
-This action is idempotent and can be re-run without affecting the existing cluster, following the principles of Terraform.
+## Runs
+
+This action is a `composite` action.
-Create a file in your repository's `.github/workflows` directory, for example `deploy-rosa-hcp.yml`, with the following content:
+## Usage
```yaml
-name: Deploy ROSA HCP Cluster
-
-on:
- pull_request:
-
-jobs:
- deploy:
- runs-on: ubuntu-latest
- steps:
- - name: Add profile credentials to ~/.aws/credentials
- run: |
- aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
- aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
- aws configure set region ${{ env.AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
-
- - name: Deploy ROSA HCP Cluster
- uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@main
- id: create_cluster
- with:
- rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }}
- cluster-name: "my-ocp-cluster"
- admin-username: "kube-admin"
- admin-password: ${{ secrets.CI_OPENSHIFT_MAIN_PASSWORD }}
- aws-region: "us-west-2"
- s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }}
+- uses: camunda/camunda-tf-rosa/.github/actions/rosa-create-cluster@main
+ with:
+ rh-token:
+ # Red Hat Hybrid Cloud Console Token
+ #
+ # Required: true
+ # Default: ""
+
+ cluster-name:
+ # Name of the ROSA cluster to deploy
+ #
+ # Required: true
+ # Default: ""
+
+ admin-password:
+ # Admin password for the ROSA cluster
+ #
+ # Required: true
+ # Default: ""
+
+ admin-username:
+ # Admin username for the ROSA cluster
+ #
+ # Required: true
+ # Default: kube-admin
+
+ aws-region:
+ # AWS region where the ROSA cluster will be deployed
+ #
+ # Required: true
+ # Default: ""
+
+ rosa-cli-version:
+ # Version of the ROSA CLI to use
+ #
+ # Required: true
+ # Default: latest
+
+ awscli-version:
+ # Version of the aws cli to use
+ #
+ # Required: true
+ # Default: 2.15.52
+
+ openshift-version:
+ # Version of the OpenShift to install
+ #
+ # Required: true
+ # Default: 4.16.10
+
+ replicas:
+ # Number of replicas for the ROSA cluster
+ #
+ # Required: true
+ # Default: 2
+
+ s3-backend-bucket:
+ # Name of the S3 bucket to store Terraform state
+ #
+ # Required: true
+ # Default: ""
+
+ s3-bucket-region:
+ # Region of the bucket containing the resources states, if not set, will fallback on aws-region
+ #
+ # Required: false
+ # Default: ""
+
+ tf-modules-revision:
+ # Git revision of the tf modules to use
+ #
+ # Required: true
+ # Default: main
+
+ tf-modules-path:
+ # Path where the tf rosa modules will be cloned
+ #
+ # Required: true
+ # Default: ./.action-tf-modules/rosa/
+
+ login:
+ # Authenticate the current kube context on the created cluster
+ #
+ # Required: true
+ # Default: true
+
+ tf-cli-config-credentials-hostname:
+ # The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+ # file. Defaults to `app.terraform.io`.
+ #
+ # Required: false
+ # Default: app.terraform.io
+
+ tf-cli-config-credentials-token:
+ # The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+ # file.
+ #
+ # Required: false
+ # Default: ""
+
+ tf-terraform-version:
+ # The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for
+ # example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform
+ # CLI. Defaults to `latest`.
+ #
+ # Required: false
+ # Default: latest
+
+ tf-terraform-wrapper:
+ # Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code
+ # as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
+ #
+ # Required: false
+ # Default: true
```
diff --git a/.github/actions/rosa-create-cluster/action.yml b/.github/actions/rosa-create-cluster/action.yml
index 511c8d7..460b4f9 100644
--- a/.github/actions/rosa-create-cluster/action.yml
+++ b/.github/actions/rosa-create-cluster/action.yml
@@ -1,243 +1,268 @@
+---
name: Deploy ROSA HCP Cluster
description: |
- This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform.
- This action will also install oc, awscli, rosa cli.
- The kube context will be set on the created cluster.
+ This GitHub Action automates the deployment of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform.
+ This action will also install oc, awscli, rosa cli.
+ The kube context will be set on the created cluster.
inputs:
- rh-token:
- description: 'Red Hat Hybrid Cloud Console Token'
- required: true
- cluster-name:
- description: 'Name of the ROSA cluster to deploy'
- required: true
- admin-password:
- description: 'Admin password for the ROSA cluster'
- required: true
- admin-username:
- description: 'Admin username for the ROSA cluster'
- default: "kube-admin"
- required: true
- aws-region:
- description: 'AWS region where the ROSA cluster will be deployed'
- required: true
- rosa-cli-version:
- description: 'Version of the ROSA CLI to use'
- required: true
- default: "latest"
- awscli-version:
- description: 'Version of the aws cli to use'
- required: true
- # renovate: datasource=github-releases depName=aws/aws-cli
- default: "2.15.52"
- openshift-version:
- description: 'Version of the OpenShift to install'
- required: true
- # renovate: datasource=custom.rosa-camunda depName=red-hat-openshift versioning=semver
- default: "4.16.10"
- replicas:
- description: 'Number of replicas for the ROSA cluster'
- required: true
- default: "2"
- s3-backend-bucket:
- description: 'Name of the S3 bucket to store Terraform state'
- required: true
- s3-bucket-region:
- description: 'Region of the bucket containing the resources states, if not set, will fallback on aws-region'
- tf-modules-revision:
- description: 'Git revision of the tf modules to use'
- default: 'main'
- required: true
- tf-modules-path:
- description: 'Path where the tf rosa modules will be cloned'
- default: './.action-tf-modules/rosa/'
- required: true
- login:
- description: 'Authenticate the current kube context on the created cluster'
- default: "true"
- required: true
-
- # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml
- tf-cli-config-credentials-hostname:
- description: 'The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.'
- default: 'app.terraform.io'
- required: false
- tf-cli-config-credentials-token:
- description: 'The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
- required: false
- tf-terraform-version:
- description: 'The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.'
- default: 'latest'
- required: false
- tf-terraform-wrapper:
- description: 'Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.'
- default: 'true'
- required: false
+ rh-token:
+ description: Red Hat Hybrid Cloud Console Token
+ required: true
+ cluster-name:
+ description: Name of the ROSA cluster to deploy
+ required: true
+ admin-password:
+ description: Admin password for the ROSA cluster
+ required: true
+ admin-username:
+ description: Admin username for the ROSA cluster
+ default: kube-admin
+ required: true
+ aws-region:
+ description: AWS region where the ROSA cluster will be deployed
+ required: true
+ rosa-cli-version:
+ description: Version of the ROSA CLI to use
+ required: true
+ default: latest
+ awscli-version:
+ description: Version of the aws cli to use
+ required: true
+ # renovate: datasource=github-releases depName=aws/aws-cli
+ default: 2.15.52
+ openshift-version:
+ description: Version of the OpenShift to install
+ required: true
+ # renovate: datasource=custom.rosa-camunda depName=red-hat-openshift versioning=semver
+ default: 4.16.10
+ replicas:
+ description: Number of replicas for the ROSA cluster
+ required: true
+ default: '2'
+ s3-backend-bucket:
+ description: Name of the S3 bucket to store Terraform state
+ required: true
+ s3-bucket-region:
+ description: Region of the bucket containing the resources states, if not set, will fallback on aws-region
+ tf-modules-revision:
+ description: Git revision of the tf modules to use
+ default: main
+ required: true
+ tf-modules-path:
+ description: Path where the tf rosa modules will be cloned
+ default: ./.action-tf-modules/rosa/
+ required: true
+ login:
+ description: Authenticate the current kube context on the created cluster
+ default: 'true'
+ required: true
+
+ # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml
+ tf-cli-config-credentials-hostname:
+ description: |
+ The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+ file. Defaults to `app.terraform.io`.
+ default: app.terraform.io
+ required: false
+ tf-cli-config-credentials-token:
+ description: |
+ The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+ file.
+ required: false
+ tf-terraform-version:
+ description: |
+ The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for
+ example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform
+ CLI. Defaults to `latest`.
+ default: latest
+ required: false
+ tf-terraform-wrapper:
+ description: |
+ Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code
+ as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
+ default: 'true'
+ required: false
outputs:
- openshift-server-api:
- description: 'The server API URL of the deployed ROSA cluster'
- value: ${{ steps.cluster_info.outputs.cluster_api }}
+ openshift-server-api:
+ description: The server API URL of the deployed ROSA cluster
+ value: ${{ steps.cluster_info.outputs.cluster_api }}
- openshift-cluster-id:
- description: 'The ID of the deployed ROSA cluster'
- value: ${{ steps.apply.outputs.cluster_id }}
+ openshift-cluster-id:
+ description: The ID of the deployed ROSA cluster
+ value: ${{ steps.apply.outputs.cluster_id }}
- terraform-state-url:
- description: 'URL of the Terraform state file in the S3 bucket'
- value: ${{ steps.set-terraform-variables.outputs.terraform-state-url }}
+ terraform-state-url:
+ description: URL of the Terraform state file in the S3 bucket
+ value: ${{ steps.set-terraform-variables.outputs.terraform-state-url }}
runs:
- using: 'composite'
- steps:
- - name: Install ROSA CLI
- shell: bash
- run: |
- curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/rosa/${{ inputs.rosa-cli-version }}/rosa-linux.tar.gz"
- tar -xvf rosa-linux.tar.gz
- sudo mv rosa /usr/local/bin/rosa
- chmod +x /usr/local/bin/rosa
- rm -f rosa-linux.tar.gz
- rosa version
-
- - name: Install Terraform
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
- with:
- cli_config_credentials_hostname: ${{ inputs.tf-cli-config-credentials-hostname }}
- cli_config_credentials_token: ${{ inputs.tf-cli-config-credentials-token }}
- terraform_version: ${{ inputs.tf-terraform-version }}
- terraform_wrapper: ${{ inputs.tf-terraform-wrapper }}
-
- - name: Install CLI tools from OpenShift Mirror
- uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
- with:
- oc: "${{ inputs.openshift-version }}"
-
- - name: Login to Red Hat Hybrid Cloud Console
- shell: bash
- run: |
- rosa login --token=${{ inputs.rh-token }} --region="${{ inputs.aws-region }}"
- rosa whoami --region="${{ inputs.aws-region }}"
-
- - name: Verify and enable HCP ROSA on AWS Marketplace
- shell: bash
- run: |
- rosa verify quota --region="${{ inputs.aws-region }}"
- rosa verify permissions --region="${{ inputs.aws-region }}"
- rosa create account-roles --mode auto --region="${{ inputs.aws-region }}"
-
- - name: Install aws-cli v2
- shell: bash
- run: |
- sudo rm -rf /usr/local/aws-cli
- mkdir -p /tmp/awscli && cd /tmp/awscli
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip"
- unzip -qq awscliv2.zip
- sudo ./aws/install
- cd - && rm -Rf /tmp/awscli
-
- - name: Set Terraform variables
- shell: bash
- id: set-terraform-variables
- run: |
- export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}"
- export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate"
-
- if [ -z "${{ inputs.s3-bucket-region }}" ]; then
- export TFSTATE_REGION="${{ inputs.aws-region }}"
- else
- export TFSTATE_REGION="${{ inputs.s3-bucket-region }}"
- fi
-
- echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT"
- echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT"
- echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"
-
- terraform_state_url="s3://${TFSTATE_BUCKET}/${TFSTATE_KEY}"
- echo "terraform-state-url=${terraform_state_url}" >> "$GITHUB_OUTPUT"
-
- - name: Check if S3 bucket exists
- id: create-s3-bucket
- shell: bash
- run: |
- if aws s3api head-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} 2>/dev/null; then
- echo "Bucket already exists"
- else
- echo "Bucket does not exist, creating..."
- aws s3api create-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} --create-bucket-configuration LocationConstraint=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}
- fi
-
- aws s3api put-public-access-block --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
-
- - name: Checkout Repository rosa modules
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- with:
- repository: "camunda/camunda-tf-rosa"
- ref: ${{ inputs.tf-modules-revision }}
- path: ${{ inputs.tf-modules-path }}
- fetch-depth: 0
-
- - name: Terraform Init
- shell: bash
- id: init
- working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/"
- run: |
- terraform version
- terraform init -backend-config="bucket=${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}" -backend-config="key=${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}" -backend-config="region=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}"
- terraform validate -no-color
-
- - name: Terraform Plan
- shell: bash
- id: plan
- working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/"
- run: |
- terraform plan -no-color -out rosa.plan -var "cluster_name=${{ inputs.cluster-name }}" -var "replicas=${{ inputs.replicas }}" -var "htpasswd_password=${{ inputs.admin-password }}" -var "htpasswd_username=${{ inputs.admin-username }}" -var "offline_access_token=${{ inputs.rh-token }}" -var "openshift_version=${{ inputs.openshift-version }}"
-
- - name: Terraform Apply
- shell: bash
- id: apply
- working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/"
- run: |
- terraform apply -no-color rosa.plan
-
- export cluster_id="$(terraform output -raw cluster_id)"
- echo "cluster_id=$cluster_id" >> "$GITHUB_OUTPUT"
-
- - name: Retrieve cluster information
- shell: bash
- id: cluster_info
- run: |
- rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" --region="${{ inputs.aws-region }}"
- export cluster_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url')
- echo "cluster_api=$cluster_api"
- echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT"
-
- - name: Login and generate kubeconfig
- # we need to retry due as the cluster has just been created and the OIDC provider may not be available yet
- uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3
- id: kube_config
- if: inputs.login == 'true'
- with:
- timeout_minutes: 10
- max_attempts: 40
- shell: bash
- retry_wait_seconds: 15
- command: |
- : # see https://github.com/nick-fields/retry/issues/133
- set -o errexit
- set -o pipefail
-
- oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" "${{ steps.cluster_info.outputs.cluster_api }}"
- rosa grant user cluster-admin --cluster="${{ inputs.cluster-name }}" --user="${{ inputs.admin-username }}" --region="${{ inputs.aws-region }}"
-
- oc whoami
-
- kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}"
- kubectl config use "${{ inputs.cluster-name }}"
-
- - name: Clean up cloned modules
- if: always()
- shell: bash
- run: |
- rm -rf "${{ inputs.tf-modules-path }}"
+ using: composite
+ steps:
+ - name: Install ROSA CLI
+ shell: bash
+ run: |
+ curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/rosa/${{ inputs.rosa-cli-version }}/rosa-linux.tar.gz"
+ tar -xvf rosa-linux.tar.gz
+ sudo mv rosa /usr/local/bin/rosa
+ chmod +x /usr/local/bin/rosa
+ rm -f rosa-linux.tar.gz
+ rosa version
+
+ - name: Install Terraform
+ uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+ with:
+ cli_config_credentials_hostname: ${{ inputs.tf-cli-config-credentials-hostname }}
+ cli_config_credentials_token: ${{ inputs.tf-cli-config-credentials-token }}
+ terraform_version: ${{ inputs.tf-terraform-version }}
+ terraform_wrapper: ${{ inputs.tf-terraform-wrapper }}
+
+ - name: Install CLI tools from OpenShift Mirror
+ uses: redhat-actions/openshift-tools-installer@144527c7d98999f2652264c048c7a9bd103f8a82 # v1
+ with:
+ oc: ${{ inputs.openshift-version }}
+
+ - name: Login to Red Hat Hybrid Cloud Console
+ shell: bash
+ run: |
+ rosa login --token=${{ inputs.rh-token }} --region="${{ inputs.aws-region }}"
+ rosa whoami --region="${{ inputs.aws-region }}"
+
+ - name: Verify and enable HCP ROSA on AWS Marketplace
+ shell: bash
+ run: |
+ rosa verify quota --region="${{ inputs.aws-region }}"
+ rosa verify permissions --region="${{ inputs.aws-region }}"
+ rosa create account-roles --mode auto --region="${{ inputs.aws-region }}"
+
+ - name: Install aws-cli v2
+ shell: bash
+ run: |
+ sudo rm -rf /usr/local/aws-cli
+ mkdir -p /tmp/awscli && cd /tmp/awscli
+ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip"
+ unzip -qq awscliv2.zip
+ sudo ./aws/install
+ cd - && rm -Rf /tmp/awscli
+
+ - name: Set Terraform variables
+ shell: bash
+ id: set-terraform-variables
+ run: |
+ export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}"
+ export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate"
+
+ if [ -z "${{ inputs.s3-bucket-region }}" ]; then
+ export TFSTATE_REGION="${{ inputs.aws-region }}"
+ else
+ export TFSTATE_REGION="${{ inputs.s3-bucket-region }}"
+ fi
+
+ echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT"
+ echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT"
+ echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"
+
+ terraform_state_url="s3://${TFSTATE_BUCKET}/${TFSTATE_KEY}"
+ echo "terraform-state-url=${terraform_state_url}" >> "$GITHUB_OUTPUT"
+
+ - name: Check if S3 bucket exists
+ id: create-s3-bucket
+ shell: bash
+ run: |
+ if aws s3api head-bucket --bucket ${{ inputs.s3-backend-bucket }} --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} 2>/dev/null; then
+ echo "Bucket already exists"
+ else
+ echo "Bucket does not exist, creating..."
+ aws s3api create-bucket --bucket ${{ inputs.s3-backend-bucket }} \
+ --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} \
+ --create-bucket-configuration LocationConstraint=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}
+ fi
+
+ aws s3api put-public-access-block --bucket ${{ inputs.s3-backend-bucket }} \
+ --region ${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }} \
+ --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
+
+ - name: Checkout Repository rosa modules
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ with:
+ repository: camunda/camunda-tf-rosa
+ ref: ${{ inputs.tf-modules-revision }}
+ path: ${{ inputs.tf-modules-path }}
+ fetch-depth: 0
+
+ - name: Terraform Init
+ shell: bash
+ id: init
+ working-directory: ${{ inputs.tf-modules-path }}/modules/rosa-hcp/
+ run: |
+ terraform version
+
+ terraform init \
+ -backend-config="bucket=${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}" \
+ -backend-config="key=${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}" \
+ -backend-config="region=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}"
+
+ terraform validate -no-color
+
+ - name: Terraform Plan
+ shell: bash
+ id: plan
+ working-directory: ${{ inputs.tf-modules-path }}/modules/rosa-hcp/
+ run: |
+ terraform plan -no-color -out rosa.plan \
+ -var "cluster_name=${{ inputs.cluster-name }}" \
+ -var "replicas=${{ inputs.replicas }}" \
+ -var "htpasswd_password=${{ inputs.admin-password }}" \
+ -var "htpasswd_username=${{ inputs.admin-username }}" \
+ -var "offline_access_token=${{ inputs.rh-token }}" \
+ -var "openshift_version=${{ inputs.openshift-version }}"
+
+ - name: Terraform Apply
+ shell: bash
+ id: apply
+ working-directory: ${{ inputs.tf-modules-path }}/modules/rosa-hcp/
+ run: |
+ terraform apply -no-color rosa.plan
+
+ export cluster_id="$(terraform output -raw cluster_id)"
+ echo "cluster_id=$cluster_id" >> "$GITHUB_OUTPUT"
+
+ - name: Retrieve cluster information
+ shell: bash
+ id: cluster_info
+ run: |
+ rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" --region="${{ inputs.aws-region }}"
+ export cluster_api=$(rosa describe cluster --output=json -c "${{ steps.apply.outputs.cluster_id }}" | jq -r '.api.url')
+ echo "cluster_api=$cluster_api"
+ echo "cluster_api=$cluster_api" >> "$GITHUB_OUTPUT"
+
+ - name: Login and generate kubeconfig
+ # we need to retry due as the cluster has just been created and the OIDC provider may not be available yet
+ uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3
+ id: kube_config
+ if: inputs.login == 'true'
+ with:
+ timeout_minutes: 10
+ max_attempts: 40
+ shell: bash
+ retry_wait_seconds: 15
+ command: |
+ : # see https://github.com/nick-fields/retry/issues/133
+ set -o errexit
+ set -o pipefail
+
+ oc login --username "${{ inputs.admin-username }}" --password "${{ inputs.admin-password }}" "${{ steps.cluster_info.outputs.cluster_api }}"
+ rosa grant user cluster-admin --cluster="${{ inputs.cluster-name }}" --user="${{ inputs.admin-username }}" --region="${{ inputs.aws-region }}"
+
+ oc whoami
+
+ kubectl config rename-context $(oc config current-context) "${{ inputs.cluster-name }}"
+ kubectl config use "${{ inputs.cluster-name }}"
+
+ - name: Clean up cloned modules
+ if: always()
+ shell: bash
+ run: |
+ rm -rf "${{ inputs.tf-modules-path }}"
diff --git a/.github/actions/rosa-delete-cluster/README.md b/.github/actions/rosa-delete-cluster/README.md
index abec54c..acd559a 100644
--- a/.github/actions/rosa-delete-cluster/README.md
+++ b/.github/actions/rosa-delete-cluster/README.md
@@ -1,45 +1,107 @@
-# Delete ROSA HCP Cluster GitHub Action
+# Delete ROSA HCP Cluster
+
+## Description
+
+This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform.
+This action will also install awscli.
-This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform. It also installs `awscli`.
## Inputs
-| Input | Description | Required | Default |
-|----------------------|----------------------------------------------------------|----------|--------------------------------|
-| `rh-token` | Red Hat Hybrid Cloud Console Token | true | |
-| `cluster-name` | Name of the ROSA cluster to delete | true | |
-| `aws-region` | AWS region where the ROSA cluster is deployed | true | |
-| `s3-backend-bucket` | Name of the S3 bucket where the Terraform state is stored| true | |
-| `s3-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on `aws-region` | false | |
-| `awscli-version` | Version of the aws cli to use | false | __see `action.yml`__ |
-| `tf-modules-revision`| Git revision of the tf modules to use | false | `main` |
-| `tf-modules-path` | Path where the tf rosa modules will be cloned | false | `./.action-tf-modules/rosa/` |
-| `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`. | false | `app.terraform.io` |
-| `tf-cli-config-credentials-token` | The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. | false | |
-| `tf-terraform-version` | The version of Terraform CLI to install. Defaults to `latest`. | false | `latest` |
-| `tf-terraform-wrapper` | Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`. | false | `true` |
+| name | description | required | default |
+| --- | --- | --- | --- |
+| `rh-token` | Red Hat Hybrid Cloud Console Token
| `true` | `""` |
+| `cluster-name` | Name of the ROSA cluster to delete
| `true` | `""` |
+| `aws-region` | AWS region where the ROSA cluster is deployed
| `true` | `""` |
+| `s3-backend-bucket` | Name of the S3 bucket where the Terraform state is stored
| `true` | `""` |
+| `s3-bucket-region` | Region of the bucket containing the resources states, if not set, will fallback on aws-region
| `false` | `""` |
+| `awscli-version` | Version of the aws cli to use
| `true` | `2.15.52` |
+| `tf-modules-revision` | Git revision of the tf modules to use
| `true` | `main` |
+| `tf-modules-path` | Path where the tf rosa modules will be cloned
| `true` | `./.action-tf-modules/rosa/` |
+| `tf-cli-config-credentials-hostname` | The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to app.terraform.io
.
| `false` | `app.terraform.io` |
+| `tf-cli-config-credentials-token` | The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.
| `false` | `""` |
+| `tf-terraform-version` | The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example <1.13.0
) to install the latest version satisfying the constraint. A value of latest
will install the latest version of Terraform CLI. Defaults to latest
.
| `false` | `latest` |
+| `tf-terraform-wrapper` | Whether or not to install a wrapper to wrap subsequent calls of the terraform
binary and expose its STDOUT, STDERR, and exit code as outputs named stdout
, stderr
, and exitcode
respectively. Defaults to true
.
| `false` | `true` |
-## Usage
-For this destruction action, it is not necessary to have called the creation action just before, as the state will be retrieved via the bucket.
+## Runs
+
+This action is a `composite` action.
-Create a file in your repository's `.github/workflows` directory, for example `delete-rosa-hcp.yml`, with the following content:
+## Usage
```yaml
-name: Delete ROSA HCP Cluster
-
-on:
- pull_request:
-
-jobs:
- delete:
- runs-on: ubuntu-latest
- steps:
- - name: Delete ROSA HCP Cluster
- uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@main
- with:
- rh-token: ${{ secrets.RH_OPENSHIFT_TOKEN }}
- cluster-name: "my-ocp-cluster"
- aws-region: "us-west-2"
- s3-backend-bucket: ${{ secrets.TF_S3_BUCKET }}
+- uses: camunda/camunda-tf-rosa/.github/actions/rosa-delete-cluster@main
+ with:
+ rh-token:
+ # Red Hat Hybrid Cloud Console Token
+ #
+ # Required: true
+ # Default: ""
+
+ cluster-name:
+ # Name of the ROSA cluster to delete
+ #
+ # Required: true
+ # Default: ""
+
+ aws-region:
+ # AWS region where the ROSA cluster is deployed
+ #
+ # Required: true
+ # Default: ""
+
+ s3-backend-bucket:
+ # Name of the S3 bucket where the Terraform state is stored
+ #
+ # Required: true
+ # Default: ""
+
+ s3-bucket-region:
+ # Region of the bucket containing the resources states, if not set, will fallback on aws-region
+ #
+ # Required: false
+ # Default: ""
+
+ awscli-version:
+ # Version of the aws cli to use
+ #
+ # Required: true
+ # Default: 2.15.52
+
+ tf-modules-revision:
+ # Git revision of the tf modules to use
+ #
+ # Required: true
+ # Default: main
+
+ tf-modules-path:
+ # Path where the tf rosa modules will be cloned
+ #
+ # Required: true
+ # Default: ./.action-tf-modules/rosa/
+
+ tf-cli-config-credentials-hostname:
+ # The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.
+ #
+ # Required: false
+ # Default: app.terraform.io
+
+ tf-cli-config-credentials-token:
+ # The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.
+ #
+ # Required: false
+ # Default: ""
+
+ tf-terraform-version:
+ # The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.
+ #
+ # Required: false
+ # Default: latest
+
+ tf-terraform-wrapper:
+ # Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
+ #
+ # Required: false
+ # Default: true
```
diff --git a/.github/actions/rosa-delete-cluster/action.yml b/.github/actions/rosa-delete-cluster/action.yml
index 23a9ab9..b72dcc3 100644
--- a/.github/actions/rosa-delete-cluster/action.yml
+++ b/.github/actions/rosa-delete-cluster/action.yml
@@ -1,131 +1,145 @@
+---
name: Delete ROSA HCP Cluster
description: |
- This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform.
- This action will also install awscli.
+ This GitHub Action automates the deletion of a ROSA (Red Hat OpenShift Service on AWS) cluster using Terraform.
+ This action will also install awscli.
inputs:
- rh-token:
- description: 'Red Hat Hybrid Cloud Console Token'
- required: true
- cluster-name:
- description: 'Name of the ROSA cluster to delete'
- required: true
- aws-region:
- description: 'AWS region where the ROSA cluster is deployed'
- required: true
- s3-backend-bucket:
- description: 'Name of the S3 bucket where the Terraform state is stored'
- required: true
- s3-bucket-region:
- description: 'Region of the bucket containing the resources states, if not set, will fallback on aws-region'
- awscli-version:
- description: 'Version of the aws cli to use'
- required: true
- # renovate: datasource=github-releases depName=aws/aws-cli
- default: "2.15.52"
- tf-modules-revision:
- description: 'Git revision of the tf modules to use'
- default: 'main'
- required: true
- tf-modules-path:
- description: 'Path where the tf rosa modules will be cloned'
- default: './.action-tf-modules/rosa/'
- required: true
-
- # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml
- tf-cli-config-credentials-hostname:
- description: 'The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file. Defaults to `app.terraform.io`.'
- default: 'app.terraform.io'
- required: false
- tf-cli-config-credentials-token:
- description: 'The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration file.'
- required: false
- tf-terraform-version:
- description: 'The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform CLI. Defaults to `latest`.'
- default: 'latest'
- required: false
- tf-terraform-wrapper:
- description: 'Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.'
- default: 'true'
- required: false
+ rh-token:
+ description: Red Hat Hybrid Cloud Console Token
+ required: true
+ cluster-name:
+ description: Name of the ROSA cluster to delete
+ required: true
+ aws-region:
+ description: AWS region where the ROSA cluster is deployed
+ required: true
+ s3-backend-bucket:
+ description: Name of the S3 bucket where the Terraform state is stored
+ required: true
+ s3-bucket-region:
+ description: Region of the bucket containing the resources states, if not set, will fallback on aws-region
+ awscli-version:
+ description: Version of the aws cli to use
+ required: true
+ # renovate: datasource=github-releases depName=aws/aws-cli
+ default: 2.15.52
+ tf-modules-revision:
+ description: Git revision of the tf modules to use
+ default: main
+ required: true
+ tf-modules-path:
+ description: Path where the tf rosa modules will be cloned
+ default: ./.action-tf-modules/rosa/
+ required: true
+
+ # inherited from https://github.com/hashicorp/setup-terraform/blob/main/action.yml
+ tf-cli-config-credentials-hostname:
+ description: The hostname of a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+ file. Defaults to `app.terraform.io`.
+ default: app.terraform.io
+ required: false
+ tf-cli-config-credentials-token:
+ description: The API token for a HCP Terraform/Terraform Enterprise instance to place within the credentials block of the Terraform CLI configuration
+ file.
+ required: false
+ tf-terraform-version:
+ description: The version of Terraform CLI to install. Instead of full version string you can also specify constraint string starting with "<" (for
+ example `<1.13.0`) to install the latest version satisfying the constraint. A value of `latest` will install the latest version of Terraform
+ CLI. Defaults to `latest`.
+ default: latest
+ required: false
+ tf-terraform-wrapper:
+ description: Whether or not to install a wrapper to wrap subsequent calls of the `terraform` binary and expose its STDOUT, STDERR, and exit code
+ as outputs named `stdout`, `stderr`, and `exitcode` respectively. Defaults to `true`.
+ default: 'true'
+ required: false
runs:
- using: 'composite'
- steps:
- - name: Install Terraform
- uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
- with:
- cli_config_credentials_hostname: ${{ inputs.tf-cli-config-credentials-hostname }}
- cli_config_credentials_token: ${{ inputs.tf-cli-config-credentials-token }}
- terraform_version: ${{ inputs.tf-terraform-version }}
- terraform_wrapper: ${{ inputs.tf-terraform-wrapper }}
-
- - name: Install aws-cli v2
- shell: bash
- run: |
- sudo rm -rf /usr/local/aws-cli
- mkdir -p /tmp/awscli && cd /tmp/awscli
- curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip"
- unzip -qq awscliv2.zip
- sudo ./aws/install
- cd - && rm -Rf /tmp/awscli
-
- - name: Set Terraform variables
- shell: bash
- id: set-terraform-variables
- run: |
- export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}"
- export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate"
-
- if [ -z "${{ inputs.s3-bucket-region }}" ]; then
- export TFSTATE_REGION="${{ inputs.aws-region }}"
- else
- export TFSTATE_REGION="${{ inputs.s3-bucket-region }}"
- fi
-
- echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT"
- echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT"
- echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"
-
- - name: Checkout Repository rosa modules
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- with:
- repository: "camunda/camunda-tf-rosa"
- ref: ${{ inputs.tf-modules-revision }}
- path: ${{ inputs.tf-modules-path }}
- fetch-depth: 0
-
- - name: Terraform Init
- shell: bash
- id: init
- working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/"
- run: |
- terraform version
- terraform init -backend-config="bucket=${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}" -backend-config="key=${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}" -backend-config="region=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}"
- terraform validate -no-color
-
- - name: Terraform Plan Destroy
- shell: bash
- id: plan-destroy
- working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/"
- run: |
- terraform plan -destroy -no-color -out rosa-destroy.plan -var "cluster_name=${{ inputs.cluster-name }}" -var "offline_access_token=${{ inputs.rh-token }}" -var "htpasswd_password=dUmmyPassword$123!"
-
- - name: Terraform Apply Destroy
- shell: bash
- id: apply-destroy
- working-directory: "${{ inputs.tf-modules-path }}/modules/rosa-hcp/"
- run: |
- terraform apply -destroy -no-color rosa-destroy.plan
-
- - name: Clean up cloned modules
- shell: bash
- if: always()
- run: |
- rm -rf "${{ inputs.tf-modules-path }}"
-
- - name: Delete Terraform State
- shell: bash
- run: |
- aws s3 rm s3://${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}/${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}
+ using: composite
+ steps:
+ - name: Install Terraform
+ uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+ with:
+ cli_config_credentials_hostname: ${{ inputs.tf-cli-config-credentials-hostname }}
+ cli_config_credentials_token: ${{ inputs.tf-cli-config-credentials-token }}
+ terraform_version: ${{ inputs.tf-terraform-version }}
+ terraform_wrapper: ${{ inputs.tf-terraform-wrapper }}
+
+ - name: Install aws-cli v2
+ shell: bash
+ run: |
+ sudo rm -rf /usr/local/aws-cli
+ mkdir -p /tmp/awscli && cd /tmp/awscli
+ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${{ inputs.awscli-version }}.zip" -o "awscliv2.zip"
+ unzip -qq awscliv2.zip
+ sudo ./aws/install
+ cd - && rm -Rf /tmp/awscli
+
+ - name: Set Terraform variables
+ shell: bash
+ id: set-terraform-variables
+ run: |
+ export TFSTATE_BUCKET="${{ inputs.s3-backend-bucket }}"
+ export TFSTATE_KEY="tfstate-${{ inputs.cluster-name }}/${{ inputs.cluster-name }}.tfstate"
+
+ if [ -z "${{ inputs.s3-bucket-region }}" ]; then
+ export TFSTATE_REGION="${{ inputs.aws-region }}"
+ else
+ export TFSTATE_REGION="${{ inputs.s3-bucket-region }}"
+ fi
+
+ echo "TFSTATE_BUCKET=${TFSTATE_BUCKET}" >> "$GITHUB_OUTPUT"
+ echo "TFSTATE_REGION=${TFSTATE_REGION}" >> "$GITHUB_OUTPUT"
+ echo "TFSTATE_KEY=${TFSTATE_KEY}" >> "$GITHUB_OUTPUT"
+
+ - name: Checkout Repository rosa modules
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ with:
+ repository: camunda/camunda-tf-rosa
+ ref: ${{ inputs.tf-modules-revision }}
+ path: ${{ inputs.tf-modules-path }}
+ fetch-depth: 0
+
+ - name: Terraform Init
+ shell: bash
+ id: init
+ working-directory: ${{ inputs.tf-modules-path }}/modules/rosa-hcp/
+ run: |
+ terraform version
+
+ terraform init \
+ -backend-config="bucket=${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}" \
+ -backend-config="key=${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}" \
+ -backend-config="region=${{ steps.set-terraform-variables.outputs.TFSTATE_REGION }}"
+
+ terraform validate -no-color
+
+ - name: Terraform Plan Destroy
+ shell: bash
+ id: plan-destroy
+ working-directory: ${{ inputs.tf-modules-path }}/modules/rosa-hcp/
+ run: |
+ terraform plan -destroy -no-color -out rosa-destroy.plan \
+ -var "cluster_name=${{ inputs.cluster-name }}" \
+ -var "offline_access_token=${{ inputs.rh-token }}" \
+ -var "htpasswd_password=dUmmyPassword$123!"
+
+ - name: Terraform Apply Destroy
+ shell: bash
+ id: apply-destroy
+ working-directory: ${{ inputs.tf-modules-path }}/modules/rosa-hcp/
+ run: |
+ terraform apply -destroy -no-color rosa-destroy.plan
+
+ - name: Clean up cloned modules
+ shell: bash
+ if: always()
+ run: |
+ rm -rf "${{ inputs.tf-modules-path }}"
+
+ - name: Delete Terraform State
+ shell: bash
+ run: |
+ aws s3 rm s3://${{ steps.set-terraform-variables.outputs.TFSTATE_BUCKET }}/${{ steps.set-terraform-variables.outputs.TFSTATE_KEY }}
diff --git a/.github/labeler.yml b/.github/labeler.yml
index c0978e3..92c8994 100644
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,17 +1,18 @@
+---
# Add 'feature' label to any PR where the head branch name starts with `feature` or has a `feature` section in the name
feature:
- - head-branch: ['^feature', 'feature']
+ - head-branch: [^feature, feature]
# Add 'test' label to any changes within 'test' folder or any subfolders
test:
- - changed-files:
- - any-glob-to-any-file:
- - test/**.go
- - test/**/go.mod
- - modules/fixtures/**
+ - changed-files:
+ - any-glob-to-any-file:
+ - test/**.go
+ - test/**/go.mod
+ - modules/fixtures/**
terraform:
- - changed-files:
- - any-glob-to-any-file:
- - modules/**.tf
- - .tool-versions
+ - changed-files:
+ - any-glob-to-any-file:
+ - modules/**.tf
+ - .tool-versions
diff --git a/.github/workflows/artifact-rosa-versions.yml b/.github/workflows/artifact-rosa-versions.yml
index 7954d3d..a1070e9 100644
--- a/.github/workflows/artifact-rosa-versions.yml
+++ b/.github/workflows/artifact-rosa-versions.yml
@@ -1,66 +1,67 @@
+---
# This workflow updates an artifact containing the ROSA versions, it's used by renovate and published at https://camunda.github.io/camunda-tf-rosa/rosa_versions.txt
name: Save ROSA Versions as an artifact
on:
- schedule:
- - cron: '0 0 * * *'
- workflow_dispatch:
- pull_request:
- paths:
- - .github/workflows/artifact-rosa-versions.yml
+ schedule:
+ - cron: 0 0 * * *
+ workflow_dispatch:
+ pull_request:
+ paths:
+ - .github/workflows/artifact-rosa-versions.yml
jobs:
- save-rosa-versions:
- runs-on: ubuntu-latest
+ save-rosa-versions:
+ runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- with:
- ref: "gh-pages"
+ steps:
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ with:
+ ref: gh-pages
- - name: Import Secrets
- id: secrets
- uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
- with:
- url: ${{ secrets.VAULT_ADDR }}
- method: approle
- roleId: ${{ secrets.VAULT_ROLE_ID }}
- secretId: ${{ secrets.VAULT_SECRET_ID }}
- exportEnv: false
- secrets: |
- secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
+ - name: Import Secrets
+ id: secrets
+ uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
+ with:
+ url: ${{ secrets.VAULT_ADDR }}
+ method: approle
+ roleId: ${{ secrets.VAULT_ROLE_ID }}
+ secretId: ${{ secrets.VAULT_SECRET_ID }}
+ exportEnv: false
+ secrets: |
+ secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
- - name: Install ROSA CLI and output rosa versions
- shell: bash
- run: |
- curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/rosa-linux.tar.gz"
- tar -xvf rosa-linux.tar.gz
- sudo mv rosa /usr/local/bin/rosa
- chmod +x /usr/local/bin/rosa
- rm -f rosa-linux.tar.gz
- rosa version
- rosa login --token=${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
- mkdir -p docs
- rosa list versions --output json | jq '.[].raw_id' --raw-output > docs/rosa_versions.txt
+ - name: Install ROSA CLI and output rosa versions
+ shell: bash
+ run: |
+ curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/rosa/latest/rosa-linux.tar.gz"
+ tar -xvf rosa-linux.tar.gz
+ sudo mv rosa /usr/local/bin/rosa
+ chmod +x /usr/local/bin/rosa
+ rm -f rosa-linux.tar.gz
+ rosa version
+ rosa login --token=${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
+ mkdir -p docs
+ rosa list versions --output json | jq '.[].raw_id' --raw-output > docs/rosa_versions.txt
- - name: Commit and push ROSA versions file to gh-pages
- shell: bash
- run: |
- git diff --exit-code docs/rosa_versions.txt || {
- git config --local user.name "github-actions[bot]"
- git config --local user.email "github-actions[bot]@users.noreply.github.com"
- git add docs/rosa_versions.txt
- git commit -m "Update ROSA versions"
- git push origin gh-pages
- }
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: Commit and push ROSA versions file to gh-pages
+ shell: bash
+ run: |
+ git diff --exit-code docs/rosa_versions.txt || {
+ git config --local user.name "github-actions[bot]"
+ git config --local user.email "github-actions[bot]@users.noreply.github.com"
+ git add docs/rosa_versions.txt
+ git commit -m "Update ROSA versions"
+ git push origin gh-pages
+ }
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Notify in Slack in case of failure
- id: slack-notification
- if: failure() && github.event_name == 'schedule'
- uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
- with:
- vault_addr: ${{ secrets.VAULT_ADDR }}
- vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
- vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+ - name: Notify in Slack in case of failure
+ id: slack-notification
+ if: failure() && github.event_name == 'schedule'
+ uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
+ with:
+ vault_addr: ${{ secrets.VAULT_ADDR }}
+ vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
+ vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
diff --git a/.github/workflows/daily-cleanup.yml b/.github/workflows/daily-cleanup.yml
index 35f6646..79190bf 100644
--- a/.github/workflows/daily-cleanup.yml
+++ b/.github/workflows/daily-cleanup.yml
@@ -2,85 +2,85 @@
name: Daily cleanup cluster
on:
- workflow_dispatch:
- inputs:
- max_age_hours_cluster:
- description: "Maximum age of clusters in hours"
- required: true
- default: "20"
- pull_request:
- # the paths should be synced with ../labeler.yml
- paths:
- - .github/workflows/daily-cleanup.yml
- - .github/actions/rosa-cleanup-clusters/**
+ workflow_dispatch:
+ inputs:
+ max_age_hours_cluster:
+ description: Maximum age of clusters in hours
+ required: true
+ default: '20'
+ pull_request:
+ # the paths should be synced with ../labeler.yml
+ paths:
+ - .github/workflows/daily-cleanup.yml
+ - .github/actions/rosa-cleanup-clusters/**
- schedule:
- - cron: '0 1 * * *' # At 01:00 everyday.
+ schedule:
+ - cron: 0 1 * * * # At 01:00 everyday.
env:
- MAX_AGE_HOURS_CLUSTER: "${{ github.event.inputs.max_age_hours_cluster || '20' }}"
- AWS_PROFILE: "infex"
+ MAX_AGE_HOURS_CLUSTER: ${{ github.event.inputs.max_age_hours_cluster || '20' }}
+ AWS_PROFILE: infex
- # please keep those variables synced with tests.yml
- TESTS_AWS_REGION: "eu-west-2"
- TF_S3_BUCKET: "tests-rosa-tf-state-eu-central-1"
- TF_S3_REGION: "eu-central-1"
+ # please keep those variables synced with tests.yml
+ TESTS_AWS_REGION: eu-west-2
+ TF_S3_BUCKET: tests-rosa-tf-state-eu-central-1
+ TF_S3_REGION: eu-central-1
jobs:
- cleanup-clusters:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- with:
- ref: ${{ github.head_ref }}
- fetch-depth: 0
+ cleanup-clusters:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ with:
+ ref: ${{ github.head_ref }}
+ fetch-depth: 0
- - name: Install tooling using asdf
- uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
+ - name: Install tooling using asdf
+ uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
- - name: Use repo .tool-version as global version
- run: cp .tool-versions ~/.tool-versions
+ - name: Use repo .tool-version as global version
+ run: cp .tool-versions ~/.tool-versions
- - name: Import Secrets
- id: secrets
- uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
- with:
- url: ${{ secrets.VAULT_ADDR }}
- method: approle
- roleId: ${{ secrets.VAULT_ROLE_ID }}
- secretId: ${{ secrets.VAULT_SECRET_ID }}
- exportEnv: false
- secrets: |
- secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
- secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
- secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
+ - name: Import Secrets
+ id: secrets
+ uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
+ with:
+ url: ${{ secrets.VAULT_ADDR }}
+ method: approle
+ roleId: ${{ secrets.VAULT_ROLE_ID }}
+ secretId: ${{ secrets.VAULT_SECRET_ID }}
+ exportEnv: false
+ secrets: |
+ secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
+ secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
+ secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
# Official action does not support profiles
- - name: Add profile credentials to ~/.aws/credentials
- run: |
- aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
- aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
- aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
+ - name: Add profile credentials to ~/.aws/credentials
+ run: |
+ aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
+ aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
+ aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
- - name: Delete clusters
- id: delete_clusters
- timeout-minutes: 125
- uses: ./.github/actions/rosa-cleanup-clusters
- env:
- RH_TOKEN: "${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}"
- AWS_REGION: "${{ env.TESTS_AWS_REGION }}"
- with:
- tf-bucket: "${{ env.TF_S3_BUCKET }}"
- tf-bucket-region: "${{ env.TF_S3_REGION }}"
- max-age-hours-cluster: "${{ env.MAX_AGE_HOURS_CLUSTER }}"
+ - name: Delete clusters
+ id: delete_clusters
+ timeout-minutes: 125
+ uses: ./.github/actions/rosa-cleanup-clusters
+ env:
+ RH_TOKEN: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
+ AWS_REGION: ${{ env.TESTS_AWS_REGION }}
+ with:
+ tf-bucket: ${{ env.TF_S3_BUCKET }}
+ tf-bucket-region: ${{ env.TF_S3_REGION }}
+ max-age-hours-cluster: ${{ env.MAX_AGE_HOURS_CLUSTER }}
- - name: Notify in Slack in case of failure
- id: slack-notification
- if: failure() && github.event_name == 'schedule'
- uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
- with:
- vault_addr: ${{ secrets.VAULT_ADDR }}
- vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
- vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+ - name: Notify in Slack in case of failure
+ id: slack-notification
+ if: failure() && github.event_name == 'schedule'
+ uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
+ with:
+ vault_addr: ${{ secrets.VAULT_ADDR }}
+ vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
+ vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 0af3464..86b93f3 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -1,26 +1,27 @@
-name: "Pull Request Labeler"
+---
+name: Pull Request Labeler
on:
- pull_request_target:
- schedule:
- - cron: "0 1 * * 1"
- pull_request:
- paths:
- - .github/workflows/labeler.yml
+ pull_request_target:
+ schedule:
+ - cron: 0 1 * * 1
+ pull_request:
+ paths:
+ - .github/workflows/labeler.yml
jobs:
- labeler:
- permissions:
- contents: read
- pull-requests: write
- runs-on: ubuntu-latest
- steps:
- - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
+ labeler:
+ permissions:
+ contents: read
+ pull-requests: write
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5
- - name: Notify in Slack in case of failure
- id: slack-notification
- if: failure() && github.event_name == 'schedule'
- uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
- with:
- vault_addr: ${{ secrets.VAULT_ADDR }}
- vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
- vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+ - name: Notify in Slack in case of failure
+ id: slack-notification
+ if: failure() && github.event_name == 'schedule'
+ uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
+ with:
+ vault_addr: ${{ secrets.VAULT_ADDR }}
+ vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
+ vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml
index f961770..67316bb 100644
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@@ -1,52 +1,53 @@
+---
name: Check external links
on:
- push:
- workflow_dispatch:
- schedule:
- - cron: "0 3 1 * *"
- pull_request:
- paths:
- - .github/workflows/links.yml
+ push:
+ workflow_dispatch:
+ schedule:
+ - cron: 0 3 1 * *
+ pull_request:
+ paths:
+ - .github/workflows/links.yml
jobs:
- lint:
- name: links-check
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ lint:
+ name: links-check
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- - name: Get Current Timestamp
- id: timestamp
- run: echo "TIMESTAMP=$(date +%s)" >> "$GITHUB_ENV"
+ - name: Get Current Timestamp
+ id: timestamp
+ run: echo "TIMESTAMP=$(date +%s)" >> "$GITHUB_ENV"
- - name: Restore lychee cache
- uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
- with:
- path: .lycheecache
- key: "cache-lychee-${{ env.TIMESTAMP }}"
- restore-keys: cache-lychee-
+ - name: Restore lychee cache
+ uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
+ with:
+ path: .lycheecache
+ key: cache-lychee-${{ env.TIMESTAMP }}
+ restore-keys: cache-lychee-
- - name: Link Checker
- uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
- with:
- fail: true
- args: -c ./lychee-links.toml --base . --cache --max-cache-age 1d . --verbose --no-progress '*.md' './**/*.md'
- token: "${{ secrets.GITHUB_TOKEN }}"
+ - name: Link Checker
+ uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
+ with:
+ fail: true
+ args: -c ./lychee-links.toml --base . --cache --max-cache-age 1d . --verbose --no-progress '*.md' './**/*.md'
+ token: ${{ secrets.GITHUB_TOKEN }}
- - name: Create Issue From File
- if: failure() && github.event_name == 'schedule'
- uses: peter-evans/create-issue-from-file@24452a72d85239eacf1468b0f1982a9f3fec4c94 # v5
- with:
- title: Link Checker Report
- content-filepath: ./lychee/out.md
- labels: report, automated issue
+ - name: Create Issue From File
+ if: failure() && github.event_name == 'schedule'
+ uses: peter-evans/create-issue-from-file@24452a72d85239eacf1468b0f1982a9f3fec4c94 # v5
+ with:
+ title: Link Checker Report
+ content-filepath: ./lychee/out.md
+ labels: report, automated issue
- - name: Notify in Slack in case of failure
- id: slack-notification
- if: failure() && github.event_name == 'schedule'
- uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
- with:
- vault_addr: ${{ secrets.VAULT_ADDR }}
- vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
- vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+ - name: Notify in Slack in case of failure
+ id: slack-notification
+ if: failure() && github.event_name == 'schedule'
+ uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
+ with:
+ vault_addr: ${{ secrets.VAULT_ADDR }}
+ vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
+ vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 00d2a99..678fde3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,132 +2,132 @@
name: Cluster creation and destruction test
on:
- schedule:
- - cron: '0 1 * * 1' # At 01:00 on Monday.
-
- workflow_dispatch:
- inputs:
- cluster_name:
- description: "Cluster name."
- required: false
- type: string
- delete_cluster:
- description: "Whether to delete the cluster."
- required: false
- type: boolean
- default: true
-
- pull_request:
- # the paths should be synced with ../labeler.yml
- paths:
- - modules/fixtures/**/*.tf
- - modules/**.tf
- - .tool-versions
- - .github/workflows/tests.yml
- - .github/actions/**/*.yml
- - justfile
+ schedule:
+ - cron: 0 1 * * 1 # At 01:00 on Monday.
+
+ workflow_dispatch:
+ inputs:
+ cluster_name:
+ description: Cluster name.
+ required: false
+ type: string
+ delete_cluster:
+ description: Whether to delete the cluster.
+ required: false
+ type: boolean
+ default: true
+
+ pull_request:
+ # the paths should be synced with ../labeler.yml
+ paths:
+ - modules/fixtures/**/*.tf
+ - modules/**.tf
+ - .tool-versions
+ - .github/workflows/tests.yml
+ - .github/actions/**/*.yml
+ - justfile
# limit to a single execution per actor of this workflow
concurrency:
- group: "${{ github.workflow }}-${{ github.ref }}"
- cancel-in-progress: true
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
env:
- AWS_PROFILE: "infex"
+ AWS_PROFILE: infex
- # please keep those variables synced with daily-cleanup.yml
- TESTS_AWS_REGION: "eu-west-2"
- TF_S3_BUCKET: "tests-rosa-tf-state-eu-central-1"
- TF_S3_REGION: "eu-central-1"
+ # please keep those variables synced with daily-cleanup.yml
+ TESTS_AWS_REGION: eu-west-2
+ TF_S3_BUCKET: tests-rosa-tf-state-eu-central-1
+ TF_S3_REGION: eu-central-1
- OCP_ADMIN_USERNAME: "kube-admin"
- OCP_NAMESPACE: "myns"
+ OCP_ADMIN_USERNAME: kube-admin
+ OCP_NAMESPACE: myns
jobs:
- action-test:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout repository
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- with:
- ref: ${{ github.head_ref }}
- fetch-depth: 0
-
- - name: Install tooling using asdf
- uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
-
- - name: Get OCP Cluster Name
- id: commit_info
- run: |
- if [[ -n "${{ inputs.cluster_name }}" ]]; then
- cluster_name="${{ inputs.cluster_name }}"
- else
- cluster_name="cl-$(git rev-parse --short HEAD)"
- fi
-
- echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
-
- - name: Import Secrets
- id: secrets
- uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
- with:
- url: ${{ secrets.VAULT_ADDR }}
- method: approle
- roleId: ${{ secrets.VAULT_ROLE_ID }}
- secretId: ${{ secrets.VAULT_SECRET_ID }}
- exportEnv: false
- secrets: |
- secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
- secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
- secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
- secret/data/products/infrastructure-experience/ci/common CI_OPENSHIFT_MAIN_PASSWORD;
+ action-test:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+ with:
+ ref: ${{ github.head_ref }}
+ fetch-depth: 0
+
+ - name: Install tooling using asdf
+ uses: asdf-vm/actions/install@05e0d2ed97b598bfce82fd30daf324ae0c4570e6 # v3
+
+ - name: Get OCP Cluster Name
+ id: commit_info
+ run: |
+ if [[ -n "${{ inputs.cluster_name }}" ]]; then
+ cluster_name="${{ inputs.cluster_name }}"
+ else
+ cluster_name="cl-$(git rev-parse --short HEAD)"
+ fi
+
+ echo "cluster_name=$cluster_name" >> "$GITHUB_OUTPUT"
+
+ - name: Import Secrets
+ id: secrets
+ uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3
+ with:
+ url: ${{ secrets.VAULT_ADDR }}
+ method: approle
+ roleId: ${{ secrets.VAULT_ROLE_ID }}
+ secretId: ${{ secrets.VAULT_SECRET_ID }}
+ exportEnv: false
+ secrets: |
+ secret/data/products/infrastructure-experience/ci/common AWS_ACCESS_KEY;
+ secret/data/products/infrastructure-experience/ci/common AWS_SECRET_KEY;
+ secret/data/products/infrastructure-experience/ci/common RH_OPENSHIFT_TOKEN;
+ secret/data/products/infrastructure-experience/ci/common CI_OPENSHIFT_MAIN_PASSWORD;
# Official action does not support profiles
- - name: Add profile credentials to ~/.aws/credentials
- run: |
- aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
- aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
- aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
-
- - name: Create Cluster
- timeout-minutes: 125
- uses: ./.github/actions/rosa-create-cluster
- id: create_cluster
- with:
- rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
- cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
- admin-username: ${{ env.OCP_ADMIN_USERNAME }}
- admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
- aws-region: ${{ env.TESTS_AWS_REGION }}
- s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
- s3-bucket-region: ${{ env.TF_S3_REGION }}
-
- - name: Create namespace if not exists
- shell: bash
- run: |
- if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
- oc new-project "${{ env.OCP_NAMESPACE }}"
- else
- echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
- fi
-
- - name: Delete Cluster
- timeout-minutes: 125
- if: always() && !(github.event_name == 'workflow_dispatch' && github.event.inputs.delete_cluster == 'false')
- uses: ./.github/actions/rosa-delete-cluster
- with:
- rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
- cluster-name: "${{ steps.commit_info.outputs.cluster_name }}"
- aws-region: ${{ env.TESTS_AWS_REGION }}
- s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
- s3-bucket-region: ${{ env.TF_S3_REGION }}
-
- - name: Notify in Slack in case of failure
- id: slack-notification
- if: failure() && github.event_name == 'schedule'
- uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
- with:
- vault_addr: ${{ secrets.VAULT_ADDR }}
- vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
- vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
+ - name: Add profile credentials to ~/.aws/credentials
+ run: |
+ aws configure set aws_access_key_id ${{ steps.secrets.outputs.AWS_ACCESS_KEY }} --profile ${{ env.AWS_PROFILE }}
+ aws configure set aws_secret_access_key ${{ steps.secrets.outputs.AWS_SECRET_KEY }} --profile ${{ env.AWS_PROFILE }}
+ aws configure set region ${{ env.TESTS_AWS_REGION }} --profile ${{ env.AWS_PROFILE }}
+
+ - name: Create Cluster
+ timeout-minutes: 125
+ uses: ./.github/actions/rosa-create-cluster
+ id: create_cluster
+ with:
+ rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
+ cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
+ admin-username: ${{ env.OCP_ADMIN_USERNAME }}
+ admin-password: ${{ steps.secrets.outputs.CI_OPENSHIFT_MAIN_PASSWORD }}
+ aws-region: ${{ env.TESTS_AWS_REGION }}
+ s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
+ s3-bucket-region: ${{ env.TF_S3_REGION }}
+
+ - name: Create namespace if not exists
+ shell: bash
+ run: |
+ if ! oc get namespace "${{ env.OCP_NAMESPACE }}"; then
+ oc new-project "${{ env.OCP_NAMESPACE }}"
+ else
+ echo "Namespace '${{ env.OCP_NAMESPACE }}' already exists"
+ fi
+
+ - name: Delete Cluster
+ timeout-minutes: 125
+ if: always() && !(github.event_name == 'workflow_dispatch' && github.event.inputs.delete_cluster == 'false')
+ uses: ./.github/actions/rosa-delete-cluster
+ with:
+ rh-token: ${{ steps.secrets.outputs.RH_OPENSHIFT_TOKEN }}
+ cluster-name: ${{ steps.commit_info.outputs.cluster_name }}
+ aws-region: ${{ env.TESTS_AWS_REGION }}
+ s3-backend-bucket: ${{ env.TF_S3_BUCKET }}
+ s3-bucket-region: ${{ env.TF_S3_REGION }}
+
+ - name: Notify in Slack in case of failure
+ id: slack-notification
+ if: failure() && github.event_name == 'schedule'
+ uses: camunda/infraex-common-config/.github/actions/report-failure-on-slack@fe25bf36edcc03717275a4e05969cdb5483388df # main
+ with:
+ vault_addr: ${{ secrets.VAULT_ADDR }}
+ vault_role_id: ${{ secrets.VAULT_ROLE_ID }}
+ vault_secret_id: ${{ secrets.VAULT_SECRET_ID }}
diff --git a/.lint/terraform_docs/.terraform-docs.yml b/.lint/terraform_docs/.terraform-docs.yml
index edd51d8..7cfe2d3 100644
--- a/.lint/terraform_docs/.terraform-docs.yml
+++ b/.lint/terraform_docs/.terraform-docs.yml
@@ -1,42 +1,42 @@
---
# Configuration documentation https://terraform-docs.io/user-guide/configuration/
-formatter: "markdown table" # Required
-version: "" # version is managed by asdf
+formatter: markdown table # Required
+version: '' # version is managed by asdf
header-from: main.tf
-footer-from: ""
+footer-from: ''
recursive:
- enabled: false
+ enabled: false
content: |-
- {{ .Modules }}
- {{ .Resources }}
- {{ .Inputs }}
- {{ .Outputs }}
+ {{ .Modules }}
+ {{ .Resources }}
+ {{ .Inputs }}
+ {{ .Outputs }}
sections:
- hide: []
- show: []
+ hide: []
+ show: []
output-values:
- enabled: false
- from: ""
+ enabled: false
+ from: ''
sort:
- enabled: true
- by: name
+ enabled: true
+ by: name
settings:
- anchor: true
- color: true
- default: true
- description: true
- escape: true
- hide-empty: false
- html: true
- indent: 2
- lockfile: false
- read-comments: true
- required: true
- sensitive: true
- type: true
+ anchor: true
+ color: true
+ default: true
+ description: true
+ escape: true
+ hide-empty: false
+ html: true
+ indent: 2
+ lockfile: false
+ read-comments: true
+ required: true
+ sensitive: true
+ type: true