chore(ci): use terraform variables json file

gip-inclusion · Apr 19, 2024 · de1dc6f · de1dc6f
1 parent eebede8
commit de1dc6f
Showing 1 changed file with 10 additions and 46 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -100,52 +100,7 @@ jobs:
       AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
-      # `TF_VAR_*` are case sensitive and must match the case of variables
-
-      # Scaleway ressources configuration
-      TF_VAR_dns_subdomain: ${{ vars.DNS_SUBDOMAIN }}
-      TF_VAR_dns_zone: ${{ vars.DNS_ZONE }}
-      TF_VAR_environment: ${{ vars.ENVIRONMENT }}
-      TF_VAR_scaleway_access_key: ${{ vars.SCALEWAY_ACCESS_KEY }}
-      TF_VAR_scaleway_application_id: ${{ vars.SCALEWAY_APPLICATION_ID }}
-      TF_VAR_scaleway_project_id: ${{ vars.SCALEWAY_PROJECT_ID }}
-      TF_VAR_scaleway_secret_key: ${{ secrets.SCALEWAY_SECRET_KEY }}
-      TF_VAR_api_scw_application_id: ${{ vars.API_SCW_APPLICATION_ID }}
-      TF_VAR_ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
-
-      TF_VAR_stack_version: ${{ github.sha }}
-
-      # Datawarehouse
-      TF_VAR_datawarehouse_di_database: ${{ vars.DATAWAREHOUSE_DI_DATABASE }}
-      TF_VAR_datawarehouse_di_password: ${{ secrets.DATAWAREHOUSE_DI_PASSWORD }}
-      TF_VAR_datawarehouse_di_username: ${{ vars.DATAWAREHOUSE_DI_USERNAME }}
-
-      # Airflow settings
-      TF_VAR_airflow__core__fernet_key: ${{ secrets.AIRFLOW__CORE__FERNET_KEY }}
-      TF_VAR_airflow_admin_password: ${{ secrets.AIRFLOW_ADMIN_PASSWORD }}
-      TF_VAR_airflow__sentry__sentry_dsn: ${{ vars.AIRFLOW__SENTRY__SENTRY_DSN }}
-
-      # Airflow connections
-      TF_VAR_airflow_conn_mattermost: ${{ secrets.AIRFLOW_CONN_MATTERMOST }}
-      TF_VAR_airflow_conn_s3_sources: ${{ secrets.AIRFLOW_CONN_S3_SOURCES }}
-      TF_VAR_airflow_conn_pg_api: ${{ secrets.AIRFLOW_CONN_PG_API }}
-      TF_VAR_airflow_conn_ssh_api: ${{ secrets.AIRFLOW_CONN_SSH_API }}
-
-      TF_VAR_airflow_application_id: ${{ vars.AIRFLOW_APPLICATION_ID }}
-      TF_VAR_airflow_access_key: ${{ vars.AIRFLOW_ACCESS_KEY }}
-      TF_VAR_airflow_secret_key: ${{ secrets.AIRFLOW_SECRET_KEY }}
-
-      # Airflow variables
-      TF_VAR_brevo_api_key: ${{ secrets.BREVO_API_KEY }}
-      TF_VAR_datagouv_api_key: ${{ secrets.DATAGOUV_API_KEY }}
-      TF_VAR_dora_api_token: ${{ secrets.DORA_API_TOKEN }}
-      TF_VAR_dora_api_url: ${{ vars.DORA_API_URL }}
-      TF_VAR_emplois_api_token: ${{ secrets.EMPLOIS_API_TOKEN }}
-      TF_VAR_ft_api_token: ${{ secrets.FT_API_TOKEN }}
-      TF_VAR_grist_api_token: ${{ secrets.GRIST_API_TOKEN }}
-      TF_VAR_mes_aides_airtable_key: ${{ secrets.MES_AIDES_AIRTABLE_KEY }}
-      TF_VAR_siao_file_url: ${{ vars.SIAO_FILE_URL }}
-      TF_VAR_soliguide_api_token: ${{ secrets.SOLIGUIDE_API_TOKEN }}
+      TF_VARS: ${{ secrets.TF_VARS }}
 
     defaults:
       run:
@@ -158,6 +113,15 @@ jobs:
         with:
           terraform_version: "1.6.1"
 
+      - name: mask tf variables
+        run: |
+          echo "${TF_VARS}" | jq --raw-output 'to_entries | map("::add-mask::\(.value // empty)") | .[]'
+
+      # `TF_VAR_*` are case sensitive and must match the case of variables
+      - name: set tf variables
+        run: |
+          echo "${TF_VARS}" | jq --raw-output 'to_entries | map("TF_VAR_\(.key)=\(.value //  "")") | .[]' >> "${GITHUB_ENV}"
+
       - name: tf init
         run: |
           terraform init \