From d5ae1233fd55ac8ea41a72143e5cead7cce89e1d Mon Sep 17 00:00:00 2001 From: iamgp21 Date: Fri, 15 Aug 2025 19:03:35 +0530 Subject: [PATCH 1/6] Added Workflow for DbaC deployment --- .github/workflows/dbac-deploy.yaml | 78 ++++++++++++++++++++++++++++++ modules/README.md | 25 ---------- modules/database/README.md | 31 ------------ 3 files changed, 78 insertions(+), 56 deletions(-) create mode 100644 .github/workflows/dbac-deploy.yaml delete mode 100644 modules/README.md delete mode 100644 modules/database/README.md diff --git a/.github/workflows/dbac-deploy.yaml b/.github/workflows/dbac-deploy.yaml new file mode 100644 index 0000000..0dac2f7 --- /dev/null +++ b/.github/workflows/dbac-deploy.yaml @@ -0,0 +1,78 @@ +name: DbaC Deploy + +on: + workflow_dispatch: + + workflow_run: + workflows: ["Generate terraform docs"] # Name of the tf-docs.yaml workflow + types: + - completed + branches: + - dev + + paths: + - 'versions.tf' + - 'provider.tf' + - 'tfvars/wsl.tfvars' + - 'entrypoint.tf' + - 'modules/**' + +env: + # Set the default postgresql user admin password: + TF_VAR_postgresql_default_password: ${{ secrets.POSTGRES_USER_DEFAULT_PASSWORD }} + +jobs: + dbac_deploy: + name: 'dbac deploy' + runs-on: DbaC + defaults: + run: + working-directory: './' + + permissions: + contents: 'read' + id-token: 'write' + + steps: + # Checkout the repository to the GitHub Actions runner + - name: Checkout + uses: 'actions/checkout@v4' + + # Install Node.js + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: '20' # Use the appropriate version of Node.js + + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token + - name: "Setup Terraform" + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.9.0" + + # Checks that all Terraform configuration files adhere to a canonical format + - name: "Terraform Format" + id: fmt + run: terraform fmt + continue-on-error: false + + # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. + - name: "Terraform Initialize" + id: init + run: | + terraform init -backend-config="backends/wsl.hcl" -input=false + + # Generates an execution plan for Terraform + - name: "Terraform Plan" + id: plan + run: terraform plan -var-file tfvars/wsl.tfvars -refresh=true -input=false -lock=false -no-color + + # Exit when plan failes + - name: "Terraform Plan Status" + if: steps.plan.outcome == 'failure' + run: exit 1 + + - name: "Terraform Apply" + id: apply + if: github.event_name == 'push' + run: terraform apply -var-file tfvars/wsl.tfvars -input=false -lock=false -auto-approve -no-color \ No newline at end of file diff --git a/modules/README.md b/modules/README.md deleted file mode 100644 index ef2fa69..0000000 --- a/modules/README.md +++ /dev/null @@ -1,25 +0,0 @@ - -## Requirements - -No requirements. - -## Providers - -No providers. - -## Modules - -No modules. - -## Resources - -No resources. - -## Inputs - -No inputs. - -## Outputs - -No outputs. - \ No newline at end of file diff --git a/modules/database/README.md b/modules/database/README.md deleted file mode 100644 index a097575..0000000 --- a/modules/database/README.md +++ /dev/null @@ -1,31 +0,0 @@ - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [postgresql.wsl](#provider\_postgresql.wsl) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [postgresql_database.example_db](https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/database) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [postgresql\_databases](#input\_postgresql\_databases) | A map of PostgreSQL databases to create | 
map(object({
        name     = string
        db_owner = string
    }))
| `{}` | no | - -## Outputs - -No outputs. - \ No newline at end of file From d9a684ca66911286dc79d57bf44734eb9097f334 Mon Sep 17 00:00:00 2001 From: iamgp21 Date: Fri, 15 Aug 2025 19:07:04 +0530 Subject: [PATCH 2/6] Updated the workflow --- .github/workflows/dbac-deploy.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dbac-deploy.yaml b/.github/workflows/dbac-deploy.yaml index 0dac2f7..d1beb31 100644 --- a/.github/workflows/dbac-deploy.yaml +++ b/.github/workflows/dbac-deploy.yaml @@ -16,6 +16,7 @@ on: - 'tfvars/wsl.tfvars' - 'entrypoint.tf' - 'modules/**' + - .github/workflows/dbac-deploy.yaml env: # Set the default postgresql user admin password: From eb5256983faca135eab205ea52ef1a5696777f3a Mon Sep 17 00:00:00 2001 From: iamgp21 Date: Fri, 15 Aug 2025 19:13:48 +0530 Subject: [PATCH 3/6] removed paths attribute for workflow_run context --- .github/workflows/dbac-deploy.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dbac-deploy.yaml b/.github/workflows/dbac-deploy.yaml index d1beb31..34d8f89 100644 --- a/.github/workflows/dbac-deploy.yaml +++ b/.github/workflows/dbac-deploy.yaml @@ -10,13 +10,13 @@ on: branches: - dev - paths: - - 'versions.tf' - - 'provider.tf' - - 'tfvars/wsl.tfvars' - - 'entrypoint.tf' - - 'modules/**' - - .github/workflows/dbac-deploy.yaml + # paths: + # - 'versions.tf' + # - 'provider.tf' + # - 'tfvars/wsl.tfvars' + # - 'entrypoint.tf' + # - 'modules/**' + # - .github/workflows/dbac-deploy.yaml env: # Set the default postgresql user admin password: From 8c67276f530f4b11ab3ae78eb95fc94ee6b472b7 Mon Sep 17 00:00:00 2001 From: iamgp21 Date: Fri, 15 Aug 2025 19:15:20 +0530 Subject: [PATCH 4/6] changed branch to main from dev --- .github/workflows/dbac-deploy.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dbac-deploy.yaml b/.github/workflows/dbac-deploy.yaml index 34d8f89..893aac0 100644 --- a/.github/workflows/dbac-deploy.yaml +++ b/.github/workflows/dbac-deploy.yaml @@ -8,7 +8,7 @@ on: types: - completed branches: - - dev + - main # paths: # - 'versions.tf' From 97dc3fe079d21a31d1a38d93c934a99484a94e65 Mon Sep 17 00:00:00 2001 From: iamgp21 Date: Fri, 15 Aug 2025 19:24:49 +0530 Subject: [PATCH 5/6] Refractored to single workflow --- .github/workflows/dbac-deploy.yaml | 40 ++++++++++++++++++++++++------ .github/workflows/tf-docs.yaml | 27 -------------------- 2 files changed, 33 insertions(+), 34 deletions(-) delete mode 100644 .github/workflows/tf-docs.yaml diff --git a/.github/workflows/dbac-deploy.yaml b/.github/workflows/dbac-deploy.yaml index 893aac0..7f48a25 100644 --- a/.github/workflows/dbac-deploy.yaml +++ b/.github/workflows/dbac-deploy.yaml @@ -3,13 +3,10 @@ name: DbaC Deploy on: workflow_dispatch: - workflow_run: - workflows: ["Generate terraform docs"] # Name of the tf-docs.yaml workflow - types: - - completed + pull_request: branches: - main - + # paths: # - 'versions.tf' # - 'provider.tf' @@ -17,15 +14,44 @@ on: # - 'entrypoint.tf' # - 'modules/**' # - .github/workflows/dbac-deploy.yaml - + + # workflow_run: + # workflows: ["Generate terraform docs"] # Name of the tf-docs.yaml workflow + # types: + # - completed + # branches: + # - main + env: # Set the default postgresql user admin password: TF_VAR_postgresql_default_password: ${{ secrets.POSTGRES_USER_DEFAULT_PASSWORD }} -jobs: +jobs: + + docs: + runs-on: ubuntu-latest + + permissions: + contents: 'write' + + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} # Use the PR branch for checkout + + - name: Render terraform docs inside the README.md and push changes back to PR branch + uses: terraform-docs/gh-actions@v1.4.1 + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" + dbac_deploy: name: 'dbac deploy' runs-on: DbaC + needs: [docs] + defaults: run: working-directory: './' diff --git a/.github/workflows/tf-docs.yaml b/.github/workflows/tf-docs.yaml deleted file mode 100644 index 73ee4c5..0000000 --- a/.github/workflows/tf-docs.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Generate terraform docs -on: - pull_request: - branches: - - main - - workflow_dispatch: - -jobs: - docs: - runs-on: ubuntu-latest - - permissions: - contents: 'write' - - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.ref }} # Use the PR branch for checkout - - - name: Render terraform docs inside the README.md and push changes back to PR branch - uses: terraform-docs/gh-actions@v1.4.1 - with: - working-dir: . - output-file: README.md - output-method: inject - git-push: "true" \ No newline at end of file From 412ff5ad61c4bb78f553fd49c76187fc81967b03 Mon Sep 17 00:00:00 2001 From: iamgp21 Date: Fri, 15 Aug 2025 19:28:16 +0530 Subject: [PATCH 6/6] Updated the actions --- .github/workflows/dbac-deploy.yaml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dbac-deploy.yaml b/.github/workflows/dbac-deploy.yaml index 7f48a25..475ec3c 100644 --- a/.github/workflows/dbac-deploy.yaml +++ b/.github/workflows/dbac-deploy.yaml @@ -6,7 +6,7 @@ on: pull_request: branches: - main - + # paths: # - 'versions.tf' # - 'provider.tf' @@ -88,18 +88,15 @@ jobs: id: init run: | terraform init -backend-config="backends/wsl.hcl" -input=false + continue-on-error: false # Generates an execution plan for Terraform - name: "Terraform Plan" id: plan run: terraform plan -var-file tfvars/wsl.tfvars -refresh=true -input=false -lock=false -no-color - - # Exit when plan failes - - name: "Terraform Plan Status" - if: steps.plan.outcome == 'failure' - run: exit 1 + continue-on-error: false - name: "Terraform Apply" id: apply - if: github.event_name == 'push' + if: steps.plan.outcome == 'success' run: terraform apply -var-file tfvars/wsl.tfvars -input=false -lock=false -auto-approve -no-color \ No newline at end of file