diff --git a/.github/workflows/dsf_poc_cli.yml b/.github/workflows/dsf_poc_cli.yml index c42fc0088..7c57c787b 100644 --- a/.github/workflows/dsf_poc_cli.yml +++ b/.github/workflows/dsf_poc_cli.yml @@ -6,14 +6,11 @@ on: use_modules_from_terraform_registry: required: true type: boolean - explicit_ref: - required: true - type: string deployment_type: required: false type: string default: 'all' - version: + product_version: type: string default: 'latest' required: false @@ -36,6 +33,7 @@ on: workflow_dispatch: inputs: use_modules_from_terraform_registry: + description: 'Use modules from Terraform Registry' type: boolean required: false delay_destroy: @@ -53,6 +51,11 @@ on: type: string default: 'latest' required: false + use_sonar_cloud: + description: 'Use Sonar Cloud instead of Imperva' + type: boolean + default: false + required: false push: branches: - 'dev' @@ -81,10 +84,12 @@ on: env: TF_CLI_ARGS: "-no-color" TF_INPUT: 0 - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ (inputs.use_sonar_cloud && secrets.SONAR_AWS_ACCESS_KEY_ID) || secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ (inputs.use_sonar_cloud && secrets.SONAR_AWS_SECRET_ACCESS_KEY) || secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: eu-west-2 DESTROY_DELAY_SECONDS: 1800 - TF_VAR_additional_tags: ${{ secrets.DEPLOYMENT_TAGS }} + WORKING_DIRECTORY: examples/aws/poc/dsf_deployment + TERRAFORM_VERSION: "~1.7.0" permissions: contents: read @@ -94,7 +99,6 @@ jobs: runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} - deployment_version: ${{ steps.set-deployment-version.outputs.deployment_version }} steps: - name: Set Matrix id: set-matrix @@ -112,21 +116,6 @@ jobs: echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" - - name: Set deployment version - id: set-deployment-version - run: | - DEPLOYMENT_VERSION="" - if [[ "${{ github.event.inputs.product_version }}" != "latest" && -n "${{ github.event.inputs.product_version }}" ]]; then - if [[ "${{ github.event.inputs.deployment_type }}" == "dam" ]]; then - DEPLOYMENT_VERSION="dam_version=${{ github.event.inputs.product_version }}" - elif [[ "${{ github.event.inputs.deployment_type }}" == "dra" ]]; then - DEPLOYMENT_VERSION="dra_version=${{ github.event.inputs.product_version }}" - elif [[ "${{ github.event.inputs.deployment_type }}" == "sonar" ]]; then - DEPLOYMENT_VERSION="sonar_version=${{ github.event.inputs.product_version }}" - fi - fi - echo "deployment_version=$DEPLOYMENT_VERSION" >> $GITHUB_OUTPUT - terraform: needs: prepare-matrix strategy: @@ -135,56 +124,34 @@ jobs: name: '${{ matrix.name }}' runs-on: ubuntu-latest - env: - EXAMPLE_DIR: ./examples/aws/poc/dsf_deployment - AWS_REGION: eu-west-2 - TF_VAR_enable_sonar: ${{ matrix.enable_sonar }} - TF_VAR_enable_dam: ${{ matrix.enable_dam }} - TF_VAR_enable_dra: ${{ matrix.enable_dra }} - TF_VAR_allowed_ssh_cidrs: ${{ secrets.ALLOWED_SSH_CIDRS }} - DEPLOYMENT_VERSION: ${{ needs.prepare-matrix.outputs.deployment_version }} - - # Define the dynamic version string based on deployment_type and product_version - environment: test - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash + working-directory: ${{ env.WORKING_DIRECTORY }} + steps: - - name: Pick ref - run: | - if [ -z "${{ inputs.explicit_ref }}" ]; then - echo REF=${{ github.ref }} >> $GITHUB_ENV; - else - echo REF=${{ inputs.explicit_ref }} >> $GITHUB_ENV; - fi + - name: Checkout + uses: actions/checkout@v3 - name: Set Workspace Name run: | echo "Event Name: ${{ github.event_name }}" if [ ${{ github.event_name }} == 'schedule' ]; then - echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.event_name }}-$REF >> $GITHUB_ENV + echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.event_name }}-${{ github.ref }} >> $GITHUB_ENV else - echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.explicit_ref }} >> $GITHUB_ENV - echo TMP_WORKSPACE_NAME=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.explicit_ref }} >> $GITHUB_ENV + echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ github.ref }} >> $GITHUB_ENV + echo TMP_WORKSPACE_NAME=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ github.ref }} >> $GITHUB_ENV fi - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v3 - with: - ref: ${{ env.REF }} - - name: Change the modules source to local if: ${{ inputs.use_modules_from_terraform_registry == false }} - run: | - find ./examples/ -type f -exec sed -i -f sed.expr {} \; + run: find -type f -exec sed -i -f "${GITHUB_WORKSPACE}/sed.expr" {} \; - name: Create terraform backend file run: | - cat << EOF > $EXAMPLE_DIR/backend.tf + cat << EOF > backend.tf terraform { backend "s3" { bucket = "terraform-state-bucket-dsfkit-github-tests" @@ -195,80 +162,94 @@ jobs: } EOF + - name: Crate terraform var file + env: + DEPLOYMENT_TAGS: "${{ secrets.DEPLOYMENT_TAGS }}" + ALLOWED_SSH_CIDRS: "${{ secrets.ALLOWED_SSH_CIDRS }}" + run: | + + echo "enable_sonar=${{ matrix.enable_sonar }}" >> terraform.tfvars + echo "enable_dam=${{ matrix.enable_dam }}" >> terraform.tfvars + echo "enable_dra=${{ matrix.enable_dra }}" >> terraform.tfvars + + if [[ -n "${DEPLOYMENT_TAGS}" ]]; then + echo "additional_tags=${DEPLOYMENT_TAGS}" >> terraform.tfvars + fi + + if [[ -n "${ALLOWED_SSH_CIDRS}" ]]; then + echo "allowed_ssh_cidrs=${ALLOWED_SSH_CIDRS}" >> terraform.tfvars + fi + + echo "dam_license=\"license.mprv\"" >> terraform.tfvars + + if [[ "${{ github.event.inputs.product_version }}" != "latest" && -n "${{ github.event.inputs.product_version }}" ]]; then + if [[ "${{ github.event.inputs.deployment_type }}" == "dam" ]]; then + echo "dam_version=\"${{ github.event.inputs.product_version }}\"" >> terraform.tfvars + elif [[ "${{ github.event.inputs.deployment_type }}" == "dra" ]]; then + echo "dra_version=\"${{ github.event.inputs.product_version }}\"" >> terraform.tfvars + elif [[ "${{ github.event.inputs.deployment_type }}" == "sonar" ]]; then + echo "sonar_version=\"${{ github.event.inputs.product_version }}\"" >> terraform.tfvars + fi + fi + cat terraform.tfvars + # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_wrapper: false - terraform_version: ~1.7.0 - - - name: Setup jq - uses: sergeysova/jq-action@v2 + terraform_version: ${{ env.TERRAFORM_VERSION }} - name: Create License File - env: - MY_SECRET: ${{ secrets.DAM_LICENSE }} run: | - echo "${{ secrets.DAM_LICENSE }}" | base64 -d > $EXAMPLE_DIR/license.mprv - cat $EXAMPLE_DIR/license.mprv + echo "${{ secrets.DAM_LICENSE }}" | base64 -d > license.mprv + cat license.mprv # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init - run: terraform -chdir=$EXAMPLE_DIR init + run: terraform init env: TF_WORKSPACE: default - name: Cleaning environment run: | if [ ${{ github.event_name }} == 'schedule' ]; then - mv $EXAMPLE_DIR/main.tf{,_} - mv $EXAMPLE_DIR/outputs.tf{,_} - mv $EXAMPLE_DIR/dam.tf{,_} - mv $EXAMPLE_DIR/dra.tf{,_} - mv $EXAMPLE_DIR/sonar.tf{,_} - mv $EXAMPLE_DIR/networking.tf{,_} - mv $EXAMPLE_DIR/agentless_sources.tf{,_} - mv $EXAMPLE_DIR/agent_sources.tf{,_} - terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve - mv $EXAMPLE_DIR/main.tf{_,} - mv $EXAMPLE_DIR/outputs.tf{_,} - mv $EXAMPLE_DIR/dam.tf{_,} - mv $EXAMPLE_DIR/dra.tf{_,} - mv $EXAMPLE_DIR/sonar.tf{_,} - mv $EXAMPLE_DIR/networking.tf{_,} - mv $EXAMPLE_DIR/agentless_sources.tf{_,} - mv $EXAMPLE_DIR/agent_sources.tf{_,} + mv main.tf{,_} + mv outputs.tf{,_} + mv dam.tf{,_} + mv dra.tf{,_} + mv sonar.tf{,_} + mv networking.tf{,_} + mv agentless_sources.tf{,_} + mv agent_sources.tf{,_} + terraform destroy -auto-approve + mv main.tf{_,} + mv outputs.tf{_,} + mv dam.tf{_,} + mv dra.tf{_,} + mv sonar.tf{_,} + mv networking.tf{_,} + mv agentless_sources.tf{_,} + mv agent_sources.tf{_,} fi - name: Terraform Validate - run: terraform -chdir=$EXAMPLE_DIR validate - - # Generates an execution plan for Terraform - - name: Terraform Plan - run: | - terraform -chdir=$EXAMPLE_DIR workspace list - # Only pass DEPLOYMENT_VERSION if it's not empty - if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then - terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }} - else - terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv - fi + run: terraform validate # On push to "main", build or change infrastructure according to Terraform configuration files # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - name: Terraform Apply id: apply # if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch' - run: | - if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then - terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }} -auto-approve - else - terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -auto-approve - fi + run: terraform apply -auto-approve - name: Terraform Output if: always() - run: terraform -chdir=$EXAMPLE_DIR output -json + run: terraform output -json + + - name: Terraform State + if: always() + run: terraform show -json - name: Collect Artifacts id: collect-artifacts @@ -276,8 +257,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: collected-keys-${{ env.TF_WORKSPACE }} - path: | - ${{ env.EXAMPLE_DIR }}/ssh_keys + path: ssh_keys - name: Check how was the workflow run id: check-trigger @@ -307,45 +287,26 @@ jobs: if: always() run: | if [ '${{ steps.apply.conclusion }}' == 'success' ] || [ ${{ github.event_name }} != 'schedule' ]; then - if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then - terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }} -auto-approve - else - terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve - fi + terraform destroy -auto-approve fi - name: Terraform Delete Workspace if: always() run: | if [ '${{ steps.destroy.conclusion }}' == 'success' ] && [ ${{ github.event_name }} != 'schedule' ]; then - terraform -chdir=$EXAMPLE_DIR workspace delete $TMP_WORKSPACE_NAME + terraform workspace delete $TMP_WORKSPACE_NAME fi env: TF_WORKSPACE: default - - # Send job failure to Slack + # Send job failure to Slack - name: Send Slack When Failure run: | - if [ ${{ env.REF }} == 'master' ]; then + if [ ${{ github.ref }} == 'master' ]; then curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ matrix.name }} Prod ${{ inputs.workspace }} automation Failed*\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#dsfkit-prod"}' ${{ secrets.SLACK_WEBHOOK_URL }} - elif [ ${{ env.REF }} == 'dev' ]; then + elif [ ${{ github.ref }} == 'dev' ]; then curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ matrix.name }} dev ${{ inputs.workspace }} automation Failed*\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }} else curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ matrix.name }} private branch ${{ inputs.workspace }} automation Failed*\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }} fi if: ${{ failure() }} - - # This step allows time for investigation of the failed resources before destroying them - - name: Conditional Delay - run: | - echo "delay_destroy: ${{ inputs.delay_destroy }}" - if [ "${{ inputs.delay_destroy }}" == "true" ]; then - echo "Terraform workspace: $TF_WORKSPACE" - curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ github.workflow }} ${{ env.TF_WORKSPACE }} automation Failed*\n You have ${{ env.DESTROY_DELAY_SECONDS }} seconds to investigate the environment before it is destroyed :alarm_clock:\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }} - echo "" - echo "Sleeping for $((DESTROY_DELAY_SECONDS / 60)) minutes before destroying the environment" - sleep $DESTROY_DELAY_SECONDS - fi - - diff --git a/.github/workflows/dsf_poc_cli_azure.yml b/.github/workflows/dsf_poc_cli_azure.yml index c50e9637e..366f19ba2 100644 --- a/.github/workflows/dsf_poc_cli_azure.yml +++ b/.github/workflows/dsf_poc_cli_azure.yml @@ -6,9 +6,6 @@ on: use_modules_from_terraform_registry: required: true type: boolean - explicit_ref: - required: true - type: string deployment_type: required: false type: string @@ -35,6 +32,7 @@ on: workflow_dispatch: inputs: use_modules_from_terraform_registry: + description: 'Use modules from Terraform Registry' type: boolean required: false delay_destroy: @@ -82,6 +80,9 @@ env: ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }} ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} DESTROY_DELAY_SECONDS: 1800 + WORKING_DIRECTORY: examples/azure/poc/dsf_deployment + TERRAFORM_VERSION: "~1.7.0" + permissions: contents: read @@ -90,7 +91,6 @@ jobs: runs-on: ubuntu-latest outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} - deployment_version: ${{ steps.set-deployment-version.outputs.deployment_version }} steps: - name: Set Matrix id: set-matrix @@ -108,75 +108,42 @@ jobs: echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" - - name: Set deployment version - id: set-deployment-version - run: | - DEPLOYMENT_VERSION="" - if [[ "${{ github.event.inputs.product_full_version }}" != "latest" && -n "${{ github.event.inputs.product_full_version }}" ]]; then - if [[ "${{ github.event.inputs.deployment_type }}" == "dam" ]]; then - DEPLOYMENT_VERSION="dam_version=${{ github.event.inputs.product_full_version }}" - elif [[ "${{ github.event.inputs.deployment_type }}" == "sonar" ]]; then - DEPLOYMENT_VERSION="sonar_version=${{ github.event.inputs.product_full_version }}" - elif [[ "${{ github.event.inputs.deployment_type }}" == "dra" ]]; then - DEPLOYMENT_VERSION="dra_version=${{ github.event.inputs.product_full_version }}" - fi - fi - echo "deployment_version=$DEPLOYMENT_VERSION" >> $GITHUB_OUTPUT - terraform: needs: prepare-matrix strategy: fail-fast: false matrix: ${{ fromJson(needs.prepare-matrix.outputs.matrix) }} + name: '${{ matrix.name }}' runs-on: ubuntu-latest - env: - EXAMPLE_DIR: ./examples/azure/poc/dsf_deployment - TF_VAR_enable_sonar: ${{ matrix.enable_sonar }} - TF_VAR_enable_dam: ${{ matrix.enable_dam }} - TF_VAR_enable_dra: ${{ matrix.enable_dra }} - TF_VAR_allowed_ssh_cidrs: ${{ secrets.ALLOWED_SSH_CIDRS }} - DEPLOYMENT_VERSION: ${{ needs.prepare-matrix.outputs.deployment_version }} - environment: test - # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest defaults: run: shell: bash + working-directory: ${{ env.WORKING_DIRECTORY }} + steps: - - name: Pick ref - run: | - if [ -z "${{ inputs.explicit_ref }}" ]; then - echo REF=${{ github.ref }} >> $GITHUB_ENV; - else - echo REF=${{ inputs.explicit_ref }} >> $GITHUB_ENV; - fi + - name: Checkout + uses: actions/checkout@v3 - name: Set Workspace Name run: | echo "Event Name: ${{ github.event_name }}" if [ ${{ github.event_name }} == 'schedule' ]; then - echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.event_name }}-$REF >> $GITHUB_ENV + echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.event_name }}-${{ github.ref }} >> $GITHUB_ENV else - echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.explicit_ref }} >> $GITHUB_ENV - echo TMP_WORKSPACE_NAME=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ inputs.explicit_ref }} >> $GITHUB_ENV + echo TF_WORKSPACE=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ github.github.ref }} >> $GITHUB_ENV + echo TMP_WORKSPACE_NAME=${{ matrix.workspace }}${{ github.run_number }}-${{ github.run_attempt }}-${{ github.github.ref }} >> $GITHUB_ENV fi - # Checkout the repository to the GitHub Actions runner - - name: Checkout - uses: actions/checkout@v3 - with: - ref: ${{ env.REF }} - - name: Change the modules source to local if: ${{ inputs.use_modules_from_terraform_registry == false }} - run: | - find $EXAMPLE_DIR -type f -exec sed -i -f sed.expr {} \; + run: find -type f -exec sed -i -f "${GITHUB_WORKSPACE}/sed.expr" {} \; - name: Create terraform backend file run: | - cat << EOF > $EXAMPLE_DIR/backend.tf + cat << EOF > backend.tf terraform { backend "s3" { bucket = "terraform-state-bucket-dsfkit-github-tests" @@ -190,17 +157,17 @@ jobs: - name: Set parameters in azure storage account run: | if [ "${{ github.event.inputs.deployment_type }}" == "dra" ] && [ "${{ github.event.inputs.product_full_version }}" != "latest" ] && [ -n "${{ github.event.inputs.product_full_version }}" ]; then - PATH_TO_DRA_ANALYTICS_VHD="DRA-${{ github.event.inputs.product_full_version }}_x86_64-Analytics.vhd" - PATH_TO_DRA_ADMIN_VHD="DRA-${{ github.event.inputs.product_full_version }}_x86_64-Admin.vhd" + PATH_TO_DRA_ANALYTICS_VHD="DRA-${{ github.event.inputs.product_full_version }}_x86_64-Analytics.vhd" + PATH_TO_DRA_ADMIN_VHD="DRA-${{ github.event.inputs.product_full_version }}_x86_64-Admin.vhd" else - PATH_TO_DRA_ANALYTICS_VHD="DRA-4.17.0.10.0.6_31077_x86_64-Analytics.vhd" - PATH_TO_DRA_ADMIN_VHD="DRA-4.17.0.10.0.6_31077_x86_64-Admin.vhd" + PATH_TO_DRA_ANALYTICS_VHD="DRA-4.17.0.10.0.6_31077_x86_64-Analytics.vhd" + PATH_TO_DRA_ADMIN_VHD="DRA-4.17.0.10.0.6_31077_x86_64-Admin.vhd" fi if [ "${{ github.event.inputs.deployment_type }}" == "sonar" ] && [ "${{ github.event.inputs.product_full_version }}" != "latest" ] && [ -n "${{ github.event.inputs.product_full_version }}" ]; then - AZ_BLOB_SONAR="jsonar-${{ github.event.inputs.product_full_version }}.tar.gaz" + AZ_BLOB_SONAR="jsonar-${{ github.event.inputs.product_full_version }}.tar.gaz" else - AZ_BLOB_SONAR="jsonar-4.19.0.10.0.tar.gz" + AZ_BLOB_SONAR="jsonar-4.19.0.10.0.tar.gz" fi echo "PATH_TO_DRA_ANALYTICS_VHD=$PATH_TO_DRA_ANALYTICS_VHD" >> $GITHUB_ENV @@ -209,7 +176,7 @@ jobs: - name: Create terraform.tfvars file run: | - cat << EOF > $EXAMPLE_DIR/terraform.tfvars + cat << EOF > terraform.tfvars resource_group_location = "East US" tarball_location = { az_resource_group = "dsf-rg" @@ -234,85 +201,91 @@ jobs: container_name = "dra" path_to_vhd = "$PATH_TO_DRA_ANALYTICS_VHD" } - EOF + + echo "enable_sonar=${{ matrix.enable_sonar }}" >> terraform.tfvars + echo "enable_dam=${{ matrix.enable_dam }}" >> terraform.tfvars + echo "enable_dra=${{ matrix.enable_dra }}" >> terraform.tfvars + + if [[ -n "${DEPLOYMENT_TAGS}" ]]; then + echo "additional_tags=${DEPLOYMENT_TAGS}" >> terraform.tfvars + fi + + if [[ -n "${ALLOWED_SSH_CIDRS}" ]]; then + echo "allowed_ssh_cidrs=${ALLOWED_SSH_CIDRS}" >> terraform.tfvars + fi + + echo "dam_license=\"license.mprv\"" >> terraform.tfvars + + if [[ "${{ github.event.inputs.product_version }}" != "latest" && -n "${{ github.event.inputs.product_version }}" ]]; then + if [[ "${{ github.event.inputs.deployment_type }}" == "dam" ]]; then + echo "dam_version=\"${{ github.event.inputs.product_version }}\"" >> terraform.tfvars + elif [[ "${{ github.event.inputs.deployment_type }}" == "dra" ]]; then + echo "dra_version=\"${{ github.event.inputs.product_version }}\"" >> terraform.tfvars + elif [[ "${{ github.event.inputs.deployment_type }}" == "sonar" ]]; then + echo "sonar_version=\"${{ github.event.inputs.product_version }}\"" >> terraform.tfvars + fi + fi + cat terraform.tfvars # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_wrapper: false - terraform_version: ~1.7.0 - - - name: Setup jq - uses: sergeysova/jq-action@v2 + terraform_version: ${{ env.TERRAFORM_VERSION }} - name: Create License File - env: - MY_SECRET: ${{ secrets.DAM_LICENSE }} run: | - echo "${{ secrets.DAM_LICENSE }}" | base64 -d > $EXAMPLE_DIR/license.mprv - cat $EXAMPLE_DIR/license.mprv + echo "${{ secrets.DAM_LICENSE }}" | base64 -d > license.mprv + cat license.mprv # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. - name: Terraform Init - run: terraform -chdir=$EXAMPLE_DIR init + run: terraform init env: TF_WORKSPACE: default - name: Cleaning environment run: | if [ ${{ github.event_name }} == 'schedule' ]; then - mv $EXAMPLE_DIR/main.tf{,_} - mv $EXAMPLE_DIR/outputs.tf{,_} - mv $EXAMPLE_DIR/sonar.tf{,_} - mv $EXAMPLE_DIR/dam.tf{,_} - mv $EXAMPLE_DIR/dra.tf{,_} - mv $EXAMPLE_DIR/agent_sources.tf{,_} - mv $EXAMPLE_DIR/agentless_sources.tf{,_} - mv $EXAMPLE_DIR/networking.tf{,_} + mv main.tf{,_} + mv outputs.tf{,_} + mv sonar.tf{,_} + mv dam.tf{,_} + mv dra.tf{,_} + mv agent_sources.tf{,_} + mv agentless_sources.tf{,_} + mv networking.tf{,_} ls -la $EXAMPLE_DIR terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve - mv $EXAMPLE_DIR/main.tf{_,} - mv $EXAMPLE_DIR/outputs.tf{_,} - mv $EXAMPLE_DIR/sonar.tf{_,} - mv $EXAMPLE_DIR/dam.tf{_,} - mv $EXAMPLE_DIR/dra.tf{_,} - mv $EXAMPLE_DIR/agent_sources.tf{_,} - mv $EXAMPLE_DIR/agentless_sources.tf{_,} - mv $EXAMPLE_DIR/networking.tf{_,} + mv main.tf{_,} + mv outputs.tf{_,} + mv sonar.tf{_,} + mv dam.tf{_,} + mv dra.tf{_,} + mv agent_sources.tf{_,} + mv agentless_sources.tf{_,} + mv networking.tf{_,} fi - name: Terraform Validate - run: terraform -chdir=$EXAMPLE_DIR validate + run: terraform validate - # Generates an execution plan for Terraform - - name: Terraform Plan - run: | - terraform -chdir=$EXAMPLE_DIR workspace list - # Only pass DEPLOYMENT_VERSION if it's not empty - if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then - terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }} - else - terraform -chdir=$EXAMPLE_DIR plan -var dam_license=license.mprv - fi - - - # On push to "main", build or change infrastructure according to Terraform configuration files - # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks + # On push to "main", build or change infrastructure according to Terraform configuration files + # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks - name: Terraform Apply id: apply # if: github.ref == 'refs/heads/"master"' && github.event_name == 'push' || github.event_name == 'workflow_dispatch' - run: | - if [ -n "${{ env.DEPLOYMENT_VERSION }}" && ${{ env.DEPLOYMENT_VERSION }} != $'\n' ]; then - terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -var ${{ env.DEPLOYMENT_VERSION }} - else - terraform -chdir=$EXAMPLE_DIR apply -var dam_license=license.mprv -auto-approve - fi + run: terraform apply -auto-approve - name: Terraform Output if: always() - run: terraform -chdir=$EXAMPLE_DIR output -json + run: terraform output -json + + - name: Terraform State + if: always() + run: terraform show -json - name: Collect Artifacts id: collect-artifacts @@ -320,8 +293,7 @@ jobs: uses: actions/upload-artifact@v4 with: name: collected-keys-${{ env.TF_WORKSPACE }} - path: | - ${{ env.EXAMPLE_DIR }}/ssh_keys + path: ssh_keys - name: Check how was the workflow run id: check-trigger @@ -351,20 +323,14 @@ jobs: if: always() run: | if [ '${{ steps.apply.conclusion }}' == 'success' ] || [ "${{ github.event_name }}" != 'schedule' ]; then - if [ -n "${{ env.DEPLOYMENT_VERSION }}" && "${{ env.DEPLOYMENT_VERSION }}" != $'\n' ]; then - terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -var "${{ env.DEPLOYMENT_VERSION }}" -auto-approve - else - terraform -chdir=$EXAMPLE_DIR destroy -var dam_license=license.mprv -auto-approve - fi + terraform destroy -auto-approve fi - - - name: Terraform Delete Workspace if: always() run: | if [ '${{ steps.destroy.conclusion }}' == 'success' ] && [ ${{ github.event_name }} != 'schedule' ]; then - terraform -chdir=$EXAMPLE_DIR workspace delete $TMP_WORKSPACE_NAME + terraform workspace delete $TMP_WORKSPACE_NAME fi env: TF_WORKSPACE: default @@ -372,9 +338,9 @@ jobs: # Send job failure to Slack - name: Send Slack When Failure run: | - if [ ${{ env.REF }} == 'master' ]; then + if [ ${{ github.ref }} == 'master' ]; then curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ matrix.name }} Prod ${{ inputs.workspace }} automation on Azure Failed*\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#dsfkit-prod"}' ${{ secrets.SLACK_WEBHOOK_URL }} - elif [ ${{ env.REF }} == 'dev' ]; then + elif [ ${{ github.ref }} == 'dev' ]; then curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ matrix.name }} dev ${{ inputs.workspace }} automation on Azure Failed*\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }} else curl -X POST -H 'Content-type: application/json' --data '{"text":":exclamation: :exclamation: :exclamation:\n*${{ matrix.name }} private branch ${{ inputs.workspace }} automation on Azure Failed*\n\nRun by: ${{ steps.check-trigger.outputs.run-by }}", "channel": "#edsf_automation"}' ${{ secrets.SLACK_WEBHOOK_URL }} diff --git a/.github/workflows/dsf_poc_standalone.yml b/.github/workflows/dsf_poc_standalone.yml index 56d019f58..267c3c6ba 100644 --- a/.github/workflows/dsf_poc_standalone.yml +++ b/.github/workflows/dsf_poc_standalone.yml @@ -21,9 +21,8 @@ jobs: uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@master with: use_modules_from_terraform_registry: true - explicit_ref: master deployment_type: ${{ github.event.inputs.deployment_type }} - version: ${{ github.event.inputs.version }} + product_version: ${{ github.event.inputs.version }} secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -36,7 +35,6 @@ jobs: uses: imperva/dsfkit/.github/workflows/dsf_poc_cli_azure.yml@master with: use_modules_from_terraform_registry: true - explicit_ref: master deployment_type: "dra" product_full_version: ${{ github.event.inputs.version }} secrets: diff --git a/.github/workflows/nightly_manager.yml b/.github/workflows/nightly_manager.yml index 2bed1da59..832d90a6b 100644 --- a/.github/workflows/nightly_manager.yml +++ b/.github/workflows/nightly_manager.yml @@ -115,7 +115,6 @@ jobs: uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@master with: use_modules_from_terraform_registry: true - explicit_ref: master secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -128,7 +127,6 @@ jobs: uses: imperva/dsfkit/.github/workflows/dsf_poc_cli.yml@dev with: use_modules_from_terraform_registry: false - explicit_ref: dev secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -141,7 +139,6 @@ jobs: uses: imperva/dsfkit/.github/workflows/dsf_poc_cli_azure.yml@master with: use_modules_from_terraform_registry: true - explicit_ref: master secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -154,7 +151,6 @@ jobs: uses: imperva/dsfkit/.github/workflows/dsf_poc_cli_azure.yml@dev with: use_modules_from_terraform_registry: false - explicit_ref: dev secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/modules/azurerm/sonar-base-instance/setup.tftpl b/modules/azurerm/sonar-base-instance/setup.tftpl index a59b17f34..eef7165c1 100644 --- a/modules/azurerm/sonar-base-instance/setup.tftpl +++ b/modules/azurerm/sonar-base-instance/setup.tftpl @@ -66,9 +66,9 @@ function install_azcli_from_internet() { } function wait_for_systemd() { - for i in $(seq 1 10); do + for i in $(seq 1 30); do is_running="$(systemctl is-system-running; echo "")" - if "$is_running" == "running" || "$is_running" == "degraded"; then + if [[ "$is_running" == "running" ]] || [[ "$is_running" == "degraded" ]]; then return 0 fi sleep 10