Skip to content

Plan on pr #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
renatodellosso merged 13 commits into from
Feb 6, 2025
Merged

Plan on pr #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
a4f1470
Add GH action
renatodellosso Feb 3, 2025
b6c26d1
Fix typo in Terraform Plan headline in workflow configuration
renatodellosso Feb 3, 2025
bf703d2
Update Terraform Plan action to use dflook/terraform-plan@v1.46.1
renatodellosso Feb 3, 2025
2d6359a
Add GITHUB_TOKEN environment variable to Terraform Plan action
renatodellosso Feb 3, 2025
661cd14
Add AWS and Cloudflare secrets to Terraform Plan action
renatodellosso Feb 3, 2025
e48c979
Add permissions for contents and pull-requests in Terraform Plan action
renatodellosso Feb 3, 2025
b232e47
Update status CNAME
renatodellosso Feb 3, 2025
d641085
Add code owners
renatodellosso Feb 4, 2025
651ca8d
Add PR triggers
renatodellosso Feb 4, 2025
27c13a2
Add CD for main
renatodellosso Feb 4, 2025
9c4bc3e
Add read permissions for contents in Terraform apply workflow
renatodellosso Feb 4, 2025
9642f22
Update Terraform actions to specific commit versions
renatodellosso Feb 4, 2025
7929da7
Remove unnecessary pull request event types from Terraform plan workflow
renatodellosso Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/apply.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: Apply Terraform

on:
push:
branches:
- main

jobs:
terraform-validate:
uses: ./.github/workflows/validate.yml
terraform-apply:
Comment on lines +10 to +11

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
runs-on: ubuntu-latest
Copy link

@LookItsJosh LookItsJosh Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an option to list an exact ubuntu version? as in line line 19 where you list an exact commit:
uses: dflook/terraform-apply@61432ffb5b94226bdfc9cd68a1702a2c40e0db8b,
it may be best to lock in whatever version you know is working currently even if it's unlikely a new version of ubuntu would break anything

needs: terraform-validate
permissions:
contents: read
steps:
- uses: actions/checkout@v2
- name: Terraform Apply
uses: dflook/terraform-apply@61432ffb5b94226bdfc9cd68a1702a2c40e0db8b
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
22 changes: 22 additions & 0 deletions .github/workflows/plan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Plan Terraform

on:
pull_request:
branches:
- main

jobs:
terraform-plan:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- uses: actions/checkout@v2
- name: Terraform Plan
uses: dflook/terraform-plan@a6967bcc161f0df654b5df2f1f00eca83a4cbad9
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
10 changes: 4 additions & 6 deletions .github/workflows/validate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
name: Validate Terraform

on:
push:
branches:
- main
workflow_call:
pull_request:
branches:
- main
Expand All @@ -12,6 +10,6 @@ jobs:
terraform-validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: terraform-validate
uses: dflook/terraform-validate@v1.46.1
- uses: actions/checkout@v2
- name: terraform-validate
uses: dflook/terraform-validate@5e22e449923d40905db0b3ca67ebc5787e8b2dee
1 change: 1 addition & 0 deletions CODEOWNERS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*.* @renatodellosso
2 changes: 1 addition & 1 deletion main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -315,7 +315,7 @@ resource "cloudflare_dns_record" "www-cname" {
resource "cloudflare_dns_record" "status-cname" {
zone_id = var.cloudflare-zone-id
name = "status"
content = aws_lb.gearbox-load-balancer.dns_name
content = "app.pulsetic.com"
Copy link

@LookItsJosh LookItsJosh Feb 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming this is correct, but the previous content name wasn't in quotes. Unsure if whatever code processes this is expecting quotes or not

type = "CNAME"
ttl = 1
}
Expand Down