SteelecoSystems · wheelerlaw · Oct 24, 2023 · Oct 24, 2023 · Oct 24, 2023 · Oct 24, 2023
diff --git a/.github/scripts/get-state-file.sh b/.github/scripts/get-state-file.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -eo pipefail
+[[ $RUNNER_DEBUG || $DEBUG ]] && set -x
+
+set +e
+state_file_url="$(gh api /repos/:owner/:repo/releases/latest --jq '.assets[] | select(.name == "terraform.tfstate.gpg") | .url')"
+rc=$?; set -e
+
+if [[ $rc != 0 ]]; then
+  error_message="$(jq -r .message <<< "$state_file_url")"
+  if [[ $error_message == "Not Found" ]]; then
+    >&2 echo "No state file found, exiting"
+    exit 0
+  else
+    >&2 echo "Other error occurred while trying to obtain the state file:"
+    >&2 echo "$error_message"
+    exit 1
+  fi
+fi
+
+gpg --import <<< "$TFSTATE_PGP_KEY"
+gh api -H 'Accept: application/octet-stream' "$state_file_url" | gpg --out terraform.tfstate --decrypt
+
+
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,86 @@
+#name: CI
+#
+#on:
+#  pull_request:
+#    branches: [main]
+#  push:
+#    branches: [main]
+#
+#concurrency:
+#  group: ${{ github.workflow }}-${{ github.ref }}
+#  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+#
+#jobs:
+#  plan:
+#    name: Plan
+#    runs-on: ubuntu-latest
+#    if: github.event_name == 'pull_request'
+#    steps:
+#      - name: Checkout repo
+#        uses: actions/checkout@v3
+#      - name: Download state file
+#        run: ./.github/scripts/get-state-file.sh
+#        env:
+#          TFSTATE_GPG_KEY=${{ secrets.TFSTATE_GPG_KEY }}
+#      - name: Terraform Plan
+#        run: terraform plan
+#      - name: Terraform Apply
+#        run: terraform apply -auto-approve
+
+name: CI
+on:
+  push:
+    branches: [main]
+  pull_request: {}
+jobs:
+  plan:
+    name: TF Plan
+    if: github.event_name == 'pull_request'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      - name: Generate app token
+        id: generate-app-token
+        uses: tibdex/github-app-token@v1.9.0
+        with:
+          app_id: ${{ vars.GH_APP_STEELECO_SYSTEMS_APP_ID }}
+          private_key: ${{ secrets.GH_APP_STEELECO_SYSTEMS_PRIVATE_KEY }}
+      - name: Download and decrypt statefile
+        env:
+          #GITHUB_TOKEN: ${{ steps.generate-app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ github.token }}
+          TFSTATE_PGP_KEY: ${{ secrets.TFSTATE_PGP_KEY }}
+        run: |
+          # step script
+          set -x
+          ./.github/scripts/get-state-file.sh
+      - name: Terraform plan
+        run: |
+          tf init
+          tf plan | tee >(ansi2txt > terraform.tfplan.log)
+      - uses: actions/upload-artifact@v3
+        with:
+          name: terraform.tfplan.log
+          path: terraform.tfplan.log
+
+  apply:
+    name: TF Apply
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      - name: Generate app token
+        id: generate-app-token
+        uses: tibdex/github-app-token@v1.9.0
+        with:
+          app_id: ${{ vars.GH_APP_STEELECO_SYSTEMS_APP_ID }}
+          private_key: ${{ secrets.GH_APP_STEELECO_SYSTEMS_PRIVATE_KEY }}
+      - name: Terraform apply
+        env:
+          GITHUB_TOKEN: ${{ steps.generate-app-token.outputs.token }}
+        run: terraform apply -auto-approve
+
+
+
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+terraform.tfstate
+terraform.tfplan
+terraform.tfplan.log
+.terraform.lock.hcl
+.terraform
diff --git a/main.tf b/main.tf
@@ -0,0 +1,31 @@
+terraform {
+  required_providers {
+    github = {
+      source  = "integrations/github"
+      version = "~> 5.38"
+    }
+  }
+}
+
+# Configure the GitHub Provider
+provider "github" {
+
+#  app_auth {
+#    id              = "371766"
+#    installation_id = "40392571"
+#    pem_file        = file("~/Downloads/steelecosystems.2023-09-24.private-key.pem")
+#  }
+#  owner = "SteelecoSystems"
+}
+
+resource "github_actions_organization_variable" "test_variable" {
+  variable_name = "test_variable"
+  visibility  = "private"
+  value = "hello world"
+}
+
+resource "github_actions_organization_secret" "test_secret" {
+  secret_name = "test_secret"
+  visibility  = "private"
+  plaintext_value = "asd"
+}