From 523839795bf5e7f9d54e568671f04115c917e016 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 1 Jul 2025 14:37:28 +0200 Subject: [PATCH 01/97] init dynamic-staging-envs action --- .../execute-terragrunt/action.yaml | 182 ++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 .github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml new file mode 100644 index 00000000..d95221b6 --- /dev/null +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -0,0 +1,182 @@ +--- +name: 'Get Output Resources' +description: 'Get the output resources from the terragrunt configuration.' + +inputs: + gcp_project_id: + description: 'The GCP project ID to use for WIF authentication.' + required: false + default: '874800047694' #seed project + gcp_wif_pool: + description: 'The GCP WIF Pool to use for authentication.' + required: false + default: 'terraform' + gcp_wif_provider: + description: 'The GCP WIF Provider to use for authentication.' + required: false + default: 'terraform-actions' + gcp_service_account: + description: 'The GCP SA to use for authentication.' + required: false + default: 'org-terraform@seed-5ee1.iam.gserviceaccount.com' + + github_token: + description: 'The GitHub token.' + required: true + argocd_host: + description: 'The ArgoCD host.' + required: false + default: 'http://argocd-server.argocd.svc.cluster.local:443' + argocd_token: + description: 'The ArgoCD token.' + required: true + openpassword_host: + description: 'The 1Password host.' + required: false + default: 'http://onepassword-connect.1password-connect.svc.cluster.local:8080' + onepassword_token: + description: 'The 1Password token.' + required: true + + terragrunt_path: + description: 'The terragrunt path to the target resources.' + required: true + terragrunt_command: + description: > + The terragrunt command to run. Valid values are: `apply`, `outputs` or `destroy`. + - `apply`: Apply the terragrunt resources. + - `output`: Output the terragrunt resources to the file specified by `terragrunt_output_file_name`. + - `destroy`: Destroy the specific terragrunt resources. + required: true + terragrunt_output_file_name: + description: 'The name of the file to output the terragrunt outputs to.' + required: false + default: 'tg-outputs.json' + + terragrunt_version: + description: 'The terragrunt version to use.' + required: true + terraform_version: + description: 'The terraform version to use.' + required: false + opentofu_version: + description: 'The opentofu version to use.' + required: false + + +outputs: + cloudsql_instances: + description: 'The CloudSQL instances names.' + value: ${{ steps.get-tg-outputs.outputs.cloudsql_instances }} + redis_instances: + description: 'The Redis instances names.' + value: ${{ steps.get-gcp-resource-names.outputs.redis_instances }} + gcp_region: + description: 'The GCP region.' + value: ${{ steps.get-gcp-resource-names.outputs.gcp_region }} + gcp_zone: + description: 'The GCP zone.' + value: ${{ steps.get-gcp-resource-names.outputs.gcp_zone }} + + +runs: + using: "composite" + steps: + - id: setup-versions + name: Setup versions + shell: bash + run: | + if [ -z "${{ inputs.terraform_version }}" && -z "${{ inputs.opentofu_version }}" ]; then + echo "error: terraform_version or opentofu_version is required" + exit 1 + fi + + if [ ! -z "${{ inputs.terraform_version }}" ]; then + echo "TERRAFORM_VERSION=${{ inputs.opentofu_version }}" >> $GITHUB_ENV + echo "OPENTOFU_VERSION=null" >> $GITHUB_ENV + fi + + if [ ! -z "${{ inputs.opentofu_version }}" ]; then + echo "TERRAFORM_VERSION=null" >> $GITHUB_ENV + echo "OPENTOFU_VERSION=${{ inputs.terraform_version }}" >> $GITHUB_ENV + fi + + - id: checkout-infrastructure-repository + name: Checkout Infrastructure Repository + uses: actions/checkout@v4 + with: + repository: fcm-digital/infrastructure + ref: dynamic-performance-env #ToDo: update to `main` when PR is merged + path: infrastructure + token: ${{ inputs.github_token }} + + - id: auth-gcp-with + name: Authenticate to GCP via WIF + uses: google-github-actions/auth@v2 + with: + token_format: "access_token" + workload_identity_provider: "projects/${{ inputs.gcp_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" + service_account: ${{ inputs.gcp_service_account }} + + - id: terragrunt-apply + if: inputs.terragrunt_command == 'apply' + name: Terragrunt Apply + uses: gruntwork-io/terragrunt-action@v2 + env: + INPUT_PRE_EXEC_1: | + git config --global url."https://x-access-token:${{ inputs.github_token }}@github.com/fcm-digital/".insteadOf "ssh://git@github.com/fcm-digital/" + git config --global url."https://github.com/".insteadOf "ssh://git@github.com/" + TG_NON_INTERACTIVE: true + OP_CONNECT_HOST: ${{ inputs.openpassword_host }} + OP_CONNECT_TOKEN: ${{ inputs.onepassword_token }} + ARGOCD_SERVER: ${{ inputs.argocd_host }} + ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} + with: + tg_version: ${{ inputs.terragrunt_version }} + tf_version: ${{ env.TERRAFORM_VERSION }} + tofu_version: ${{ env.OPENTOFU_VERSION }} + tg_dir: ${{ inputs.terragrunt_path }} + tg_add_approve: false #ToDo: Update to `true` when tests are ready + tg_command: plan #ToDo: Upload to `apply` when tests are ready + + - id: terragrunt-outputs + if: inputs.terragrunt_command == 'outputs' + name: Terragrunt Outputs + uses: gruntwork-io/terragrunt-action@v2 + env: + INPUT_PRE_EXEC_1: | + git config --global url."https://x-access-token:${{ inputs.github_token }}@github.com/fcm-digital/".insteadOf "ssh://git@github.com/fcm-digital/" + git config --global url."https://github.com/".insteadOf "ssh://git@github.com/" + INPUT_POST_EXEC_1: | + terragrunt output -json > ${{ inputs.terragrunt_output_file_name }} + TG_NON_INTERACTIVE: true + OP_CONNECT_HOST: ${{ inputs.openpassword_host }} + OP_CONNECT_TOKEN: ${{ inputs.onepassword_token }} + ARGOCD_SERVER: ${{ inputs.argocd_host }} + ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} + with: + tg_version: ${{ inputs.terragrunt_version }} + tf_version: ${{ env.TERRAFORM_VERSION }} + tg_dir: ${{ inputs.terragrunt_path }} + tg_add_approve: false + tg_command: init + + # - id: terragrunt-destroy + # if: inputs.terragrunt_command == 'destroy' + # name: Terragrunt Destroy + # uses: gruntwork-io/terragrunt-action@v2 + # env: + # INPUT_PRE_EXEC_1: | + # git config --global url."https://x-access-token:${{ inputs.github_token }}@github.com/fcm-digital/".insteadOf "ssh://git@github.com/fcm-digital/" + # git config --global url."https://github.com/".insteadOf "ssh://git@github.com/" + # TG_NON_INTERACTIVE: true + # OP_CONNECT_HOST: ${{ inputs.openpassword_host }} + # OP_CONNECT_TOKEN: ${{ inputs.onepassword_token }} + # ARGOCD_SERVER: ${{ inputs.argocd_host }} + # ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} + # with: + # tg_version: ${{ inputs.terragrunt_version }} + # tf_version: ${{ env.TERRAFORM_VERSION }} + # tg_dir: ${{ inputs.terragrunt_path }} + # tg_add_approve: false #ToDo: Update to `true` when tests are ready + # # tg_command: destroy From ead28d721fe591b78bcca4d0e625b5e8272c7311 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 1 Jul 2025 14:55:14 +0200 Subject: [PATCH 02/97] check tf and opentofu versions within the with-inputs --- .../execute-terragrunt/action.yaml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index d95221b6..87ad4fee 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -59,9 +59,11 @@ inputs: terraform_version: description: 'The terraform version to use.' required: false + default: '' opentofu_version: description: 'The opentofu version to use.' required: false + default: '' outputs: @@ -91,16 +93,6 @@ runs: exit 1 fi - if [ ! -z "${{ inputs.terraform_version }}" ]; then - echo "TERRAFORM_VERSION=${{ inputs.opentofu_version }}" >> $GITHUB_ENV - echo "OPENTOFU_VERSION=null" >> $GITHUB_ENV - fi - - if [ ! -z "${{ inputs.opentofu_version }}" ]; then - echo "TERRAFORM_VERSION=null" >> $GITHUB_ENV - echo "OPENTOFU_VERSION=${{ inputs.terraform_version }}" >> $GITHUB_ENV - fi - - id: checkout-infrastructure-repository name: Checkout Infrastructure Repository uses: actions/checkout@v4 @@ -133,8 +125,8 @@ runs: ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} with: tg_version: ${{ inputs.terragrunt_version }} - tf_version: ${{ env.TERRAFORM_VERSION }} - tofu_version: ${{ env.OPENTOFU_VERSION }} + tf_version: ${{ inputs.terraform_version || none }} + tofu_version: ${{ inputs.opentofu_version || none }} tg_dir: ${{ inputs.terragrunt_path }} tg_add_approve: false #ToDo: Update to `true` when tests are ready tg_command: plan #ToDo: Upload to `apply` when tests are ready From 18e776ab53aa2d830fb151aa60e4b120530d70f7 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 1 Jul 2025 14:59:10 +0200 Subject: [PATCH 03/97] test it with null value --- .../dynamic-staging-envs/execute-terragrunt/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 87ad4fee..77279f35 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -125,8 +125,8 @@ runs: ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} with: tg_version: ${{ inputs.terragrunt_version }} - tf_version: ${{ inputs.terraform_version || none }} - tofu_version: ${{ inputs.opentofu_version || none }} + tf_version: ${{ inputs.terraform_version || null }} + tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} tg_add_approve: false #ToDo: Update to `true` when tests are ready tg_command: plan #ToDo: Upload to `apply` when tests are ready From 44fca27171f68f1e1550e51de2c5201637614c7a Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 1 Jul 2025 15:04:38 +0200 Subject: [PATCH 04/97] feat: add support for OpenTofu version selection in terragrunt execution --- .../dynamic-staging-envs/execute-terragrunt/action.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 77279f35..9433bf58 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -148,7 +148,8 @@ runs: ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} with: tg_version: ${{ inputs.terragrunt_version }} - tf_version: ${{ env.TERRAFORM_VERSION }} + tf_version: ${{ inputs.terraform_version || null }} + tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} tg_add_approve: false tg_command: init @@ -168,7 +169,8 @@ runs: # ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} # with: # tg_version: ${{ inputs.terragrunt_version }} - # tf_version: ${{ env.TERRAFORM_VERSION }} + # tf_version: ${{ inputs.terraform_version || null }} + # tofu_version: ${{ inputs.opentofu_version || null }} # tg_dir: ${{ inputs.terragrunt_path }} # tg_add_approve: false #ToDo: Update to `true` when tests are ready # # tg_command: destroy From 43126b7e8676056c97e226ef41ee4d27cf460e72 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 3 Jul 2025 09:16:25 +0200 Subject: [PATCH 05/97] add execute gcloud-sdk execute --- .../execute-gcloud/action.yaml | 59 +++++++++++++++++++ .../execute-terragrunt/action.yaml | 12 ++-- 2 files changed, 65 insertions(+), 6 deletions(-) create mode 100644 .github/actions/dynamic-staging-envs/execute-gcloud/action.yaml diff --git a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml b/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml new file mode 100644 index 00000000..d3abc881 --- /dev/null +++ b/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml @@ -0,0 +1,59 @@ +--- +name: 'Execute GCloud SDK' +description: 'Execute gcloud sdk command based on the inputs provided.' + +inputs: + gcp_wif_project_id: + description: 'The GCP project ID to use for WIF authentication.' + required: false + default: '874800047694' #seed project + gcp_wif_pool: + description: 'The GCP WIF Pool to use for authentication.' + required: false + default: 'terraform' + gcp_wif_provider: + description: 'The GCP WIF Provider to use for authentication.' + required: false + default: 'terraform-actions' + gcp_wif_service_account: + description: 'The GCP SA to use for authentication.' + required: false + default: 'org-terraform@seed-5ee1.iam.gserviceaccount.com' + + gcp_project_id: + description: 'The GCP project ID. If provided, this will configure gcloud to use this project ID by default for commands.' + required: false + default: 'fcm-platform-stg-a3dc' #fcmp-stg project + gcloud_version: + description: 'The gcloud version to use.' + required: false + default: '522.0.0' + gcloud_command: + description: 'The gcloud command to execute.' + required: true + + +runs: + using: "composite" + steps: + - id: auth-gcp-with + name: Authenticate to GCP via WIF + uses: google-github-actions/auth@v2 + with: + token_format: "access_token" + workload_identity_provider: "projects/${{ inputs.gcp_wif_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" + service_account: ${{ inputs.gcp_wif_service_account }} + + - id: setup-gcloud-sdk + name: 'Set up Cloud SDK' + uses: 'google-github-actions/setup-gcloud@v2' + with: + version: '>= ${{ inputs.gcloud_version }}' + project_id: ${{ inputs.gcp_project_id }} + + - id: execute-gcloud + name: 'Execute gcloud command' + shell: bash + run: | + gcloud version + echo "${{ inputs.gcloud_command }}" diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 9433bf58..6667375c 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -1,9 +1,9 @@ --- -name: 'Get Output Resources' -description: 'Get the output resources from the terragrunt configuration.' +name: 'Execute Terragrunt' +description: 'Execute terragrunt command based on the inputs provided.' inputs: - gcp_project_id: + gcp_wif_project_id: description: 'The GCP project ID to use for WIF authentication.' required: false default: '874800047694' #seed project @@ -15,7 +15,7 @@ inputs: description: 'The GCP WIF Provider to use for authentication.' required: false default: 'terraform-actions' - gcp_service_account: + gcp_wif_service_account: description: 'The GCP SA to use for authentication.' required: false default: 'org-terraform@seed-5ee1.iam.gserviceaccount.com' @@ -107,8 +107,8 @@ runs: uses: google-github-actions/auth@v2 with: token_format: "access_token" - workload_identity_provider: "projects/${{ inputs.gcp_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" - service_account: ${{ inputs.gcp_service_account }} + workload_identity_provider: "projects/${{ inputs.gcp_wif_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" + service_account: ${{ inputs.gcp_wif_service_account }} - id: terragrunt-apply if: inputs.terragrunt_command == 'apply' From 4d5998dc517ba52ad68a986908116b9943bd0e72 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 3 Jul 2025 09:32:10 +0200 Subject: [PATCH 06/97] feat: add repository checkout step to GCP authentication workflow --- .../actions/dynamic-staging-envs/execute-gcloud/action.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml b/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml index d3abc881..dec86109 100644 --- a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml @@ -36,6 +36,10 @@ inputs: runs: using: "composite" steps: + - id: checkout + name: Checkout Local Repository + uses: actions/checkout@v4 + - id: auth-gcp-with name: Authenticate to GCP via WIF uses: google-github-actions/auth@v2 From 9b4ab1f752d2943e9d06d6efe4782632ec7d79fa Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 3 Jul 2025 09:43:49 +0200 Subject: [PATCH 07/97] fix: remove debug logs and directly execute gcloud command in dynamic staging action --- .../actions/dynamic-staging-envs/execute-gcloud/action.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml b/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml index dec86109..13718ab8 100644 --- a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml @@ -58,6 +58,4 @@ runs: - id: execute-gcloud name: 'Execute gcloud command' shell: bash - run: | - gcloud version - echo "${{ inputs.gcloud_command }}" + run: gcloud ${{ inputs.gcloud_command }} From 2932b306f831e6db55c16bf43c29acbdffeb66fd Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 7 Jul 2025 16:21:13 +0200 Subject: [PATCH 08/97] refactor: reorganize GCP authentication actions and update WIF configuration for dynamic staging environments --- .../action.yaml | 27 ++++++++++--------- .../execute-terragrunt/action.yaml | 8 +++--- 2 files changed, 18 insertions(+), 17 deletions(-) rename .github/actions/dynamic-staging-envs/{execute-gcloud => configure-gcloud-sdk}/action.yaml (72%) diff --git a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml similarity index 72% rename from .github/actions/dynamic-staging-envs/execute-gcloud/action.yaml rename to .github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 13718ab8..1a519170 100644 --- a/.github/actions/dynamic-staging-envs/execute-gcloud/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -1,24 +1,29 @@ --- -name: 'Execute GCloud SDK' -description: 'Execute gcloud sdk command based on the inputs provided.' +name: 'Configure GCloud SDK' +description: 'Configure gcloud SDK based on the inputs provided.' inputs: + checkout_local_repository: + description: 'Whether to checkout the local repository.' + required: false + default: 'true' + gcp_wif_project_id: description: 'The GCP project ID to use for WIF authentication.' required: false - default: '874800047694' #seed project + default: '896400447443' #fcm-platform-stg-a3dc project gcp_wif_pool: description: 'The GCP WIF Pool to use for authentication.' required: false - default: 'terraform' + default: 'dynamic-staging-envs' gcp_wif_provider: description: 'The GCP WIF Provider to use for authentication.' required: false - default: 'terraform-actions' + default: 'github-actions' gcp_wif_service_account: description: 'The GCP SA to use for authentication.' required: false - default: 'org-terraform@seed-5ee1.iam.gserviceaccount.com' + default: 'dynamic-staging-envs@fcm-platform-stg-a3dc.iam.gserviceaccount.com' gcp_project_id: description: 'The GCP project ID. If provided, this will configure gcloud to use this project ID by default for commands.' @@ -30,13 +35,14 @@ inputs: default: '522.0.0' gcloud_command: description: 'The gcloud command to execute.' - required: true + required: true runs: using: "composite" steps: - id: checkout + if: ${{ inputs.checkout_local_repository }} name: Checkout Local Repository uses: actions/checkout@v4 @@ -53,9 +59,4 @@ runs: uses: 'google-github-actions/setup-gcloud@v2' with: version: '>= ${{ inputs.gcloud_version }}' - project_id: ${{ inputs.gcp_project_id }} - - - id: execute-gcloud - name: 'Execute gcloud command' - shell: bash - run: gcloud ${{ inputs.gcloud_command }} + project_id: ${{ inputs.gcp_project_id }} --project ${{ inputs.gcp_project_id }} diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 6667375c..61835403 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -6,19 +6,19 @@ inputs: gcp_wif_project_id: description: 'The GCP project ID to use for WIF authentication.' required: false - default: '874800047694' #seed project + default: '896400447443' #fcm-platform-stg-a3dc project gcp_wif_pool: description: 'The GCP WIF Pool to use for authentication.' required: false - default: 'terraform' + default: 'dynamic-staging-envs' gcp_wif_provider: description: 'The GCP WIF Provider to use for authentication.' required: false - default: 'terraform-actions' + default: 'github-actions' gcp_wif_service_account: description: 'The GCP SA to use for authentication.' required: false - default: 'org-terraform@seed-5ee1.iam.gserviceaccount.com' + default: 'dynamic-staging-envs@fcm-platform-stg-a3dc.iam.gserviceaccount.com' github_token: description: 'The GitHub token.' From d3f179fd87600f4f1fb7629c44960cbae204847c Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 8 Jul 2025 12:02:49 +0200 Subject: [PATCH 09/97] fix: remove --project arg from setup-gcloud action --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 1a519170..bf839c39 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -59,4 +59,4 @@ runs: uses: 'google-github-actions/setup-gcloud@v2' with: version: '>= ${{ inputs.gcloud_version }}' - project_id: ${{ inputs.gcp_project_id }} --project ${{ inputs.gcp_project_id }} + project_id: ${{ inputs.gcp_project_id }} From 7d23bc6ad0ea201a7c429053f1c0ff7604cb9384 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 9 Jul 2025 17:04:35 +0200 Subject: [PATCH 10/97] feat: add support for GCP service account JSON authentication alongside WIF --- .../configure-gcloud-sdk/action.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index bf839c39..08524d28 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -8,6 +8,11 @@ inputs: required: false default: 'true' + gcp_json: + description: 'The Service Account that contains the permissions to GCP.' + required: false + default: '' + gcp_wif_project_id: description: 'The GCP project ID to use for WIF authentication.' required: false @@ -46,7 +51,15 @@ runs: name: Checkout Local Repository uses: actions/checkout@v4 + - id: setup-gcp-credentials + if: ${{ inputs.gcp_json }} != '' + name: 'Set Up Google Credentials' + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ inputs.gcp_json }} + - id: auth-gcp-with + if: ${{ inputs.gcp_json }} == '' name: Authenticate to GCP via WIF uses: google-github-actions/auth@v2 with: From a46c428597ab4ba39bda3f3eb2515908829fcbf5 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 9 Jul 2025 17:20:31 +0200 Subject: [PATCH 11/97] refactor: simplify conditional expressions --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 08524d28..9738ad53 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -47,19 +47,19 @@ runs: using: "composite" steps: - id: checkout - if: ${{ inputs.checkout_local_repository }} + if: inputs.checkout_local_repository name: Checkout Local Repository uses: actions/checkout@v4 - id: setup-gcp-credentials - if: ${{ inputs.gcp_json }} != '' + if: inputs.gcp_json != '' name: 'Set Up Google Credentials' uses: google-github-actions/auth@v2 with: credentials_json: ${{ inputs.gcp_json }} - id: auth-gcp-with - if: ${{ inputs.gcp_json }} == '' + if: inputs.gcp_json == '' name: Authenticate to GCP via WIF uses: google-github-actions/auth@v2 with: From 7f6e04a47af37188eca1013caca09821dd790b35 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 09:36:12 +0200 Subject: [PATCH 12/97] feat: add project_id parameter to GCP authentication action --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 9738ad53..8ebc750d 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -57,6 +57,7 @@ runs: uses: google-github-actions/auth@v2 with: credentials_json: ${{ inputs.gcp_json }} + project_id: ${{ inputs.gcp_project_id }} - id: auth-gcp-with if: inputs.gcp_json == '' From cff462c2d533da171da6637f01d8a4409be9e9df Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 11:16:18 +0200 Subject: [PATCH 13/97] refactor: rename gcloud auth actions --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 2 +- .../actions/dynamic-staging-envs/execute-terragrunt/action.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 8ebc750d..0d34bbfc 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -59,7 +59,7 @@ runs: credentials_json: ${{ inputs.gcp_json }} project_id: ${{ inputs.gcp_project_id }} - - id: auth-gcp-with + - id: auth-gcp-wif if: inputs.gcp_json == '' name: Authenticate to GCP via WIF uses: google-github-actions/auth@v2 diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 61835403..a81fe4e3 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -102,7 +102,7 @@ runs: path: infrastructure token: ${{ inputs.github_token }} - - id: auth-gcp-with + - id: auth-gcp-wif name: Authenticate to GCP via WIF uses: google-github-actions/auth@v2 with: From 82bdd9080d3f2270ffcaf821a9db3fd06fe83374 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 12:01:34 +0200 Subject: [PATCH 14/97] fix: remove http prefix from ArgoCD host default value --- .../actions/dynamic-staging-envs/execute-terragrunt/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index a81fe4e3..fc0497cb 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -26,7 +26,7 @@ inputs: argocd_host: description: 'The ArgoCD host.' required: false - default: 'http://argocd-server.argocd.svc.cluster.local:443' + default: 'argocd-server.argocd.svc.cluster.local:443' argocd_token: description: 'The ArgoCD token.' required: true From 1dfafc57f5cdda5d5e15325b10dbcb4049e9eb50 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 12:09:57 +0200 Subject: [PATCH 15/97] feat: enable terragrunt apply with auto-approve --- .../dynamic-staging-envs/execute-terragrunt/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index fc0497cb..4c1abc21 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -128,8 +128,8 @@ runs: tf_version: ${{ inputs.terraform_version || null }} tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} - tg_add_approve: false #ToDo: Update to `true` when tests are ready - tg_command: plan #ToDo: Upload to `apply` when tests are ready + tg_add_approve: true + tg_command: apply - id: terragrunt-outputs if: inputs.terragrunt_command == 'outputs' From 1344cc86017770bea9aa00fd5bb9890f0d746086 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 12:26:43 +0200 Subject: [PATCH 16/97] feat: enable terragrunt apply with auto-approve using numeric value --- .../actions/dynamic-staging-envs/execute-terragrunt/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 4c1abc21..01ea9d19 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -128,7 +128,7 @@ runs: tf_version: ${{ inputs.terraform_version || null }} tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} - tg_add_approve: true + tg_add_approve: 1 tg_command: apply - id: terragrunt-outputs From 48275e3a1f3faae242d996b9be57ff76c12da026 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 14:59:27 +0200 Subject: [PATCH 17/97] feat: add GKE configuration options and credentials setup to gcloud SDK action --- .../configure-gcloud-sdk/action.yaml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 0d34bbfc..bb263442 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -7,6 +7,19 @@ inputs: description: 'Whether to checkout the local repository.' required: false default: 'true' + configure_gke: + description: 'Whether to configure GKE.' + required: false + default: 'true' + + cluster_name: + description: 'The name of the GKE cluster.' + required: false + default: 'fcm-platform-stg-euw1' + location: + description: 'The location of the GKE cluster.' + required: false + default: 'europe-west1' gcp_json: description: 'The Service Account that contains the permissions to GCP.' @@ -74,3 +87,12 @@ runs: with: version: '>= ${{ inputs.gcloud_version }}' project_id: ${{ inputs.gcp_project_id }} + install_components: if(${{ inputs.configure_gke }} == 'true', 'gke-gcloud-auth-plugin', '') + + - id: get-credentials + if: inputs.configure_gke == 'true' + name: 'Get GKE Credentials' + uses: 'google-github-actions/get-gke-credentials@v2' + with: + cluster_name: ${{ inputs.cluster_name }} + location: ${{ inputs.location }} \ No newline at end of file From 24290c7223376c433c17564be002ca82d5889e0a Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 15:05:07 +0200 Subject: [PATCH 18/97] fix: disable configure_gke by default --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index bb263442..57bc14e0 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -10,7 +10,7 @@ inputs: configure_gke: description: 'Whether to configure GKE.' required: false - default: 'true' + default: 'false' cluster_name: description: 'The name of the GKE cluster.' From cace496298e64fa08db641281ef8d006582f5bec Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 15:21:59 +0200 Subject: [PATCH 19/97] feat: add dynamic SDK component installation based on GKE configuration --- .../configure-gcloud-sdk/action.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 57bc14e0..04cee412 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -81,13 +81,23 @@ runs: workload_identity_provider: "projects/${{ inputs.gcp_wif_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" service_account: ${{ inputs.gcp_wif_service_account }} + - id: generate-sdk-components + name: 'Generate SDK Components' + shell: bash + run: | + SDK_COMPONENTS='' + if [ '${{ inputs.configure_gke }}' == 'true' ]; then + SDK_COMPONENTS+='gke-gcloud-auth-plugin,' + fi + echo "SDK_COMPONENTS=${echo $SDK_COMPONENTS | sed 's/,$//'}" >> $GITHUB_ENV + - id: setup-gcloud-sdk name: 'Set up Cloud SDK' uses: 'google-github-actions/setup-gcloud@v2' with: version: '>= ${{ inputs.gcloud_version }}' project_id: ${{ inputs.gcp_project_id }} - install_components: if(${{ inputs.configure_gke }} == 'true', 'gke-gcloud-auth-plugin', '') + install_components: ${{ env.SDK_COMPONENTS }} - id: get-credentials if: inputs.configure_gke == 'true' From 01763dc7ef6c2e434c1a0d41fa6879dfcb396221 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 15:25:57 +0200 Subject: [PATCH 20/97] fix: correct environment variable name for gcloud SDK components installation --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 04cee412..45a08b26 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -89,7 +89,7 @@ runs: if [ '${{ inputs.configure_gke }}' == 'true' ]; then SDK_COMPONENTS+='gke-gcloud-auth-plugin,' fi - echo "SDK_COMPONENTS=${echo $SDK_COMPONENTS | sed 's/,$//'}" >> $GITHUB_ENV + echo "install_components=${echo "$SDK_COMPONENTS" | sed 's/,$//'}" >> $GITHUB_ENV - id: setup-gcloud-sdk name: 'Set up Cloud SDK' @@ -97,7 +97,7 @@ runs: with: version: '>= ${{ inputs.gcloud_version }}' project_id: ${{ inputs.gcp_project_id }} - install_components: ${{ env.SDK_COMPONENTS }} + install_components: ${{ env.install_components }} - id: get-credentials if: inputs.configure_gke == 'true' From 73ef98037f90755813331c7fdac85ae81a5dd206 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 15:32:53 +0200 Subject: [PATCH 21/97] fix: correct SDK components string interpolation in gcloud configuration script --- .../dynamic-staging-envs/configure-gcloud-sdk/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 45a08b26..47ee39bb 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -89,7 +89,7 @@ runs: if [ '${{ inputs.configure_gke }}' == 'true' ]; then SDK_COMPONENTS+='gke-gcloud-auth-plugin,' fi - echo "install_components=${echo "$SDK_COMPONENTS" | sed 's/,$//'}" >> $GITHUB_ENV + echo "install_components=$(echo "$SDK_COMPONENTS" | sed 's/,$//')" >> $GITHUB_ENV - id: setup-gcloud-sdk name: 'Set up Cloud SDK' From 3bd12da7a28560b70d07f1b71776a7f75e12c4f8 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 15:48:08 +0200 Subject: [PATCH 22/97] add: print kubectl version --- .../configure-gcloud-sdk/action.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index 47ee39bb..a6a3725a 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -11,6 +11,10 @@ inputs: description: 'Whether to configure GKE.' required: false default: 'false' + install_kubectl: + description: 'Whether to install kubectl.' + required: false + default: 'true' cluster_name: description: 'The name of the GKE cluster.' @@ -105,4 +109,10 @@ runs: uses: 'google-github-actions/get-gke-credentials@v2' with: cluster_name: ${{ inputs.cluster_name }} - location: ${{ inputs.location }} \ No newline at end of file + location: ${{ inputs.location }} + + - id: kubectl-version + name: 'Print kubectl version' + shell: bash + run: | + kubectl version \ No newline at end of file From 19802c60d9bc7023418621446dd261427e191938 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 16:13:46 +0200 Subject: [PATCH 23/97] feat: add configurable kubectl version and replace manual installation with Azure action --- .../configure-gcloud-sdk/action.yaml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml index a6a3725a..af3d514d 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml @@ -11,10 +11,15 @@ inputs: description: 'Whether to configure GKE.' required: false default: 'false' + install_kubectl: description: 'Whether to install kubectl.' required: false default: 'true' + kubectl_version: + description: 'The version of kubectl to install.' + required: false + default: 'v1.33.1' cluster_name: description: 'The name of the GKE cluster.' @@ -111,8 +116,8 @@ runs: cluster_name: ${{ inputs.cluster_name }} location: ${{ inputs.location }} - - id: kubectl-version - name: 'Print kubectl version' - shell: bash - run: | - kubectl version \ No newline at end of file + - id: install-kubectl + if: inputs.install_kubectl == 'true' + uses: azure/setup-kubectl@v4 + with: + version: ${{ inputs.kubectl_version }} \ No newline at end of file From 885f70334c517b760057dd4e55b72f1ac3b515ba Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 17:06:36 +0200 Subject: [PATCH 24/97] feat: add support for custom variables in terragrunt commands --- .../execute-terragrunt/action.yaml | 41 ++++++++----------- 1 file changed, 16 insertions(+), 25 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 01ea9d19..02674100 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -48,6 +48,9 @@ inputs: - `output`: Output the terragrunt resources to the file specified by `terragrunt_output_file_name`. - `destroy`: Destroy the specific terragrunt resources. required: true + terragrunt_command_vars: + description: 'The variables to pass to the terragrunt command.' + required: false terragrunt_output_file_name: description: 'The name of the file to output the terragrunt outputs to.' required: false @@ -93,6 +96,14 @@ runs: exit 1 fi + if [ ! -z "${{ inputs.terragrunt_command_vars }}" ]; then + COMMAND_VARS="" + for var in ${{ inputs.terragrunt_command_vars }}; do + COMMAND_VARS="$COMMAND_VARS -var $var" + done + echo "command_vars=$COMMAND_VARS" >> $GITHUB_ENV + fi + - id: checkout-infrastructure-repository name: Checkout Infrastructure Repository uses: actions/checkout@v4 @@ -128,8 +139,9 @@ runs: tf_version: ${{ inputs.terraform_version || null }} tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} - tg_add_approve: 1 - tg_command: apply + tg_add_approve: 0 # 1 + tg_command: plan ${{ env.command_vars }} + # tg_command: apply ${{ env.command_vars }} - id: terragrunt-outputs if: inputs.terragrunt_command == 'outputs' @@ -151,26 +163,5 @@ runs: tf_version: ${{ inputs.terraform_version || null }} tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} - tg_add_approve: false - tg_command: init - - # - id: terragrunt-destroy - # if: inputs.terragrunt_command == 'destroy' - # name: Terragrunt Destroy - # uses: gruntwork-io/terragrunt-action@v2 - # env: - # INPUT_PRE_EXEC_1: | - # git config --global url."https://x-access-token:${{ inputs.github_token }}@github.com/fcm-digital/".insteadOf "ssh://git@github.com/fcm-digital/" - # git config --global url."https://github.com/".insteadOf "ssh://git@github.com/" - # TG_NON_INTERACTIVE: true - # OP_CONNECT_HOST: ${{ inputs.openpassword_host }} - # OP_CONNECT_TOKEN: ${{ inputs.onepassword_token }} - # ARGOCD_SERVER: ${{ inputs.argocd_host }} - # ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} - # with: - # tg_version: ${{ inputs.terragrunt_version }} - # tf_version: ${{ inputs.terraform_version || null }} - # tofu_version: ${{ inputs.opentofu_version || null }} - # tg_dir: ${{ inputs.terragrunt_path }} - # tg_add_approve: false #ToDo: Update to `true` when tests are ready - # # tg_command: destroy + tg_add_approve: 0 + tg_command: init ${{ env.command_vars }} From bd4099def30eacd04677a88d797d7827ca017e0b Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 17:33:22 +0200 Subject: [PATCH 25/97] fix: relocate command_vars --- .../dynamic-staging-envs/execute-terragrunt/action.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 02674100..08d667bb 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -97,9 +97,8 @@ runs: fi if [ ! -z "${{ inputs.terragrunt_command_vars }}" ]; then - COMMAND_VARS="" - for var in ${{ inputs.terragrunt_command_vars }}; do - COMMAND_VARS="$COMMAND_VARS -var $var" + for var in $(echo ${{ inputs.terragrunt_command_vars }} | tr -d '\n'); do + COMMAND_VARS+="-var $var" done echo "command_vars=$COMMAND_VARS" >> $GITHUB_ENV fi From b752820934ed277c874d97f7d61ed03a3baa5546 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 10 Jul 2025 17:39:20 +0200 Subject: [PATCH 26/97] fix: correct variable handling in terragrunt command execution --- .../dynamic-staging-envs/execute-terragrunt/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 08d667bb..a4050c5d 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -96,8 +96,8 @@ runs: exit 1 fi - if [ ! -z "${{ inputs.terragrunt_command_vars }}" ]; then - for var in $(echo ${{ inputs.terragrunt_command_vars }} | tr -d '\n'); do + if [ ! -z '${{ inputs.terragrunt_command_vars }}' ]; then + for var in '${{ inputs.terragrunt_command_vars }}' ); do COMMAND_VARS+="-var $var" done echo "command_vars=$COMMAND_VARS" >> $GITHUB_ENV From 38384c47121dbdefa942b0a2514f5d9e6f25a618 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 11 Jul 2025 07:56:39 +0200 Subject: [PATCH 27/97] fix: correctly parse and format terragrunt command variables with proper spacing --- .../dynamic-staging-envs/execute-terragrunt/action.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index a4050c5d..f7614ed6 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -96,9 +96,10 @@ runs: exit 1 fi - if [ ! -z '${{ inputs.terragrunt_command_vars }}' ]; then - for var in '${{ inputs.terragrunt_command_vars }}' ); do - COMMAND_VARS+="-var $var" + INPUT_COMMANDS=$(echo ${{ inputs.terragrunt_command }} | tr '\n' ' ') + if [ ! -z "$INPUT_COMMANDS" ]; then + for var in $INPUT_COMMANDS; do + COMMAND_VARS+="-var $var " done echo "command_vars=$COMMAND_VARS" >> $GITHUB_ENV fi From 9f7f2a6dd0add89f917ab6af865a5b7fec84d561 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 11 Jul 2025 08:09:02 +0200 Subject: [PATCH 28/97] fix: correct input variable name from terragrunt_command to terragrunt_command_vars --- .../actions/dynamic-staging-envs/execute-terragrunt/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index f7614ed6..20013ba6 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -96,7 +96,7 @@ runs: exit 1 fi - INPUT_COMMANDS=$(echo ${{ inputs.terragrunt_command }} | tr '\n' ' ') + INPUT_COMMANDS=$(echo ${{ inputs.terragrunt_command_vars }} | tr '\n' ' ') if [ ! -z "$INPUT_COMMANDS" ]; then for var in $INPUT_COMMANDS; do COMMAND_VARS+="-var $var " From 0278250561460a9d2e2f4562a80b2989dab55d5d Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 11 Jul 2025 08:14:15 +0200 Subject: [PATCH 29/97] fix: add doble quotes for INPUT_COMMANDS --- .../actions/dynamic-staging-envs/execute-terragrunt/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml index 20013ba6..52bbcf66 100644 --- a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml +++ b/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml @@ -96,7 +96,7 @@ runs: exit 1 fi - INPUT_COMMANDS=$(echo ${{ inputs.terragrunt_command_vars }} | tr '\n' ' ') + INPUT_COMMANDS=$(echo "${{ inputs.terragrunt_command_vars }}" | tr '\n' ' ') if [ ! -z "$INPUT_COMMANDS" ]; then for var in $INPUT_COMMANDS; do COMMAND_VARS+="-var $var " From 44bb2c6f287671a91371c89cd195ce0a9dab35df Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 14 Jul 2025 07:54:23 +0200 Subject: [PATCH 30/97] feat: add CloudSQL management actions for instance ownership, snapshot restoration, and startup --- .../cloudsql-instance-new-owner/action.yaml | 112 ++++++++++++++++++ .../cloudsql-restore-snapshot/action.yaml | 74 ++++++++++++ .../cloudsql-start-instance/action.yaml | 31 +++++ .../gcloud-sdk-configure}/action.yaml | 41 ++++--- .../execute-terragrunt/action.yaml | 0 5 files changed, 240 insertions(+), 18 deletions(-) create mode 100644 .github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml create mode 100644 .github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml create mode 100644 .github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml rename .github/actions/{dynamic-staging-envs/configure-gcloud-sdk => google-cloud-platform/gcloud-sdk-configure}/action.yaml (97%) rename .github/actions/{dynamic-staging-envs => infrastructure}/execute-terragrunt/action.yaml (100%) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml new file mode 100644 index 00000000..370e11ff --- /dev/null +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -0,0 +1,112 @@ +--- +name: 'CloudSQL Instance New Owner' +description: 'Reassign the owner of a CloudSQL instance to a new owner.' + +inputs: + gcloud-sdk-configure: + description: 'Whether to configure GCloud SDK.' + required: false + default: 'false' + + app_name: + description: 'The name of the application.' + required: true + destination-environment: + description: 'The destination environment.' + required: true + + db-postgres-password: + description: 'The password for the PostgreSQL database.' + required: false + default: '' + db-appuser-password: + description: 'The password for the App User.' + required: false + default: '' + +runs: + using: "composite" + steps: + - id: gcloud-sdk-configure + if: inputs.gcloud-sdk-configure == 'true' + name: 'Configure GCloud SDK' + uses: fcm-digital/.github/.github/actions/dynamic-staging-envs/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + + - id: onepassword-secret-postgres + if: inputs.db-postgres-password == '' + name: Load OnePassword secret [postgres user] + uses: 1password/load-secrets-action@v2 + env: + POSTGRES_PGUSER: postgres + POSTGRES_PGPASSWORD: op://staging-secrets/restored-db-credentials/password + with: + export-env: true + + - id: onepassword-secret-appuser + if: inputs.db-appuser-password == '' + name: Load OnePassword secret [appuser user] + uses: 1password/load-secrets-action@v2 + env: + APPUSER_PGUSER: op://infra-stg/cloudsql-${{ inputs.app_name }}-stg-${{ }}-${{ inputs.destination-environment }}/username + APPUSER_PGPASSWORD: op://infra-stg/cloudsql-${{ inputs.app_name }}-stg-${{ }}-${{ inputs.destination-environment }}/password + with: + export-env: true + + - id: get-db-instance-secrets + name: Get DB Instance Secrets + shell: bash + run: | + if [[ -z "${{ env.POSTGRES_PGPASSWORD }}" ]]; then + echo "postgres_pgpas=${{ inputs.db-postgres-password }}" >> $GITHUB_ENV + else + echo "postgres_pgpas=${{ env.POSTGRES_PGPASSWORD }}" >> $GITHUB_ENV + fi + echo "postgres_pgusr=postgres" >> $GITHUB_ENV + + if [[ -z "${{ env.APPUSER_PGPASSWORD }}" || & -z "${{ env.APPUSER_PGUSER }}" ]]; then + echo "appuser_pgusr=${{ inputs.db-appuser-user }}" >> $GITHUB_ENV + echo "appuser_pgpwd=${{ inputs.db-appuser-password }}" >> $GITHUB_ENV + else + echo "appuser_pgusr=${{ env.APPUSER_PGUSER }}" >> $GITHUB_ENV + echo "appuser_pgpwd=${{ env.APPUSER_PGPASSWORD }}" >> $GITHUB_ENV + fi + + - id: restore-postgres-user-password + name: Restore Postgres User Password + env: + DESTINATION_INSTANCE_ID: ${{ steps.destination-instance-id.outputs.destination_instance_id }} + PGUSER: 'postgres' + shell: bash + run: | + gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} + + - id: install-psql + name: Install PostgreSQL Client + shell: bash + run: | + sudo apt-get update + sudo apt-get install --yes --no-install-recommends postgresql-client + + - id: test-instance-connection + name: Test Instance Connection + shell: bash + env: + DB_HOST: ${{ env.DB_HOST }} + DB_USER: ${{ env.appuser_pgusr }} + DB_NAME: ${{ env.app_name }}-${{ inputs.destination_environment }} + DB_PASSWORD: ${{ env.appuser_pgpwd }} + run: | + psql -h ${{ env.DB_HOST }} -U ${{ env.appuser_pgusr }} -W ${{ env.appuser_pgpwd }}-d ${{ env.app_name }} -c 'SELECT 1' + + - id: 'run-postgres-config' + name: 'Configure restored PostgreSQL database' + shell: bash + run: |- + psql --host=localhost --port=5432 --username=postgres < + 'The ID of the snapshot to restore. + (If not provided, the process will restore the last snapshot from the snapshot-instance)' + required: false + +runs: + using: "composite" + steps: + - id: gcloud-sdk-configure + if: inputs.gcloud-sdk-configure == 'true' + name: 'Configure GCloud SDK' + uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + + - id: get-last-snapshot + name: 'Get Last Snapshot' + shell: bash + run: | + if [[ -z '${{ inputs.snapshot-id }}'' ]]; + echo "No Snapshot ID provided, getting last snapshot from ${{ inputs.snapshot-instance }}..." + LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --limit=1 | tail -n 1 | awk '{print $1}') + if [ $? -ne 0 ] && [ -z "$LAST_INSTANCE_BACKUP" ]; then + echo "Failed to get last backup for CloudSQL instance: $SNAPSHOT_FROM" + exit 1 + fi + else + LAST_INSTANCE_BACKUP=${{ inputs.snapshot-id }} + fi + echo "Last backup for CloudSQL instance ${{ inputs.snapshot-instance }}: $LAST_INSTANCE_BACKUP" + echo "last_instance_backup=$LAST_INSTANCE_BACKUP" >> $GITHUB_ENV + + - id: restore-snapshot + name: 'Restore Snapshot' + shell: bash + run: | + echo "Restoring CloudSQL instance ${{ inputs.restore-instance }} using backup: ${{ env.last_instance_backup }} from ${{ inputs.snapshot-instance }}..." + echo "gcloud sql backups restore ${{ env.last_instance_backup }} --restore-instance=${{ inputs.restore-instance }} --backup-instance=${{ inputs.snapshot-instance }}" + if [ $? -ne 0 ]; then + echo "Failed to restore CloudSQL instance: ${{ inputs.restore-instance }}" + exit 1 + fi + echo "CloudSQL instance ${{ inputs.restore-instance }} restored successfully." + + # - id: set-instance-new-owner + # if: inputs.set-instance-new-owner == 'true' && inputs.destination-environment != '' + # name: 'Set New Owner for Restored Instance' + # uses: fcm-digital/.github/.github/actions/google-cloud-platform/cloudsql-instance-new-owner@sc-23004-dynamic-staging-envs + # with: + # gcloud-sdk-configure: 'false' + # destination-environment: ${{ inputs.destination-environment }} diff --git a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml new file mode 100644 index 00000000..8aad7eee --- /dev/null +++ b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml @@ -0,0 +1,31 @@ +name: 'CloudSQL Start Instance' +description: 'Start a CloudSQL instance.' + +inputs: + gcloud-sdk-configure: + description: 'Whether to configure GCloud SDK.' + required: false + default: 'false' + instance: + description: 'The CloudSQL instance to start.' + required: true + +runs: + using: "composite" + steps: + - id: gcloud-sdk-configure + if: inputs.gcloud-sdk-configure == 'true' + name: 'Configure GCloud SDK' + uses: fcm-digital/.github/.github/actions/dynamic-staging-envs/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + + - id: start-instance + name: 'Start CloudSQL Instance' + shell: bash + run: | + echo "Starting CloudSQL instance...: ${{ inputs.instance }}" + gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS + if [ $? -ne 0 ]; then + echo "Failed to start CloudSQL instance: ${{ inputs.instance }}" + exit 1 + fi + echo "CloudSQL instance ${{ inputs.instance }} started successfully." diff --git a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml b/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml similarity index 97% rename from .github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml rename to .github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml index af3d514d..2aaea4e5 100644 --- a/.github/actions/dynamic-staging-envs/configure-gcloud-sdk/action.yaml +++ b/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml @@ -12,24 +12,6 @@ inputs: required: false default: 'false' - install_kubectl: - description: 'Whether to install kubectl.' - required: false - default: 'true' - kubectl_version: - description: 'The version of kubectl to install.' - required: false - default: 'v1.33.1' - - cluster_name: - description: 'The name of the GKE cluster.' - required: false - default: 'fcm-platform-stg-euw1' - location: - description: 'The location of the GKE cluster.' - required: false - default: 'europe-west1' - gcp_json: description: 'The Service Account that contains the permissions to GCP.' required: false @@ -64,6 +46,29 @@ inputs: description: 'The gcloud command to execute.' required: true + # ----------------------------- + # Additional configurations + # ----------------------------- + + # Kubectl + install_kubectl: + description: 'Whether to install kubectl.' + required: false + default: 'true' + kubectl_version: + description: 'The version of kubectl to install.' + required: false + default: 'v1.33.1' + + cluster_name: + description: 'The name of the GKE cluster.' + required: false + default: 'fcm-platform-stg-euw1' + location: + description: 'The location of the GKE cluster.' + required: false + default: 'europe-west1' + runs: using: "composite" diff --git a/.github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml b/.github/actions/infrastructure/execute-terragrunt/action.yaml similarity index 100% rename from .github/actions/dynamic-staging-envs/execute-terragrunt/action.yaml rename to .github/actions/infrastructure/execute-terragrunt/action.yaml From 8f534c65968092741cc8f0bbaad0be8a9a6a1b51 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 14 Jul 2025 08:11:01 +0200 Subject: [PATCH 31/97] fix: update gcloud-sdk-configure action path and echo SQL instance patch command --- .../cloudsql-instance-new-owner/action.yaml | 2 +- .../google-cloud-platform/cloudsql-start-instance/action.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 370e11ff..83457fe4 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -30,7 +30,7 @@ runs: - id: gcloud-sdk-configure if: inputs.gcloud-sdk-configure == 'true' name: 'Configure GCloud SDK' - uses: fcm-digital/.github/.github/actions/dynamic-staging-envs/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs - id: onepassword-secret-postgres if: inputs.db-postgres-password == '' diff --git a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml index 8aad7eee..c9acec72 100644 --- a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml @@ -16,14 +16,14 @@ runs: - id: gcloud-sdk-configure if: inputs.gcloud-sdk-configure == 'true' name: 'Configure GCloud SDK' - uses: fcm-digital/.github/.github/actions/dynamic-staging-envs/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs - id: start-instance name: 'Start CloudSQL Instance' shell: bash run: | echo "Starting CloudSQL instance...: ${{ inputs.instance }}" - gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS + echo "gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS" if [ $? -ne 0 ]; then echo "Failed to start CloudSQL instance: ${{ inputs.instance }}" exit 1 From 90f21f7aa0c668692e81bacab98815784a5ed2a4 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 14 Jul 2025 08:58:44 +0200 Subject: [PATCH 32/97] fix: remove duplicated single quota inside if statement --- .../google-cloud-platform/cloudsql-restore-snapshot/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml index eafc4d9f..c6c4a8f8 100644 --- a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml @@ -40,7 +40,7 @@ runs: name: 'Get Last Snapshot' shell: bash run: | - if [[ -z '${{ inputs.snapshot-id }}'' ]]; + if [[ -z '${{ inputs.snapshot-id }}' ]]; echo "No Snapshot ID provided, getting last snapshot from ${{ inputs.snapshot-instance }}..." LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --limit=1 | tail -n 1 | awk '{print $1}') if [ $? -ne 0 ] && [ -z "$LAST_INSTANCE_BACKUP" ]; then From 3ccd1d96163e3e4257749aac2471973b9c3fb9f6 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 14 Jul 2025 10:31:58 +0200 Subject: [PATCH 33/97] refactor: optimize GCP actions with conditional kubectl install and improved CloudSQL instance handling --- .../cloudsql-instance-new-owner/action.yaml | 18 ++++++++---------- .../cloudsql-restore-snapshot/action.yaml | 3 ++- .../gcloud-sdk-configure/action.yaml | 2 +- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 83457fe4..fadec927 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -15,6 +15,9 @@ inputs: description: 'The destination environment.' required: true + instance: + description: 'The CloudSQL instance to reassign the owner of.' + required: true db-postgres-password: description: 'The password for the PostgreSQL database.' required: false @@ -87,16 +90,11 @@ runs: sudo apt-get update sudo apt-get install --yes --no-install-recommends postgresql-client - - id: test-instance-connection - name: Test Instance Connection - shell: bash - env: - DB_HOST: ${{ env.DB_HOST }} - DB_USER: ${{ env.appuser_pgusr }} - DB_NAME: ${{ env.app_name }}-${{ inputs.destination_environment }} - DB_PASSWORD: ${{ env.appuser_pgpwd }} - run: | - psql -h ${{ env.DB_HOST }} -U ${{ env.appuser_pgusr }} -W ${{ env.appuser_pgpwd }}-d ${{ env.app_name }} -c 'SELECT 1' + - id: instance-connection + name: Instance Connection + uses: fcm-digital/.github/.github/actions/google-cloud-platform/cloudsql-instance-connection@sc-23004-dynamic-staging-envs + with: + instance: ${{ inputs.instance }} - id: 'run-postgres-config' name: 'Configure restored PostgreSQL database' diff --git a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml index c6c4a8f8..4bd42719 100644 --- a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml @@ -70,5 +70,6 @@ runs: # name: 'Set New Owner for Restored Instance' # uses: fcm-digital/.github/.github/actions/google-cloud-platform/cloudsql-instance-new-owner@sc-23004-dynamic-staging-envs # with: - # gcloud-sdk-configure: 'false' + # gcloud-sdk-configure: 'true' + # instance: ${{ inputs.restore-instance }} # destination-environment: ${{ inputs.destination-environment }} diff --git a/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml b/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml index 2aaea4e5..642e5a51 100644 --- a/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml +++ b/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml @@ -122,7 +122,7 @@ runs: location: ${{ inputs.location }} - id: install-kubectl - if: inputs.install_kubectl == 'true' + if: inputs.install_kubectl == 'true' && inputs.configure_gke == 'true' uses: azure/setup-kubectl@v4 with: version: ${{ inputs.kubectl_version }} \ No newline at end of file From 86d1d7c4da0723c5c0daaa7bc507122839114b83 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 14 Jul 2025 10:45:13 +0200 Subject: [PATCH 34/97] fix: add missing 'then' keyword --- .../google-cloud-platform/cloudsql-restore-snapshot/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml index 4bd42719..7c43e98a 100644 --- a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml @@ -40,7 +40,7 @@ runs: name: 'Get Last Snapshot' shell: bash run: | - if [[ -z '${{ inputs.snapshot-id }}' ]]; + if [[ -z '${{ inputs.snapshot-id }}' ]]; then echo "No Snapshot ID provided, getting last snapshot from ${{ inputs.snapshot-instance }}..." LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --limit=1 | tail -n 1 | awk '{print $1}') if [ $? -ne 0 ] && [ -z "$LAST_INSTANCE_BACKUP" ]; then From c9535b091a70f54e6297957b44bbc37d73408865 Mon Sep 17 00:00:00 2001 From: Samuel Crespo Date: Tue, 15 Jul 2025 12:36:50 +0200 Subject: [PATCH 35/97] Add sleep for debug --- .github/actions/infrastructure/execute-terragrunt/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/infrastructure/execute-terragrunt/action.yaml b/.github/actions/infrastructure/execute-terragrunt/action.yaml index 52bbcf66..30eff41c 100644 --- a/.github/actions/infrastructure/execute-terragrunt/action.yaml +++ b/.github/actions/infrastructure/execute-terragrunt/action.yaml @@ -91,6 +91,7 @@ runs: name: Setup versions shell: bash run: | + sleep 300 if [ -z "${{ inputs.terraform_version }}" && -z "${{ inputs.opentofu_version }}" ]; then echo "error: terraform_version or opentofu_version is required" exit 1 From ee72466109c9bb48fec29b4f1502ec4194de1c82 Mon Sep 17 00:00:00 2001 From: Samuel Crespo Date: Tue, 15 Jul 2025 12:45:36 +0200 Subject: [PATCH 36/97] Revert "Add sleep for debug" This reverts commit c9535b091a70f54e6297957b44bbc37d73408865. --- .github/actions/infrastructure/execute-terragrunt/action.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/infrastructure/execute-terragrunt/action.yaml b/.github/actions/infrastructure/execute-terragrunt/action.yaml index 30eff41c..52bbcf66 100644 --- a/.github/actions/infrastructure/execute-terragrunt/action.yaml +++ b/.github/actions/infrastructure/execute-terragrunt/action.yaml @@ -91,7 +91,6 @@ runs: name: Setup versions shell: bash run: | - sleep 300 if [ -z "${{ inputs.terraform_version }}" && -z "${{ inputs.opentofu_version }}" ]; then echo "error: terraform_version or opentofu_version is required" exit 1 From 2cc0aa9c9103b3cc3e36a2eae35c71756314c0a5 Mon Sep 17 00:00:00 2001 From: Samuel Crespo Date: Tue, 15 Jul 2025 15:10:39 +0200 Subject: [PATCH 37/97] Enable apply --- .github/actions/infrastructure/execute-terragrunt/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/infrastructure/execute-terragrunt/action.yaml b/.github/actions/infrastructure/execute-terragrunt/action.yaml index 52bbcf66..620a1dcd 100644 --- a/.github/actions/infrastructure/execute-terragrunt/action.yaml +++ b/.github/actions/infrastructure/execute-terragrunt/action.yaml @@ -140,8 +140,8 @@ runs: tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} tg_add_approve: 0 # 1 - tg_command: plan ${{ env.command_vars }} - # tg_command: apply ${{ env.command_vars }} + # tg_command: plan ${{ env.command_vars }} + tg_command: apply ${{ env.command_vars }} - id: terragrunt-outputs if: inputs.terragrunt_command == 'outputs' From 1f429c5379dac463d07ee6e9b016099f71c9ebd3 Mon Sep 17 00:00:00 2001 From: Samuel Crespo Date: Tue, 15 Jul 2025 15:17:47 +0200 Subject: [PATCH 38/97] Enable auto approve --- .github/actions/infrastructure/execute-terragrunt/action.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/actions/infrastructure/execute-terragrunt/action.yaml b/.github/actions/infrastructure/execute-terragrunt/action.yaml index 620a1dcd..00fcd8b2 100644 --- a/.github/actions/infrastructure/execute-terragrunt/action.yaml +++ b/.github/actions/infrastructure/execute-terragrunt/action.yaml @@ -139,8 +139,7 @@ runs: tf_version: ${{ inputs.terraform_version || null }} tofu_version: ${{ inputs.opentofu_version || null }} tg_dir: ${{ inputs.terragrunt_path }} - tg_add_approve: 0 # 1 - # tg_command: plan ${{ env.command_vars }} + tg_add_approve: 1 tg_command: apply ${{ env.command_vars }} - id: terragrunt-outputs From 4702ba2b9c20d92fbf072fea95b57707c74b3b16 Mon Sep 17 00:00:00 2001 From: Samuel Crespo Date: Wed, 16 Jul 2025 18:50:39 +0200 Subject: [PATCH 39/97] Enable start of instances --- .../google-cloud-platform/cloudsql-start-instance/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml index c9acec72..72daca90 100644 --- a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml @@ -23,7 +23,7 @@ runs: shell: bash run: | echo "Starting CloudSQL instance...: ${{ inputs.instance }}" - echo "gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS" + gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS if [ $? -ne 0 ]; then echo "Failed to start CloudSQL instance: ${{ inputs.instance }}" exit 1 From 3dc7e03c7169fbdc63353e6a096926b1c058e7a0 Mon Sep 17 00:00:00 2001 From: Samuel Crespo Date: Wed, 16 Jul 2025 18:53:02 +0200 Subject: [PATCH 40/97] Enable restore of snapshots --- .../cloudsql-restore-snapshot/action.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml index 7c43e98a..2690b4fe 100644 --- a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml @@ -7,7 +7,7 @@ inputs: description: 'Whether to configure GCloud SDK.' required: false default: 'false' - + set-instance-new-owner: description: 'Whether to set the new owner of the restored instance.' required: false @@ -42,7 +42,7 @@ runs: run: | if [[ -z '${{ inputs.snapshot-id }}' ]]; then echo "No Snapshot ID provided, getting last snapshot from ${{ inputs.snapshot-instance }}..." - LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --limit=1 | tail -n 1 | awk '{print $1}') + LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --limit=1 | tail -n 1 | awk '{print $1}') if [ $? -ne 0 ] && [ -z "$LAST_INSTANCE_BACKUP" ]; then echo "Failed to get last backup for CloudSQL instance: $SNAPSHOT_FROM" exit 1 @@ -58,7 +58,7 @@ runs: shell: bash run: | echo "Restoring CloudSQL instance ${{ inputs.restore-instance }} using backup: ${{ env.last_instance_backup }} from ${{ inputs.snapshot-instance }}..." - echo "gcloud sql backups restore ${{ env.last_instance_backup }} --restore-instance=${{ inputs.restore-instance }} --backup-instance=${{ inputs.snapshot-instance }}" + gcloud sql backups restore ${{ env.last_instance_backup }} --restore-instance=${{ inputs.restore-instance }} --backup-instance=${{ inputs.snapshot-instance }} if [ $? -ne 0 ]; then echo "Failed to restore CloudSQL instance: ${{ inputs.restore-instance }}" exit 1 From 6c20c83b30606156d2c0f6bc00e5e1fff7c9ca6f Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 21 Jul 2025 12:44:24 +0200 Subject: [PATCH 41/97] refactor: update CloudSQL actions with improved instance ownership and connection management --- .../cloudsql-instance-new-owner/action.yaml | 108 +++++++----------- .../cloudsql-restore-snapshot/action.yaml | 17 --- 2 files changed, 43 insertions(+), 82 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index fadec927..7dc2488b 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -8,24 +8,36 @@ inputs: required: false default: 'false' - app_name: + app-name: description: 'The name of the application.' required: true - destination-environment: - description: 'The destination environment.' + service-name: + description: 'The name of the specific service (part of the app-name).' + required: true + database-name: + description: 'The prefix name of the database.' + required: true + + restore-environment: + description: 'The environment to which the instance is being restored.' + required: true + snapshot-environment: + description: 'The environment from which the snapshot was taken.' required: true - instance: - description: 'The CloudSQL instance to reassign the owner of.' + restore-instance: + description: 'The CloudSQL instance ID to reassign the owner of.' + required: true + private-ip-instance: + description: 'The CloudSQL private IP of the restored instance.' required: true - db-postgres-password: + + postgres-user-pwd: description: 'The password for the PostgreSQL database.' - required: false - default: '' - db-appuser-password: + required: true + appname-user-pwd: description: 'The password for the App User.' - required: false - default: '' + required: true runs: using: "composite" @@ -35,53 +47,23 @@ runs: name: 'Configure GCloud SDK' uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs - - id: onepassword-secret-postgres - if: inputs.db-postgres-password == '' - name: Load OnePassword secret [postgres user] - uses: 1password/load-secrets-action@v2 - env: - POSTGRES_PGUSER: postgres - POSTGRES_PGPASSWORD: op://staging-secrets/restored-db-credentials/password - with: - export-env: true - - - id: onepassword-secret-appuser - if: inputs.db-appuser-password == '' - name: Load OnePassword secret [appuser user] - uses: 1password/load-secrets-action@v2 - env: - APPUSER_PGUSER: op://infra-stg/cloudsql-${{ inputs.app_name }}-stg-${{ }}-${{ inputs.destination-environment }}/username - APPUSER_PGPASSWORD: op://infra-stg/cloudsql-${{ inputs.app_name }}-stg-${{ }}-${{ inputs.destination-environment }}/password - with: - export-env: true - - - id: get-db-instance-secrets - name: Get DB Instance Secrets - shell: bash - run: | - if [[ -z "${{ env.POSTGRES_PGPASSWORD }}" ]]; then - echo "postgres_pgpas=${{ inputs.db-postgres-password }}" >> $GITHUB_ENV - else - echo "postgres_pgpas=${{ env.POSTGRES_PGPASSWORD }}" >> $GITHUB_ENV - fi - echo "postgres_pgusr=postgres" >> $GITHUB_ENV - - if [[ -z "${{ env.APPUSER_PGPASSWORD }}" || & -z "${{ env.APPUSER_PGUSER }}" ]]; then - echo "appuser_pgusr=${{ inputs.db-appuser-user }}" >> $GITHUB_ENV - echo "appuser_pgpwd=${{ inputs.db-appuser-password }}" >> $GITHUB_ENV - else - echo "appuser_pgusr=${{ env.APPUSER_PGUSER }}" >> $GITHUB_ENV - echo "appuser_pgpwd=${{ env.APPUSER_PGPASSWORD }}" >> $GITHUB_ENV - fi - - id: restore-postgres-user-password name: Restore Postgres User Password env: - DESTINATION_INSTANCE_ID: ${{ steps.destination-instance-id.outputs.destination_instance_id }} + DESTINATION_INSTANCE_ID: ${{ inputs.restore-instance }} PGUSER: 'postgres' + PGPASSWORD: ${{ inputs.postgres-user-pwd }} shell: bash - run: | - gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} + run: echo "gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD}" + + - id: create-app-user + name: 'Create database user and password' + env: + DESTINATION_INSTANCE_ID: ${{ inputs.restore-instance }} + PGUSER: '${{ inputs.service-name }}-${{ inputs.restore-environment }}' + PGPASSWORD: ${{ inputs.appname-user-pwd }} + shell: bash + run: echo "gcloud sql users create "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD}" - id: install-psql name: Install PostgreSQL Client @@ -90,21 +72,17 @@ runs: sudo apt-get update sudo apt-get install --yes --no-install-recommends postgresql-client - - id: instance-connection - name: Instance Connection - uses: fcm-digital/.github/.github/actions/google-cloud-platform/cloudsql-instance-connection@sc-23004-dynamic-staging-envs - with: - instance: ${{ inputs.instance }} - - id: 'run-postgres-config' name: 'Configure restored PostgreSQL database' + env: + PGPASSWORD: ${{ inputs.postgres-user-pwd }} shell: bash run: |- - psql --host=localhost --port=5432 --username=postgres < Date: Mon, 21 Jul 2025 13:20:07 +0200 Subject: [PATCH 42/97] feat: add step to test instance connection --- .../cloudsql-instance-new-owner/action.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 7dc2488b..68c81165 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -72,17 +72,26 @@ runs: sudo apt-get update sudo apt-get install --yes --no-install-recommends postgresql-client + - id: test-connection + env: + PGPASSWORD: ${{ inputs.postgres-user-pwd }} + run: | + psql --host=localhost --port=5432 --username=postgres -c "SELECT 1;" + shell: bash + - id: 'run-postgres-config' name: 'Configure restored PostgreSQL database' env: PGPASSWORD: ${{ inputs.postgres-user-pwd }} shell: bash run: |- - psql --host=${{ inputs.private-ip-instance }} --port=5432 --username=postgres < Date: Mon, 21 Jul 2025 13:42:58 +0200 Subject: [PATCH 43/97] feat: add gcp-project-id input --- .../cloudsql-instance-new-owner/action.yaml | 11 ++++++++--- .../cloudsql-restore-snapshot/action.yaml | 9 +++++++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 68c81165..ab96ad0e 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -7,6 +7,9 @@ inputs: description: 'Whether to configure GCloud SDK.' required: false default: 'false' + gcp-project-id: + description: 'The GCP project ID.' + required: true app-name: description: 'The name of the application.' @@ -46,6 +49,8 @@ runs: if: inputs.gcloud-sdk-configure == 'true' name: 'Configure GCloud SDK' uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + with: + gcp-project-id: ${{ inputs.gcp-project-id }} - id: restore-postgres-user-password name: Restore Postgres User Password @@ -54,7 +59,7 @@ runs: PGUSER: 'postgres' PGPASSWORD: ${{ inputs.postgres-user-pwd }} shell: bash - run: echo "gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD}" + run: echo "gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} --project=${{ inputs.gcp-project-id }}" - id: create-app-user name: 'Create database user and password' @@ -63,7 +68,7 @@ runs: PGUSER: '${{ inputs.service-name }}-${{ inputs.restore-environment }}' PGPASSWORD: ${{ inputs.appname-user-pwd }} shell: bash - run: echo "gcloud sql users create "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD}" + run: echo "gcloud sql users create "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} --project=${{ inputs.gcp-project-id }}" - id: install-psql name: Install PostgreSQL Client @@ -76,7 +81,7 @@ runs: env: PGPASSWORD: ${{ inputs.postgres-user-pwd }} run: | - psql --host=localhost --port=5432 --username=postgres -c "SELECT 1;" + psql --host=${{ inputs.private-ip-instance }} --port=5432 --username=postgres -c "SELECT 1;" shell: bash - id: 'run-postgres-config' diff --git a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml index 8766e876..c81cb267 100644 --- a/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-restore-snapshot/action.yaml @@ -7,6 +7,9 @@ inputs: description: 'Whether to configure GCloud SDK.' required: false default: 'false' + gcp-project-id: + description: 'The GCP project ID.' + required: true restore-instance: description: 'The CloudSQL instance to restore the snapshot to.' @@ -27,6 +30,8 @@ runs: if: inputs.gcloud-sdk-configure == 'true' name: 'Configure GCloud SDK' uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + with: + gcp-project-id: ${{ inputs.gcp-project-id }} - id: get-last-snapshot name: 'Get Last Snapshot' @@ -34,7 +39,7 @@ runs: run: | if [[ -z '${{ inputs.snapshot-id }}' ]]; then echo "No Snapshot ID provided, getting last snapshot from ${{ inputs.snapshot-instance }}..." - LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --limit=1 | tail -n 1 | awk '{print $1}') + LAST_INSTANCE_BACKUP=$(gcloud sql backups list --instance=${{ inputs.snapshot-instance }} --filter="STATUS:(SUCCESSFUL)" --project=${{ inputs.gcp-project-id }} --limit=1 | tail -n 1 | awk '{print $1}') if [ $? -ne 0 ] && [ -z "$LAST_INSTANCE_BACKUP" ]; then echo "Failed to get last backup for CloudSQL instance: $SNAPSHOT_FROM" exit 1 @@ -50,7 +55,7 @@ runs: shell: bash run: | echo "Restoring CloudSQL instance ${{ inputs.restore-instance }} using backup: ${{ env.last_instance_backup }} from ${{ inputs.snapshot-instance }}..." - gcloud sql backups restore ${{ env.last_instance_backup }} --restore-instance=${{ inputs.restore-instance }} --backup-instance=${{ inputs.snapshot-instance }} + gcloud sql backups restore ${{ env.last_instance_backup }} --restore-instance=${{ inputs.restore-instance }} --backup-instance=${{ inputs.snapshot-instance }} --project=${{ inputs.gcp-project-id }} if [ $? -ne 0 ]; then echo "Failed to restore CloudSQL instance: ${{ inputs.restore-instance }}" exit 1 From 5e7d75824b6f470c6b302a509c07e6b7ed848d06 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 21 Jul 2025 13:51:08 +0200 Subject: [PATCH 44/97] chore: remove echos and include gcp-project-id input --- .../cloudsql-instance-new-owner/action.yaml | 4 ++-- .../cloudsql-start-instance/action.yaml | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index ab96ad0e..8f2f4cb7 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -59,7 +59,7 @@ runs: PGUSER: 'postgres' PGPASSWORD: ${{ inputs.postgres-user-pwd }} shell: bash - run: echo "gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} --project=${{ inputs.gcp-project-id }}" + run: gcloud sql users set-password "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} --project=${{ inputs.gcp-project-id }} - id: create-app-user name: 'Create database user and password' @@ -68,7 +68,7 @@ runs: PGUSER: '${{ inputs.service-name }}-${{ inputs.restore-environment }}' PGPASSWORD: ${{ inputs.appname-user-pwd }} shell: bash - run: echo "gcloud sql users create "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} --project=${{ inputs.gcp-project-id }}" + run: gcloud sql users create "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --password=${PGPASSWORD} --project=${{ inputs.gcp-project-id }} - id: install-psql name: Install PostgreSQL Client diff --git a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml index 72daca90..f2bb6d73 100644 --- a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml @@ -6,6 +6,9 @@ inputs: description: 'Whether to configure GCloud SDK.' required: false default: 'false' + gcp-project-id: + description: 'The GCP project ID.' + required: true instance: description: 'The CloudSQL instance to start.' required: true @@ -23,7 +26,7 @@ runs: shell: bash run: | echo "Starting CloudSQL instance...: ${{ inputs.instance }}" - gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS + gcloud sql instances patch ${{ inputs.instance }} --activation-policy=ALWAYS --project=${{ inputs.gcp-project-id }} if [ $? -ne 0 ]; then echo "Failed to start CloudSQL instance: ${{ inputs.instance }}" exit 1 From b491718b0fcfc8a95adef2994cf8289ce9aefa75 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 21 Jul 2025 14:17:13 +0200 Subject: [PATCH 45/97] feat: add remove snapshot user step --- .../cloudsql-instance-new-owner/action.yaml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 8f2f4cb7..2bf2abc9 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -77,26 +77,25 @@ runs: sudo apt-get update sudo apt-get install --yes --no-install-recommends postgresql-client - - id: test-connection - env: - PGPASSWORD: ${{ inputs.postgres-user-pwd }} - run: | - psql --host=${{ inputs.private-ip-instance }} --port=5432 --username=postgres -c "SELECT 1;" - shell: bash - - id: 'run-postgres-config' name: 'Configure restored PostgreSQL database' env: PGPASSWORD: ${{ inputs.postgres-user-pwd }} shell: bash run: |- - psql --host=localhost --port=5432 --username=postgres < Date: Mon, 21 Jul 2025 16:30:18 +0200 Subject: [PATCH 46/97] fix: rename all inputs to use - instead of _ --- .../gcloud-sdk-configure/action.yaml | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml b/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml index 642e5a51..aa242e76 100644 --- a/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml +++ b/.github/actions/google-cloud-platform/gcloud-sdk-configure/action.yaml @@ -3,46 +3,46 @@ name: 'Configure GCloud SDK' description: 'Configure gcloud SDK based on the inputs provided.' inputs: - checkout_local_repository: + checkout-local-repository: description: 'Whether to checkout the local repository.' required: false default: 'true' - configure_gke: + configure-gke: description: 'Whether to configure GKE.' required: false default: 'false' - gcp_json: + gcp-json: description: 'The Service Account that contains the permissions to GCP.' required: false default: '' - gcp_wif_project_id: + gcp-wif-project-id: description: 'The GCP project ID to use for WIF authentication.' required: false default: '896400447443' #fcm-platform-stg-a3dc project - gcp_wif_pool: + gcp-wif-pool: description: 'The GCP WIF Pool to use for authentication.' required: false default: 'dynamic-staging-envs' - gcp_wif_provider: + gcp-wif-provider: description: 'The GCP WIF Provider to use for authentication.' required: false default: 'github-actions' - gcp_wif_service_account: + gcp-wif-service-account: description: 'The GCP SA to use for authentication.' required: false default: 'dynamic-staging-envs@fcm-platform-stg-a3dc.iam.gserviceaccount.com' - gcp_project_id: + gcp-project-id: description: 'The GCP project ID. If provided, this will configure gcloud to use this project ID by default for commands.' required: false default: 'fcm-platform-stg-a3dc' #fcmp-stg project - gcloud_version: + gcloud-version: description: 'The gcloud version to use.' required: false default: '522.0.0' - gcloud_command: + gcloud-command: description: 'The gcloud command to execute.' required: true @@ -51,16 +51,16 @@ inputs: # ----------------------------- # Kubectl - install_kubectl: + install-kubectl: description: 'Whether to install kubectl.' required: false default: 'true' - kubectl_version: + kubectl-version: description: 'The version of kubectl to install.' required: false default: 'v1.33.1' - cluster_name: + cluster-name: description: 'The name of the GKE cluster.' required: false default: 'fcm-platform-stg-euw1' @@ -74,33 +74,33 @@ runs: using: "composite" steps: - id: checkout - if: inputs.checkout_local_repository + if: inputs.checkout-local-repository name: Checkout Local Repository uses: actions/checkout@v4 - id: setup-gcp-credentials - if: inputs.gcp_json != '' + if: inputs.gcp-json != '' name: 'Set Up Google Credentials' uses: google-github-actions/auth@v2 with: - credentials_json: ${{ inputs.gcp_json }} - project_id: ${{ inputs.gcp_project_id }} + credentials_json: ${{ inputs.gcp-json }} + project_id: ${{ inputs.gcp-project-id }} - id: auth-gcp-wif - if: inputs.gcp_json == '' + if: inputs.gcp-json == '' name: Authenticate to GCP via WIF uses: google-github-actions/auth@v2 with: token_format: "access_token" - workload_identity_provider: "projects/${{ inputs.gcp_wif_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" - service_account: ${{ inputs.gcp_wif_service_account }} + workload_identity_provider: "projects/${{ inputs.gcp-wif-project-id }}/locations/global/workloadIdentityPools/${{ inputs.gcp-wif-pool }}/providers/${{ inputs.gcp-wif-provider }}" + service_account: ${{ inputs.gcp-wif-service-account }} - id: generate-sdk-components name: 'Generate SDK Components' shell: bash run: | SDK_COMPONENTS='' - if [ '${{ inputs.configure_gke }}' == 'true' ]; then + if [ '${{ inputs.configure-gke }}' == 'true' ]; then SDK_COMPONENTS+='gke-gcloud-auth-plugin,' fi echo "install_components=$(echo "$SDK_COMPONENTS" | sed 's/,$//')" >> $GITHUB_ENV @@ -109,20 +109,20 @@ runs: name: 'Set up Cloud SDK' uses: 'google-github-actions/setup-gcloud@v2' with: - version: '>= ${{ inputs.gcloud_version }}' - project_id: ${{ inputs.gcp_project_id }} + version: '>= ${{ inputs.gcloud-version }}' + project_id: ${{ inputs.gcp-project-id }} install_components: ${{ env.install_components }} - id: get-credentials - if: inputs.configure_gke == 'true' + if: inputs.configure-gke == 'true' name: 'Get GKE Credentials' uses: 'google-github-actions/get-gke-credentials@v2' with: - cluster_name: ${{ inputs.cluster_name }} + cluster_name: ${{ inputs.cluster-name }} location: ${{ inputs.location }} - id: install-kubectl - if: inputs.install_kubectl == 'true' && inputs.configure_gke == 'true' + if: inputs.install-kubectl == 'true' && inputs.configure-gke == 'true' uses: azure/setup-kubectl@v4 with: - version: ${{ inputs.kubectl_version }} \ No newline at end of file + version: ${{ inputs.kubectl-version }} \ No newline at end of file From 88701eca81f66a8de86f7626f7663b0443340743 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 21 Jul 2025 16:40:39 +0200 Subject: [PATCH 47/97] feat: add gcp-project-id as input --- .../google-cloud-platform/cloudsql-start-instance/action.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml index f2bb6d73..c56dc4e7 100644 --- a/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-start-instance/action.yaml @@ -20,6 +20,8 @@ runs: if: inputs.gcloud-sdk-configure == 'true' name: 'Configure GCloud SDK' uses: fcm-digital/.github/.github/actions/google-cloud-platform/gcloud-sdk-configure@sc-23004-dynamic-staging-envs + with: + gcp-project-id: ${{ inputs.gcp-project-id }} - id: start-instance name: 'Start CloudSQL Instance' From 785a2d65f1540b411c9b8a021448f585f1c47db7 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 21 Jul 2025 16:44:15 +0200 Subject: [PATCH 48/97] fix: indent psql queries --- .../cloudsql-instance-new-owner/action.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 2bf2abc9..be2b6240 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -84,13 +84,13 @@ runs: shell: bash run: |- psql --host=${{ inputs.private-ip-instance }} --port=5432 --username=postgres < Date: Mon, 21 Jul 2025 17:00:08 +0200 Subject: [PATCH 49/97] fix: change SQL user creation to deletion in CloudSQL instance owner action --- .../cloudsql-instance-new-owner/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index be2b6240..4b400fde 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -98,4 +98,4 @@ runs: DESTINATION_INSTANCE_ID: ${{ inputs.restore-instance }} PGUSER: '${{ inputs.service-name }}-${{ inputs.snapshot-environment }}' shell: bash - run: gcloud sql users create "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --project=${{ inputs.gcp-project-id }} + run: gcloud sql users delete "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --project=${{ inputs.gcp-project-id }} From 2d75ca2fa2687be4f2b62c6656ea7c65c27684f3 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 22 Jul 2025 08:58:59 +0200 Subject: [PATCH 50/97] chore: comment remove-user step --- .../cloudsql-instance-new-owner/action.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml index 4b400fde..a772d966 100644 --- a/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml +++ b/.github/actions/google-cloud-platform/cloudsql-instance-new-owner/action.yaml @@ -92,10 +92,10 @@ runs: REASSIGN OWNED BY "${{ inputs.service-name }}-${{ inputs.snapshot-environment }}" TO "${{ inputs.service-name }}-${{ inputs.restore-environment }}"; EOF - - id: 'remove-snapshot-app-user' - name: Remove Snapshot App User - env: - DESTINATION_INSTANCE_ID: ${{ inputs.restore-instance }} - PGUSER: '${{ inputs.service-name }}-${{ inputs.snapshot-environment }}' - shell: bash - run: gcloud sql users delete "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --project=${{ inputs.gcp-project-id }} + # - id: 'remove-snapshot-app-user' + # name: Remove Snapshot App User + # env: + # DESTINATION_INSTANCE_ID: ${{ inputs.restore-instance }} + # PGUSER: '${{ inputs.service-name }}-${{ inputs.snapshot-environment }}' + # shell: bash + # run: gcloud sql users delete "${PGUSER}" --instance="${DESTINATION_INSTANCE_ID}" --project=${{ inputs.gcp-project-id }} From 518152b280eb4c36c844011778b9188347d80b81 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 22 Jul 2025 11:28:44 +0200 Subject: [PATCH 51/97] feat: add setup-k6 with dd integration action --- .github/actions/k6/configure-k6/action.yaml | 34 +++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/actions/k6/configure-k6/action.yaml diff --git a/.github/actions/k6/configure-k6/action.yaml b/.github/actions/k6/configure-k6/action.yaml new file mode 100644 index 00000000..0632ac5b --- /dev/null +++ b/.github/actions/k6/configure-k6/action.yaml @@ -0,0 +1,34 @@ +--- +name: 'Configure k6' +description: 'Configure k6 for performance testing.' + +inputs: + k6-version: + description: 'The version of k6 to use.' + required: false + default: 'latest' + + dd-api-key: + description: 'The DataDog API key to use. (Leave empty to disable DataDog integration.)' + required: true + dd-site: + description: 'The DataDog site to use.' + required: false + default: 'app.datadoghq.eu' + +runs: + using: "composite" + steps: + - id: setup-k6 + name: Setup k6 + uses: grafana/setup-k6-action@v1 + with: + k6-version: ${{ inputs.k6-version }} + + - id: setup-dd-agent + if: dd-api-key != '' + name: Setup DataDog Agent + uses: datadog/agent-github-action@v1 + with: + api_key: ${{ inputs.dd-api-key }} + datadog_site: ${{ inputs.datadog-site }} From 9578dab5a7dabebe1da498138595267b14c64e62 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 22 Jul 2025 12:32:48 +0200 Subject: [PATCH 52/97] feat: update deprecated dd action --- .github/actions/k6/configure-k6/action.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/actions/k6/configure-k6/action.yaml b/.github/actions/k6/configure-k6/action.yaml index 0632ac5b..7f4a18a1 100644 --- a/.github/actions/k6/configure-k6/action.yaml +++ b/.github/actions/k6/configure-k6/action.yaml @@ -11,6 +11,9 @@ inputs: dd-api-key: description: 'The DataDog API key to use. (Leave empty to disable DataDog integration.)' required: true + dd-languages: + description: 'The languages to use for DataDog integration.' + required: true dd-site: description: 'The DataDog site to use.' required: false @@ -26,9 +29,10 @@ runs: k6-version: ${{ inputs.k6-version }} - id: setup-dd-agent - if: dd-api-key != '' - name: Setup DataDog Agent - uses: datadog/agent-github-action@v1 + if: inputs.dd-api-key != '' + name: Configure Datadog Test Optimization + uses: datadog/test-visibility-github-action@v2 with: + languages: ${{ inputs.dd-languages }} api_key: ${{ inputs.dd-api-key }} - datadog_site: ${{ inputs.datadog-site }} + site: ${{ inputs.dd-site }} From 2d702f8ce6d1cd4e03e70c1505c1b4e04537a6c8 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 9 Sep 2025 10:52:30 +0200 Subject: [PATCH 53/97] feat: add argo-workflow-wait action --- .../argo-workflows-cli-wait/action.yaml | 35 +++++++++++++++++++ .../argo-workflows-cli-wait/entrypoint.sh | 15 ++++++++ 2 files changed, 50 insertions(+) create mode 100644 .github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml create mode 100755 .github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh diff --git a/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml b/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml new file mode 100644 index 00000000..4ce966db --- /dev/null +++ b/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml @@ -0,0 +1,35 @@ +--- +name: 'Argo Workflows CLI Wait for workflow' +description: 'Argo Workflows commands for its CLI wait for workflow.' + +inputs: + argo_namespace: + description: 'Argo Workflows namespace.' + required: false + default: 'argo-workflows' + argo_server: + description: 'Argo Workflows server URL.' + required: false + default: 'argo-workflows.stg.fcm.digital:443' + argo_token: + description: 'Argo Workflows auth token.' + required: true + environment: + description: 'Environment.' + required: true + +runs: + using: "composite" + steps: + - id: workflow-wait + name: 'Argo Workflow Wait' + shell: bash + run: ${{ github.action_path }}/entrypoint.sh + env: + ARGO_NAMESPACE: ${{ inputs.argo_namespace }} + ARGO_SERVER: ${{ inputs.argo_server }} + ARGO_TOKEN: ${{ inputs.argo_token }} + ARGO_HTTP1: true + ARGO_SECURE: true + KUBECONFIG: /dev/null + ENVIRONMENTS: ${{ inputs.environments }} \ No newline at end of file diff --git a/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh b/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh new file mode 100755 index 00000000..32b187e1 --- /dev/null +++ b/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -euo pipefail + +echo "Waiting for Argo Workflow to complete" + +argo wait @latest -n $ENVIRONMENTS +if [[ $? -eq 0 ]]; then + echo "Argo Workflow submitted successfully" + argo get @latest -n $ENVIRONMENTS +else + echo "Argo Workflow failed" + exit 1 +fi + From e9d302f95fe5e6933ef0647ca1727712daf7ae8f Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 9 Sep 2025 14:57:31 +0200 Subject: [PATCH 54/97] feat: add labels input for argo-workflows-wait action --- .../argo-workflows-cli-wait/action.yaml | 7 ++++++- .../argo-workflows-cli-wait/entrypoint.sh | 11 ++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml b/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml index 4ce966db..131f22fc 100644 --- a/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml +++ b/.github/actions/argocd-deployment/argo-workflows-cli-wait/action.yaml @@ -17,6 +17,10 @@ inputs: environment: description: 'Environment.' required: true + labels: + description: 'Labels to be used for filtering.' + required: false + default: '' runs: using: "composite" @@ -32,4 +36,5 @@ runs: ARGO_HTTP1: true ARGO_SECURE: true KUBECONFIG: /dev/null - ENVIRONMENTS: ${{ inputs.environments }} \ No newline at end of file + ENVIRONMENTS: ${{ inputs.environments }} + LABELS: ${{ inputs.labels }} \ No newline at end of file diff --git a/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh b/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh index 32b187e1..018f50db 100755 --- a/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh +++ b/.github/actions/argocd-deployment/argo-workflows-cli-wait/entrypoint.sh @@ -2,12 +2,17 @@ set -euo pipefail -echo "Waiting for Argo Workflow to complete" +if [[ -z $LABELS ]]; then + LABELS="" +else + LABELS="-l $LABELS" +fi -argo wait @latest -n $ENVIRONMENTS +echo "Waiting for Argo Workflow to complete" +argo wait @latest -n $ENVIRONMENTS $LABELS if [[ $? -eq 0 ]]; then echo "Argo Workflow submitted successfully" - argo get @latest -n $ENVIRONMENTS + argo get @latest -n $ENVIRONMENTS $LABELS else echo "Argo Workflow failed" exit 1 From 48e852497dd2cb774a41317df4c51f64fb7da05b Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 11:31:49 +0200 Subject: [PATCH 55/97] feat: add terragrunt plan step for execute-terragrunt action --- .../execute-terragrunt/action.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/.github/actions/infrastructure/execute-terragrunt/action.yaml b/.github/actions/infrastructure/execute-terragrunt/action.yaml index 00fcd8b2..b353d30f 100644 --- a/.github/actions/infrastructure/execute-terragrunt/action.yaml +++ b/.github/actions/infrastructure/execute-terragrunt/action.yaml @@ -121,6 +121,27 @@ runs: workload_identity_provider: "projects/${{ inputs.gcp_wif_project_id }}/locations/global/workloadIdentityPools/${{ inputs.gcp_wif_pool }}/providers/${{ inputs.gcp_wif_provider }}" service_account: ${{ inputs.gcp_wif_service_account }} + - id: terragrunt-plan + if: inputs.terragrunt_command == 'plan' + name: Terragrunt Plan + uses: gruntwork-io/terragrunt-action@v2 + env: + INPUT_PRE_EXEC_1: | + git config --global url."https://x-access-token:${{ inputs.github_token }}@github.com/fcm-digital/".insteadOf "ssh://git@github.com/fcm-digital/" + git config --global url."https://github.com/".insteadOf "ssh://git@github.com/" + TG_NON_INTERACTIVE: true + OP_CONNECT_HOST: ${{ inputs.openpassword_host }} + OP_CONNECT_TOKEN: ${{ inputs.onepassword_token }} + ARGOCD_SERVER: ${{ inputs.argocd_host }} + ARGOCD_AUTH_TOKEN: ${{ inputs.argocd_token }} + with: + tg_version: ${{ inputs.terragrunt_version }} + tf_version: ${{ inputs.terraform_version || null }} + tofu_version: ${{ inputs.opentofu_version || null }} + tg_dir: ${{ inputs.terragrunt_path }} + tg_add_approve: 0 + tg_command: plan ${{ env.command_vars }} + - id: terragrunt-apply if: inputs.terragrunt_command == 'apply' name: Terragrunt Apply From 733b82850ad0804e96b23cf48cbf5df7be5eb238 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:29:19 +0200 Subject: [PATCH 56/97] create github workflow actions --- .../execute-manual-workflow/action.yaml | 65 +++++++++++++++++++ .../github/get-workflow-id/action.yaml | 53 +++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 .github/actions/github/execute-manual-workflow/action.yaml create mode 100644 .github/actions/github/get-workflow-id/action.yaml diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml new file mode 100644 index 00000000..66421817 --- /dev/null +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -0,0 +1,65 @@ +--- +name: 'Execute Manual Workflow' +description: 'Execute a manual workflow based on .' + +inputs: + branch_name: + description: 'The branch name to execute the workflow on.' + required: false + default: "master" + github_token: + description: 'The GitHub token to list workflows.' + required: true + github_organization_name: + description: 'The GitHub organization name.' + required: true + repository_name: + description: 'The repository name.' + required: true + workflow_id: + description: 'The workflow ID.' + required: true + workflow_inputs: + description: 'The workflow inputs.' + required: false + default: "" + +runs: + using: "composite" + steps: + - id: init-workflow-inputs + name: Init Workflow Inputs + env: + INPUTS: ${{ inputs.workflow_inputs }} + BRANCH_NAME: ${{ inputs.branch_name }} + run: | + if [[ ! -z $INPUTS ]]; then + FORMAT_INPUTS=$(echo ${INPUTS//,/'"', '"'}) + FORMAT_INPUTS=$(echo { '"'${FORMAT_INPUTS//=/'"': '"'}'"' }) + fi + + if [[ -z $FORMAT_INPUTS ]]; then + echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"'' + else + echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"', '"'inputs'"': '"'${FORMAT_INPUTS}'"'' + fi + shell: bash + + - id: exec-workflow + name: Execute Workflow + env: + EXEC_WORKFLOW_PARAMS: ${{ env.exec_workflow_params }} + run: | + curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ inputs.github_token }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + -X POST \ + https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ + -d '{ $EXEC_WORKFLOW_PARAMS }' + + if [[ $? -ne 0 ]]; then + echo "Failed to execute workflow $workflow_id for repository ${{ matrix.apps }}" + exit 1 + fi + shell: bash \ No newline at end of file diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml new file mode 100644 index 00000000..991d530e --- /dev/null +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -0,0 +1,53 @@ +--- +name: 'Get Workflow ID' +description: 'Get the ID of a GitHub workflow based on the workflow file name and repository.' + +inputs: + github_token: + description: 'The GitHub token to list workflows.' + required: true + github_organization_name: + description: 'The GitHub organization name.' + required: true + repository_name: + description: 'The repository name.' + required: true + workflow_file_name: + description: 'The workflow file name.' + required: true + +outputs: + workflow_id: + description: 'The workflow ID.' + value: ${{ steps.get-workflow-id.outputs.workflow_id }} + +runs: + using: "composite" + steps: + - id: list-workflows + name: List Workflows + run: | + WORKFLOWS_DATA=$(curl -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ inputs.github_token }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows) + + if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then + echo "Failed to list workflows" + exit 1 + fi + echo "workflows_data=$WORKFLOWS_DATA" >> $GITHUB_ENV + shell: bash + + - id: get-workflow-id + name: Get Workflow ID + run: | + WORKFLOW_ID=$(echo $workflows_data | jq '.workflows[] | select(.path | contains("${{ inputs.workflow_file_name }}"))' | jq '.id') + + if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then + echo "Failed to get workflow ID" + exit 1 + fi + echo "workflow_id=$WORKFLOW_ID" >> $GITHUB_OUTPUT + shell: bash \ No newline at end of file From 9934aaaaa5be212011bfd897a78eb32f050161d2 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:38:21 +0200 Subject: [PATCH 57/97] refactor: use environment variables for GitHub API calls --- .github/actions/github/get-workflow-id/action.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 991d530e..6b06e415 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -26,12 +26,16 @@ runs: steps: - id: list-workflows name: List Workflows + env: + GITHUB_TOKEN: ${{ inputs.github_token }} + GITHUB_ORGANIZATION_NAME: ${{ inputs.github_organization_name }} + REPOSITORY_NAME: ${{ inputs.repository_name }} run: | WORKFLOWS_DATA=$(curl -L \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ inputs.github_token }}" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows) + https://api.github.com/repos/$GITHUB_ORGANIZATION_NAME/$REPOSITORY_NAME/actions/workflows) if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then echo "Failed to list workflows" From 33a2c25720e92f90f3b5e08fc03d036e2cdb10bd Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:42:07 +0200 Subject: [PATCH 58/97] refactor: group functions to make it simple --- .github/actions/github/get-workflow-id/action.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 6b06e415..c18d30fe 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -30,6 +30,7 @@ runs: GITHUB_TOKEN: ${{ inputs.github_token }} GITHUB_ORGANIZATION_NAME: ${{ inputs.github_organization_name }} REPOSITORY_NAME: ${{ inputs.repository_name }} + WORKFLOW_FILE_NAME: ${{ inputs.workflow_file_name }} run: | WORKFLOWS_DATA=$(curl -L \ -H "Accept: application/vnd.github+json" \ @@ -41,13 +42,8 @@ runs: echo "Failed to list workflows" exit 1 fi - echo "workflows_data=$WORKFLOWS_DATA" >> $GITHUB_ENV - shell: bash - - id: get-workflow-id - name: Get Workflow ID - run: | - WORKFLOW_ID=$(echo $workflows_data | jq '.workflows[] | select(.path | contains("${{ inputs.workflow_file_name }}"))' | jq '.id') + WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq '.workflows[] | select(.path | contains("$WORKFLOW_FILE_NAME"))' | jq '.id') if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then echo "Failed to get workflow ID" From b6e2adcb39adab14f3f5361a3ddbd934e024c5df Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:47:51 +0200 Subject: [PATCH 59/97] test: display workflow info --- .github/actions/github/get-workflow-id/action.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index c18d30fe..b6a4e0de 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -43,6 +43,8 @@ runs: exit 1 fi + echo $WORKFLOWS_DATA + WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq '.workflows[] | select(.path | contains("$WORKFLOW_FILE_NAME"))' | jq '.id') if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then From 55fa8bdd56535eb108afd76040c79d7659c874fb Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:51:10 +0200 Subject: [PATCH 60/97] test: display more workflow info --- .github/actions/github/get-workflow-id/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index b6a4e0de..01f0587f 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -44,6 +44,7 @@ runs: fi echo $WORKFLOWS_DATA + echo $WORKFLOWS_DATA | jq '.workflows[]' WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq '.workflows[] | select(.path | contains("$WORKFLOW_FILE_NAME"))' | jq '.id') From 6223e59bc33c881ca435080670fb1b25f1c8231e Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:54:12 +0200 Subject: [PATCH 61/97] test: display more workflow info --- .../github/execute-manual-workflow/test.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 .github/actions/github/execute-manual-workflow/test.sh diff --git a/.github/actions/github/execute-manual-workflow/test.sh b/.github/actions/github/execute-manual-workflow/test.sh new file mode 100755 index 00000000..0187ec27 --- /dev/null +++ b/.github/actions/github/execute-manual-workflow/test.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +INPUTS="environment=performance,image_tag=master,TEST=TEST" +BRANCH_NAME="master" + +if [[ ! -z $INPUTS ]]; then + FORMAT_INPUTS=$(echo ${INPUTS//,/'"', '"'}) + FORMAT_INPUTS=$(echo { '"'${FORMAT_INPUTS//=/'"': '"'}'"' }) +fi + +if [[ -z $FORMAT_INPUTS ]]; then + echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"'' +else + echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"', '"'inputs'"': '"'${FORMAT_INPUTS}'"'' +fi From 43666e3a0bab825fd6997825c1879971d7b2116c Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 13:57:40 +0200 Subject: [PATCH 62/97] test: display more workflow info again --- .../github/execute-manual-workflow/test.sh | 17 ----------------- .../actions/github/get-workflow-id/action.yaml | 2 +- 2 files changed, 1 insertion(+), 18 deletions(-) delete mode 100755 .github/actions/github/execute-manual-workflow/test.sh diff --git a/.github/actions/github/execute-manual-workflow/test.sh b/.github/actions/github/execute-manual-workflow/test.sh deleted file mode 100755 index 0187ec27..00000000 --- a/.github/actions/github/execute-manual-workflow/test.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -INPUTS="environment=performance,image_tag=master,TEST=TEST" -BRANCH_NAME="master" - -if [[ ! -z $INPUTS ]]; then - FORMAT_INPUTS=$(echo ${INPUTS//,/'"', '"'}) - FORMAT_INPUTS=$(echo { '"'${FORMAT_INPUTS//=/'"': '"'}'"' }) -fi - -if [[ -z $FORMAT_INPUTS ]]; then - echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"'' -else - echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"', '"'inputs'"': '"'${FORMAT_INPUTS}'"'' -fi diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 01f0587f..1e2c6325 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -43,8 +43,8 @@ runs: exit 1 fi - echo $WORKFLOWS_DATA echo $WORKFLOWS_DATA | jq '.workflows[]' + echo $WORKFLOWS_DATA | jq '.workflows[].path' WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq '.workflows[] | select(.path | contains("$WORKFLOW_FILE_NAME"))' | jq '.id') From 1f64d2caa640981a3d35d943b3c7cedfd72d355e Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:12:04 +0200 Subject: [PATCH 63/97] fix: add params to jq query --- .github/actions/github/execute-manual-workflow/action.yaml | 2 ++ .github/actions/github/get-workflow-id/action.yaml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 66421817..dca59f01 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -50,6 +50,8 @@ runs: env: EXEC_WORKFLOW_PARAMS: ${{ env.exec_workflow_params }} run: | + echo $EXEC_WORKFLOW_PARAMS + curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ inputs.github_token }}" \ diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 1e2c6325..ec931cef 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -46,7 +46,7 @@ runs: echo $WORKFLOWS_DATA | jq '.workflows[]' echo $WORKFLOWS_DATA | jq '.workflows[].path' - WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq '.workflows[] | select(.path | contains("$WORKFLOW_FILE_NAME"))' | jq '.id') + WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "$WORKFLOW_FILE_NAME" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then echo "Failed to get workflow ID" From d553158cacdd3bfd1ac357b81117aa7ca1280d3f Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:24:27 +0200 Subject: [PATCH 64/97] test: check curl output to figure out http status --- .../actions/github/execute-manual-workflow/action.yaml | 9 ++++++--- .github/actions/github/get-workflow-id/action.yaml | 3 --- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index dca59f01..2403b92f 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -20,7 +20,7 @@ inputs: description: 'The workflow ID.' required: true workflow_inputs: - description: 'The workflow inputs.' + description: 'The workflow inputs. Valid format: "key1=value1,key2=value2"' required: false default: "" @@ -52,13 +52,16 @@ runs: run: | echo $EXEC_WORKFLOW_PARAMS - curl -L \ + WORKFLOW_OUTPUT$(curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ inputs.github_token }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ -X POST \ https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ - -d '{ $EXEC_WORKFLOW_PARAMS }' + -d '{ $EXEC_WORKFLOW_PARAMS }') + + echo $WORKFLOW_OUTPUT + echo $WORKFLOW_OUTPUT | jq '.status' if [[ $? -ne 0 ]]; then echo "Failed to execute workflow $workflow_id for repository ${{ matrix.apps }}" diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index ec931cef..c6aa527c 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -43,9 +43,6 @@ runs: exit 1 fi - echo $WORKFLOWS_DATA | jq '.workflows[]' - echo $WORKFLOWS_DATA | jq '.workflows[].path' - WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "$WORKFLOW_FILE_NAME" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then From dd736dd6cf4940bdd4be803408f9ddbbae7fe004 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:25:55 +0200 Subject: [PATCH 65/97] fix: add missing = --- .github/actions/github/execute-manual-workflow/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 2403b92f..0ae4c8a2 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -52,7 +52,7 @@ runs: run: | echo $EXEC_WORKFLOW_PARAMS - WORKFLOW_OUTPUT$(curl -L \ + WORKFLOW_OUTPUT=$(curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ inputs.github_token }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ @@ -61,7 +61,7 @@ runs: -d '{ $EXEC_WORKFLOW_PARAMS }') echo $WORKFLOW_OUTPUT - echo $WORKFLOW_OUTPUT | jq '.status' + echo $WORKFLOW_OUTPUT | jq '.status') if [[ $? -ne 0 ]]; then echo "Failed to execute workflow $workflow_id for repository ${{ matrix.apps }}" From e10f305b9ca1f8e4c120bd6375d7649bc4993fe2 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:27:35 +0200 Subject: [PATCH 66/97] test: add echoes --- .github/actions/github/execute-manual-workflow/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 0ae4c8a2..1ebbc8cd 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -60,8 +60,8 @@ runs: https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ -d '{ $EXEC_WORKFLOW_PARAMS }') - echo $WORKFLOW_OUTPUT - echo $WORKFLOW_OUTPUT | jq '.status') + echo "WORKFLOW_OUTPUT: $WORKFLOW_OUTPUT" + echo "STATUS: $(echo $WORKFLOW_OUTPUT | jq '.status')" if [[ $? -ne 0 ]]; then echo "Failed to execute workflow $workflow_id for repository ${{ matrix.apps }}" From 9dc1c42ecae345fced790de0bed60bba630cc5ab Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:30:47 +0200 Subject: [PATCH 67/97] feat: add http status control --- .github/actions/github/execute-manual-workflow/action.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 1ebbc8cd..46d433eb 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -60,10 +60,9 @@ runs: https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ -d '{ $EXEC_WORKFLOW_PARAMS }') - echo "WORKFLOW_OUTPUT: $WORKFLOW_OUTPUT" - echo "STATUS: $(echo $WORKFLOW_OUTPUT | jq '.status')" - - if [[ $? -ne 0 ]]; then + WORKFLOW_CURL_STATUS=$(echo $WORKFLOW_OUTPUT | jq '.status') + #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes + if [[ $? -ne 0 ]] || [[ "$WORKFLOW_CURL_STATUS" != "204" ]]; then echo "Failed to execute workflow $workflow_id for repository ${{ matrix.apps }}" exit 1 fi From 00c0aab3d8c91440a232466b6defc43e11cf3a59 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:32:23 +0200 Subject: [PATCH 68/97] chore: improve echo message --- .github/actions/github/execute-manual-workflow/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 46d433eb..218c7861 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -63,7 +63,7 @@ runs: WORKFLOW_CURL_STATUS=$(echo $WORKFLOW_OUTPUT | jq '.status') #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes if [[ $? -ne 0 ]] || [[ "$WORKFLOW_CURL_STATUS" != "204" ]]; then - echo "Failed to execute workflow $workflow_id for repository ${{ matrix.apps }}" + echo "Failed to execute workflow ${{ inputs.workflow_id }} for repository ${{ inputs.repository_name }}" exit 1 fi shell: bash \ No newline at end of file From f8272296214a38c46cd65abfbe3b29ee4cb38722 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:51:23 +0200 Subject: [PATCH 69/97] fix: update wrong output refs --- .../actions/github/execute-manual-workflow/action.yaml | 9 ++++++--- .github/actions/github/get-workflow-id/action.yaml | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 218c7861..2bb2c7ce 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -38,10 +38,12 @@ runs: FORMAT_INPUTS=$(echo { '"'${FORMAT_INPUTS//=/'"': '"'}'"' }) fi + echo "format_inputs: $FORMAT_INPUTS" + if [[ -z $FORMAT_INPUTS ]]; then - echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"'' + echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"'' >> $GITHUB_ENV else - echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"', '"'inputs'"': '"'${FORMAT_INPUTS}'"'' + echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"', '"'inputs'"': '"'${FORMAT_INPUTS}'"'' >> $GITHUB_ENV fi shell: bash @@ -50,7 +52,7 @@ runs: env: EXEC_WORKFLOW_PARAMS: ${{ env.exec_workflow_params }} run: | - echo $EXEC_WORKFLOW_PARAMS + echo "exec_workflow_params: $EXEC_WORKFLOW_PARAMS" WORKFLOW_OUTPUT=$(curl -L \ -H "Accept: application/vnd.github+json" \ @@ -64,6 +66,7 @@ runs: #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes if [[ $? -ne 0 ]] || [[ "$WORKFLOW_CURL_STATUS" != "204" ]]; then echo "Failed to execute workflow ${{ inputs.workflow_id }} for repository ${{ inputs.repository_name }}" + echo "Error: $WORKFLOW_OUTPUT" exit 1 fi shell: bash \ No newline at end of file diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index c6aa527c..350b512a 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -24,8 +24,8 @@ outputs: runs: using: "composite" steps: - - id: list-workflows - name: List Workflows + - id: get-workflow-id + name: Get Workflow ID env: GITHUB_TOKEN: ${{ inputs.github_token }} GITHUB_ORGANIZATION_NAME: ${{ inputs.github_organization_name }} From 8af55e28f14c77081d56a47cc6962487340eb94b Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 14:59:31 +0200 Subject: [PATCH 70/97] fix: string format --- .github/actions/github/execute-manual-workflow/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 2bb2c7ce..ced47dd9 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -41,9 +41,9 @@ runs: echo "format_inputs: $FORMAT_INPUTS" if [[ -z $FORMAT_INPUTS ]]; then - echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"'' >> $GITHUB_ENV + echo 'exec_workflow_params="ref": "${BRANCH_NAME}"' >> $GITHUB_ENV else - echo 'exec_workflow_params='"'ref'"': '"'${BRANCH_NAME}'"', '"'inputs'"': '"'${FORMAT_INPUTS}'"'' >> $GITHUB_ENV + echo 'exec_workflow_params="ref": "${BRANCH_NAME}", "inputs": ${FORMAT_INPUTS}' >> $GITHUB_ENV fi shell: bash From 1c9155405e31aaa81a929e1e8bfcfe04c6dea0c7 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 15:03:58 +0200 Subject: [PATCH 71/97] fix: string format again --- .github/actions/github/execute-manual-workflow/action.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index ced47dd9..501b8b05 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -41,9 +41,9 @@ runs: echo "format_inputs: $FORMAT_INPUTS" if [[ -z $FORMAT_INPUTS ]]; then - echo 'exec_workflow_params="ref": "${BRANCH_NAME}"' >> $GITHUB_ENV + echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'"' >> $GITHUB_ENV else - echo 'exec_workflow_params="ref": "${BRANCH_NAME}", "inputs": ${FORMAT_INPUTS}' >> $GITHUB_ENV + echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'", "inputs": "'"${FORMAT_INPUTS}"'"' >> $GITHUB_ENV fi shell: bash From 2cee17196c8b8d90f117bec728a4498fe2081c55 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Wed, 10 Sep 2025 15:08:10 +0200 Subject: [PATCH 72/97] fix: string format again --- .github/actions/github/execute-manual-workflow/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 501b8b05..ea2c3616 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -43,7 +43,7 @@ runs: if [[ -z $FORMAT_INPUTS ]]; then echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'"' >> $GITHUB_ENV else - echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'", "inputs": "'"${FORMAT_INPUTS}"'"' >> $GITHUB_ENV + echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'", "inputs": '${FORMAT_INPUTS}'' >> $GITHUB_ENV fi shell: bash From 1b10fa933fa1d1969affb1774711ea01d9458a6e Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 09:16:52 +0200 Subject: [PATCH 73/97] docs: add some comments --- .github/actions/github/execute-manual-workflow/action.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index ea2c3616..85f37ce6 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -33,6 +33,7 @@ runs: INPUTS: ${{ inputs.workflow_inputs }} BRANCH_NAME: ${{ inputs.branch_name }} run: | + #? "key1=value1,key2=value2" -> {"key1": "value1", "key2": "value2"} if [[ ! -z $INPUTS ]]; then FORMAT_INPUTS=$(echo ${INPUTS//,/'"', '"'}) FORMAT_INPUTS=$(echo { '"'${FORMAT_INPUTS//=/'"': '"'}'"' }) @@ -41,8 +42,10 @@ runs: echo "format_inputs: $FORMAT_INPUTS" if [[ -z $FORMAT_INPUTS ]]; then + #? "ref": "branch_name" echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'"' >> $GITHUB_ENV else + #? "ref": "branch_name", "inputs": {"key1": "value1", "key2": "value2"} echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'", "inputs": '${FORMAT_INPUTS}'' >> $GITHUB_ENV fi shell: bash @@ -53,14 +56,14 @@ runs: EXEC_WORKFLOW_PARAMS: ${{ env.exec_workflow_params }} run: | echo "exec_workflow_params: $EXEC_WORKFLOW_PARAMS" - + WORKFLOW_OUTPUT=$(curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ inputs.github_token }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ -X POST \ https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ - -d '{ $EXEC_WORKFLOW_PARAMS }') + -d '{ '$EXEC_WORKFLOW_PARAMS' }') WORKFLOW_CURL_STATUS=$(echo $WORKFLOW_OUTPUT | jq '.status') #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes From cb4588e234e826abe3ebbf78cce9f7f77728027c Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 09:22:50 +0200 Subject: [PATCH 74/97] format code --- .../github/execute-manual-workflow/action.yaml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 85f37ce6..b10c29e7 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -33,27 +33,25 @@ runs: INPUTS: ${{ inputs.workflow_inputs }} BRANCH_NAME: ${{ inputs.branch_name }} run: | - #? "key1=value1,key2=value2" -> {"key1": "value1", "key2": "value2"} + #? "key1=value1,key2=value2" -> {"key1":"value1","key2":"value2"} if [[ ! -z $INPUTS ]]; then - FORMAT_INPUTS=$(echo ${INPUTS//,/'"', '"'}) - FORMAT_INPUTS=$(echo { '"'${FORMAT_INPUTS//=/'"': '"'}'"' }) + FORMAT_INPUTS=$(echo ${INPUTS//,/'"','"'}) + FORMAT_INPUTS=$(echo {'"'${FORMAT_INPUTS//=/'"':'"'}'"'}) fi echo "format_inputs: $FORMAT_INPUTS" if [[ -z $FORMAT_INPUTS ]]; then - #? "ref": "branch_name" - echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'"' >> $GITHUB_ENV + #? "ref":"branch_name" + echo 'exec_workflow_params="ref":"'"${BRANCH_NAME}"'"' >> $GITHUB_ENV else - #? "ref": "branch_name", "inputs": {"key1": "value1", "key2": "value2"} - echo 'exec_workflow_params="ref": "'"${BRANCH_NAME}"'", "inputs": '${FORMAT_INPUTS}'' >> $GITHUB_ENV + #? "ref":"branch_name","inputs":{"key1":"value1","key2":"value2"} + echo 'exec_workflow_params="ref":"'"${BRANCH_NAME}"'","inputs":'${FORMAT_INPUTS}'' >> $GITHUB_ENV fi shell: bash - id: exec-workflow name: Execute Workflow - env: - EXEC_WORKFLOW_PARAMS: ${{ env.exec_workflow_params }} run: | echo "exec_workflow_params: $EXEC_WORKFLOW_PARAMS" @@ -63,7 +61,7 @@ runs: -H "X-GitHub-Api-Version: 2022-11-28" \ -X POST \ https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ - -d '{ '$EXEC_WORKFLOW_PARAMS' }') + -d '${{ env.exec_workflow_params }}') WORKFLOW_CURL_STATUS=$(echo $WORKFLOW_OUTPUT | jq '.status') #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes From 5eb6a49ff4d541d6707e2c9ae08d3e652d7c29a1 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 09:25:40 +0200 Subject: [PATCH 75/97] updat -d args --- .github/actions/github/execute-manual-workflow/action.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index b10c29e7..3e55f636 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -53,15 +53,13 @@ runs: - id: exec-workflow name: Execute Workflow run: | - echo "exec_workflow_params: $EXEC_WORKFLOW_PARAMS" - WORKFLOW_OUTPUT=$(curl -L \ -H "Accept: application/vnd.github+json" \ -H "Authorization: Bearer ${{ inputs.github_token }}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ -X POST \ https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ - -d '${{ env.exec_workflow_params }}') + -d '{ ${{ env.exec_workflow_params }} }') WORKFLOW_CURL_STATUS=$(echo $WORKFLOW_OUTPUT | jq '.status') #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes From ee2eff7d79701414f0d4323f9a10b51155b452a8 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 14:35:23 +0200 Subject: [PATCH 76/97] format: use gh instead of curl --- .github/actions/github/get-workflow-id/action.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 350b512a..c7588ad9 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -27,22 +27,23 @@ runs: - id: get-workflow-id name: Get Workflow ID env: - GITHUB_TOKEN: ${{ inputs.github_token }} + GH_TOKEN: ${{ inputs.github_token }} GITHUB_ORGANIZATION_NAME: ${{ inputs.github_organization_name }} REPOSITORY_NAME: ${{ inputs.repository_name }} WORKFLOW_FILE_NAME: ${{ inputs.workflow_file_name }} run: | - WORKFLOWS_DATA=$(curl -L \ + WORKFLOWS_DATA=$(gh api \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/$GITHUB_ORGANIZATION_NAME/$REPOSITORY_NAME/actions/workflows) + /repos/$GITHUB_ORGANIZATION_NAME/$REPOSITORY_NAME/actions/workflows) if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then echo "Failed to list workflows" exit 1 fi + echo "WORKFLOWS_DATA: $WORKFLOWS_DATA" + WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "$WORKFLOW_FILE_NAME" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then From 9e400f3fbf02b5523ec829accf4ae670d25e083b Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 15:16:39 +0200 Subject: [PATCH 77/97] include gh auth status step --- .github/actions/github/get-workflow-id/action.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index c7588ad9..5d5bb66d 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -32,6 +32,13 @@ runs: REPOSITORY_NAME: ${{ inputs.repository_name }} WORKFLOW_FILE_NAME: ${{ inputs.workflow_file_name }} run: | + gh auth status + + if [[ $? -ne 0 ]]; then + echo "Failed to authenticate with GitHub" + exit 1 + fi + WORKFLOWS_DATA=$(gh api \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ From dd807487e1691357102ea98cf02cb3b7b545b397 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 15:23:47 +0200 Subject: [PATCH 78/97] test gh api request --- .../github/get-workflow-id/action.yaml | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 5d5bb66d..71da256c 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -39,23 +39,23 @@ runs: exit 1 fi - WORKFLOWS_DATA=$(gh api \ + gh api \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/$GITHUB_ORGANIZATION_NAME/$REPOSITORY_NAME/actions/workflows) + /repos/$GITHUB_ORGANIZATION_NAME/$REPOSITORY_NAME/actions/workflows - if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then - echo "Failed to list workflows" - exit 1 - fi + # if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then + # echo "Failed to list workflows" + # exit 1 + # fi - echo "WORKFLOWS_DATA: $WORKFLOWS_DATA" + # echo "WORKFLOWS_DATA: $WORKFLOWS_DATA" - WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "$WORKFLOW_FILE_NAME" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') + # WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "$WORKFLOW_FILE_NAME" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') - if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then - echo "Failed to get workflow ID" - exit 1 - fi - echo "workflow_id=$WORKFLOW_ID" >> $GITHUB_OUTPUT + # if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then + # echo "Failed to get workflow ID" + # exit 1 + # fi + # echo "workflow_id=$WORKFLOW_ID" >> $GITHUB_OUTPUT shell: bash \ No newline at end of file From 97110deaa3878d40373d7195a5d50d6217b57bf4 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 15:27:19 +0200 Subject: [PATCH 79/97] remove envs --- .github/actions/github/get-workflow-id/action.yaml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 71da256c..2aed5b6d 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -28,21 +28,11 @@ runs: name: Get Workflow ID env: GH_TOKEN: ${{ inputs.github_token }} - GITHUB_ORGANIZATION_NAME: ${{ inputs.github_organization_name }} - REPOSITORY_NAME: ${{ inputs.repository_name }} - WORKFLOW_FILE_NAME: ${{ inputs.workflow_file_name }} run: | - gh auth status - - if [[ $? -ne 0 ]]; then - echo "Failed to authenticate with GitHub" - exit 1 - fi - gh api \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/$GITHUB_ORGANIZATION_NAME/$REPOSITORY_NAME/actions/workflows + /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows # if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then # echo "Failed to list workflows" @@ -51,7 +41,7 @@ runs: # echo "WORKFLOWS_DATA: $WORKFLOWS_DATA" - # WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "$WORKFLOW_FILE_NAME" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') + # WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "${{ inputs.workflow_file_name }}" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') # if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then # echo "Failed to get workflow ID" From 795bcb63f1141be42cc8528d2cf554c0ac823ef9 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 15:42:06 +0200 Subject: [PATCH 80/97] format gh query --- .github/actions/github/get-workflow-id/action.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 2aed5b6d..30809d7b 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -29,10 +29,12 @@ runs: env: GH_TOKEN: ${{ inputs.github_token }} run: | - gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows + gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name + + # gh api \ + # -H "Accept: application/vnd.github+json" \ + # -H "X-GitHub-Api-Version: 2022-11-28" \ + # /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows # if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then # echo "Failed to list workflows" From faeca9c0fafda7df5e47ec5c838419b2e93a2d6c Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Thu, 11 Sep 2025 15:45:20 +0200 Subject: [PATCH 81/97] debug gh query --- .github/actions/github/get-workflow-id/action.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 30809d7b..cf428aca 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -28,7 +28,9 @@ runs: name: Get Workflow ID env: GH_TOKEN: ${{ inputs.github_token }} + GH_DEBUG: api run: | + gh auth status gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name # gh api \ From 41fa14880e3bef5fee494bf23fe6ad3de1e38bdc Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 09:54:39 +0200 Subject: [PATCH 82/97] update gh api request --- .github/actions/github/get-workflow-id/action.yaml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index cf428aca..c40e2adc 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -31,12 +31,13 @@ runs: GH_DEBUG: api run: | gh auth status - gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name - # gh api \ - # -H "Accept: application/vnd.github+json" \ - # -H "X-GitHub-Api-Version: 2022-11-28" \ - # /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows + gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows + + # gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name # if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then # echo "Failed to list workflows" From 24cc4c6781f2b090e3cb8787cb3ab3812b6c42d1 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 10:24:10 +0200 Subject: [PATCH 83/97] add gh auth token command for testing --- .github/actions/github/get-workflow-id/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index c40e2adc..a2390ce8 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -31,6 +31,7 @@ runs: GH_DEBUG: api run: | gh auth status + gh auth token gh api \ -H "Accept: application/vnd.github+json" \ From ffe4ec0a3965d07e624585dc5dc76e7d4a9d0db8 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 10:35:35 +0200 Subject: [PATCH 84/97] add gh login command for testing --- .github/actions/github/get-workflow-id/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index a2390ce8..e372a771 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -30,8 +30,8 @@ runs: GH_TOKEN: ${{ inputs.github_token }} GH_DEBUG: api run: | + gh auth login --with-token ${{ inputs.github_token }} gh auth status - gh auth token gh api \ -H "Accept: application/vnd.github+json" \ From 8f612ec8b2349c79d2ab6c6347f40bed5e52c0d0 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 10:38:13 +0200 Subject: [PATCH 85/97] add < for token input --- .github/actions/github/get-workflow-id/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index e372a771..f35a9e59 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -30,7 +30,7 @@ runs: GH_TOKEN: ${{ inputs.github_token }} GH_DEBUG: api run: | - gh auth login --with-token ${{ inputs.github_token }} + gh auth login --with-token < "${{ inputs.github_token }}" gh auth status gh api \ From 6dbcefbc3a2b95882791564c1b684691ab396420 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 10:40:50 +0200 Subject: [PATCH 86/97] remove login command --- .github/actions/github/get-workflow-id/action.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index f35a9e59..c40e2adc 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -30,7 +30,6 @@ runs: GH_TOKEN: ${{ inputs.github_token }} GH_DEBUG: api run: | - gh auth login --with-token < "${{ inputs.github_token }}" gh auth status gh api \ From 3c40c19ebe710454da6dc8279a9f76b2998eb950 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 11:05:07 +0200 Subject: [PATCH 87/97] add generate gh token step --- .../github/get-workflow-id/action.yaml | 30 ++++++++++++++----- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index c40e2adc..5545cafb 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -3,9 +3,15 @@ name: 'Get Workflow ID' description: 'Get the ID of a GitHub workflow based on the workflow file name and repository.' inputs: + github_app_id: + description: 'The GitHub App ID. (Required if github_token is not provided)' + required: false + github_app_private_key: + description: 'The GitHub App private key. (Required if github_token is not provided)' + required: false github_token: - description: 'The GitHub token to list workflows.' - required: true + description: 'The GitHub Token. (Required if github_app_id and github_app_private_key are not provided)' + required: false github_organization_name: description: 'The GitHub organization name.' required: true @@ -24,20 +30,28 @@ outputs: runs: using: "composite" steps: + - name: Generate a GH Token + if: inputs.github_token == '' && inputs.github_app_id != '' && inputs.github_app_private_key != '' + id: generate-gh-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ inputs.github_app_id }} + private-key: ${{ inputs.github_app_private_key }} + - id: get-workflow-id name: Get Workflow ID env: - GH_TOKEN: ${{ inputs.github_token }} + GH_TOKEN: ${{ steps.generate-gh-token.outputs.token || inputs.github_token }} GH_DEBUG: api run: | gh auth status - gh api \ - -H "Accept: application/vnd.github+json" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows + # gh api \ + # -H "Accept: application/vnd.github+json" \ + # -H "X-GitHub-Api-Version: 2022-11-28" \ + # /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows - # gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name + gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name # if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then # echo "Failed to list workflows" From 7e55cb53043bdcf7fb475aabe1e5c343ca9c2feb Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Fri, 12 Sep 2025 11:08:18 +0200 Subject: [PATCH 88/97] add owner and repositories inputs --- .github/actions/github/get-workflow-id/action.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 5545cafb..92dbad5e 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -37,6 +37,8 @@ runs: with: app-id: ${{ inputs.github_app_id }} private-key: ${{ inputs.github_app_private_key }} + owner: ${{ inputs.github_organization_name }} + repositories: ${{ inputs.repository_name }} - id: get-workflow-id name: Get Workflow ID From 4fc0764977cd7fd74e6c09aa821c8be60e0e2a2d Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 15 Sep 2025 10:48:32 +0200 Subject: [PATCH 89/97] split action into 3 different github actions --- .../execute-manual-workflow/action.yaml | 56 ++++++------------- .../generate-github-app-token/action.yaml | 44 +++++++++++++++ .../github/get-workflow-id/action.yaml | 55 +++++------------- 3 files changed, 75 insertions(+), 80 deletions(-) create mode 100644 .github/actions/github/generate-github-app-token/action.yaml diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 3e55f636..ea68c35f 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -8,64 +8,40 @@ inputs: required: false default: "master" github_token: - description: 'The GitHub token to list workflows.' - required: true + description: 'The GitHub Token. (Required if github_app_id and github_app_private_key are not provided)' + required: false github_organization_name: description: 'The GitHub organization name.' required: true - repository_name: + github_repository_name: description: 'The repository name.' required: true workflow_id: description: 'The workflow ID.' required: true workflow_inputs: - description: 'The workflow inputs. Valid format: "key1=value1,key2=value2"' + description: 'The workflow inputs. Valid format: "--field key1=value1 --field key2=value2"' required: false default: "" + workflow_watch: + description: 'Whether to watch the workflow run or not. If true, the workflow will wait for the workflow to finish.' + required: false + default: "true" runs: using: "composite" steps: - - id: init-workflow-inputs - name: Init Workflow Inputs + - id: exec-workflow + name: Execute Workflow env: - INPUTS: ${{ inputs.workflow_inputs }} - BRANCH_NAME: ${{ inputs.branch_name }} + GH_TOKEN: ${{ inputs.github_token }} run: | - #? "key1=value1,key2=value2" -> {"key1":"value1","key2":"value2"} - if [[ ! -z $INPUTS ]]; then - FORMAT_INPUTS=$(echo ${INPUTS//,/'"','"'}) - FORMAT_INPUTS=$(echo {'"'${FORMAT_INPUTS//=/'"':'"'}'"'}) - fi - - echo "format_inputs: $FORMAT_INPUTS" - - if [[ -z $FORMAT_INPUTS ]]; then - #? "ref":"branch_name" - echo 'exec_workflow_params="ref":"'"${BRANCH_NAME}"'"' >> $GITHUB_ENV - else - #? "ref":"branch_name","inputs":{"key1":"value1","key2":"value2"} - echo 'exec_workflow_params="ref":"'"${BRANCH_NAME}"'","inputs":'${FORMAT_INPUTS}'' >> $GITHUB_ENV - fi + gh workflow run --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} ${{ inputs.workflow_id }} --ref ${{ inputs.branch_name }} ${{ inputs.workflow_inputs }} shell: bash - - id: exec-workflow - name: Execute Workflow + - id: watch-workflow + if: inputs.workflow_watch == 'true' + name: Watch Workflow run: | - WORKFLOW_OUTPUT=$(curl -L \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ inputs.github_token }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - -X POST \ - https://api.github.com/repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows/${{ inputs.workflow_id }}/dispatches \ - -d '{ ${{ env.exec_workflow_params }} }') - - WORKFLOW_CURL_STATUS=$(echo $WORKFLOW_OUTPUT | jq '.status') - #? https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event--status-codes - if [[ $? -ne 0 ]] || [[ "$WORKFLOW_CURL_STATUS" != "204" ]]; then - echo "Failed to execute workflow ${{ inputs.workflow_id }} for repository ${{ inputs.repository_name }}" - echo "Error: $WORKFLOW_OUTPUT" - exit 1 - fi + echo "Workflow is running." shell: bash \ No newline at end of file diff --git a/.github/actions/github/generate-github-app-token/action.yaml b/.github/actions/github/generate-github-app-token/action.yaml new file mode 100644 index 00000000..cefab23c --- /dev/null +++ b/.github/actions/github/generate-github-app-token/action.yaml @@ -0,0 +1,44 @@ +--- +name: 'Generate GitHub App Token' +description: 'Generate a GitHub App token based on the GitHub App ID and private key.' + +inputs: + github_app_id: + description: 'The GitHub App ID.' + required: true + github_app_private_key: + description: 'The GitHub App private key.' + required: true + github_organization_name: + description: 'The GitHub organization name.' + required: true + github_repositories: + description: 'The GitHub repositories names to grant access to.' + required: true + +outputs: + gh_token: + description: 'The GitHub App token.' + value: ${{ steps.generate-gh-token.outputs.token }} + +runs: + using: "composite" + steps: + - name: Generate a GH Token + id: generate-gh-token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ inputs.github_app_id }} + private-key: ${{ inputs.github_app_private_key }} + owner: ${{ inputs.github_organization_name }} + repositories: ${{ inputs.github_repositories }} + + - name: Test Token + run: | + gh auth status + if [[ $? -ne 0 ]]; then + echo "Failed to get GitHub App Token using GH App ID: ${{ inputs.github_app_id }} credentials." + exit 1 + fi + shell: bash + \ No newline at end of file diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 92dbad5e..961944cb 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -3,19 +3,13 @@ name: 'Get Workflow ID' description: 'Get the ID of a GitHub workflow based on the workflow file name and repository.' inputs: - github_app_id: - description: 'The GitHub App ID. (Required if github_token is not provided)' - required: false - github_app_private_key: - description: 'The GitHub App private key. (Required if github_token is not provided)' - required: false github_token: - description: 'The GitHub Token. (Required if github_app_id and github_app_private_key are not provided)' + description: 'The GitHub Token.' required: false github_organization_name: description: 'The GitHub organization name.' required: true - repository_name: + github_repository_name: description: 'The repository name.' required: true workflow_file_name: @@ -30,43 +24,24 @@ outputs: runs: using: "composite" steps: - - name: Generate a GH Token - if: inputs.github_token == '' && inputs.github_app_id != '' && inputs.github_app_private_key != '' - id: generate-gh-token - uses: actions/create-github-app-token@v2 - with: - app-id: ${{ inputs.github_app_id }} - private-key: ${{ inputs.github_app_private_key }} - owner: ${{ inputs.github_organization_name }} - repositories: ${{ inputs.repository_name }} - - id: get-workflow-id name: Get Workflow ID env: - GH_TOKEN: ${{ steps.generate-gh-token.outputs.token || inputs.github_token }} - GH_DEBUG: api + GH_TOKEN: ${{ inputs.github_token }} + GH_OUTPUT_FILE_NAME: gh-output.json run: | - gh auth status - - # gh api \ - # -H "Accept: application/vnd.github+json" \ - # -H "X-GitHub-Api-Version: 2022-11-28" \ - # /repos/${{ inputs.github_organization_name }}/${{ inputs.repository_name }}/actions/workflows - - gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.repository_name }} --json id,name - - # if [[ $? -ne 0 ]] || [[ -z $WORKFLOWS_DATA ]]; then - # echo "Failed to list workflows" - # exit 1 - # fi + gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --json id,path) > $GH_OUTPUT_FILE_NAME - # echo "WORKFLOWS_DATA: $WORKFLOWS_DATA" + if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then + echo "Failed to list workflows" + exit 1 + fi - # WORKFLOW_ID=$(echo $WORKFLOWS_DATA | jq --arg workflowFileName "${{ inputs.workflow_file_name }}" '.workflows[] | select(.path | contains($workflowFileName))' | jq '.id') + WORKFLOW_ID=$(cat $GH_OUTPUT_FILE_NAME | jq --arg workflowFileName "${{ inputs.workflow_file_name }}" '.[] | select(.path | contains($workflowFileName))' | jq '.id') - # if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then - # echo "Failed to get workflow ID" - # exit 1 - # fi - # echo "workflow_id=$WORKFLOW_ID" >> $GITHUB_OUTPUT + if [[ $? -ne 0 ]] || [[ -z $WORKFLOW_ID ]]; then + echo "Failed to get workflow ID" + exit 1 + fi + echo "workflow_id=$WORKFLOW_ID" >> $GITHUB_OUTPUT shell: bash \ No newline at end of file From 3ad3ebc8f71af7dd88c55ecfd0b76cc4c86bcea5 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 15 Sep 2025 10:50:51 +0200 Subject: [PATCH 90/97] add output message --- .github/actions/github/generate-github-app-token/action.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/github/generate-github-app-token/action.yaml b/.github/actions/github/generate-github-app-token/action.yaml index cefab23c..ef1122d7 100644 --- a/.github/actions/github/generate-github-app-token/action.yaml +++ b/.github/actions/github/generate-github-app-token/action.yaml @@ -39,6 +39,8 @@ runs: if [[ $? -ne 0 ]]; then echo "Failed to get GitHub App Token using GH App ID: ${{ inputs.github_app_id }} credentials." exit 1 + else + echo "GitHub App Token generated successfully. Token saved to output 'gh_token'." fi shell: bash \ No newline at end of file From 053749906bd912e3a4cc51d50b74afca2d5614eb Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 15 Sep 2025 10:52:12 +0200 Subject: [PATCH 91/97] fix typo --- .github/actions/github/get-workflow-id/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 961944cb..2091e816 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -30,7 +30,7 @@ runs: GH_TOKEN: ${{ inputs.github_token }} GH_OUTPUT_FILE_NAME: gh-output.json run: | - gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --json id,path) > $GH_OUTPUT_FILE_NAME + gh workflow list --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --json id,path > $GH_OUTPUT_FILE_NAME if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then echo "Failed to list workflows" From 9e5f47d1b671b95f7dde1611e77993dd69dd5c79 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 15 Sep 2025 14:37:32 +0200 Subject: [PATCH 92/97] add gh watch workflow execution step --- .../execute-manual-workflow/action.yaml | 28 +++++++++++++++++-- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index ea68c35f..c4cef3df 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -24,9 +24,14 @@ inputs: required: false default: "" workflow_watch: - description: 'Whether to watch the workflow run or not. If true, the workflow will wait for the workflow to finish.' + description: 'Whether to watch the workflow run or not. If true, the workflow will wait for the new workflow to finish.' required: false - default: "true" + default: "false" + # This input is necessary because `gh workflow run` doesn't return the database ID of the workflow run and `gh run watch` requires the database ID. + workflow_watch_name_filter: + description: 'Filter the workflow run by name (Only available if workflow_watch is true).' + required: false + default: "" runs: using: "composite" @@ -42,6 +47,23 @@ runs: - id: watch-workflow if: inputs.workflow_watch == 'true' name: Watch Workflow + env: + GH_TOKEN: ${{ inputs.github_token }} + GH_OUTPUT_FILE_NAME: gh-output.json run: | - echo "Workflow is running." + gh run list --workflow=${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --json name,databaseId > $GH_OUTPUT_FILE_NAME + + if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then + echo "Failed to list workflow runs" + exit 1 + fi + + WORKFLOW_RUN_DBID=$(cat $GH_OUTPUT_FILE_NAME | jq --arg name "${{ inputs.workflow_watch_name_filter }}" '.[] | select(.name | contains($name))' | jq '.databaseId') + + if [[ -z "$WORKFLOW_RUN_DBID" ]]; then + echo "Failed to get workflow run database ID" + exit 1 + fi + + gh run watch --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} $WORKFLOW_RUN_DBID shell: bash \ No newline at end of file From 0ab8eaceae5797a81da265adfb8ca3cb9ec45e9c Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 15 Sep 2025 15:26:11 +0200 Subject: [PATCH 93/97] enable debug --- .github/actions/github/execute-manual-workflow/action.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index c4cef3df..a122ac5b 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -39,6 +39,7 @@ runs: - id: exec-workflow name: Execute Workflow env: + GH_DEBUG: api GH_TOKEN: ${{ inputs.github_token }} run: | gh workflow run --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} ${{ inputs.workflow_id }} --ref ${{ inputs.branch_name }} ${{ inputs.workflow_inputs }} From 152f75a992abab12c156accfe1b16763679c9ac5 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Mon, 15 Sep 2025 15:53:01 +0200 Subject: [PATCH 94/97] set github_token input as required --- .github/actions/github/execute-manual-workflow/action.yaml | 4 ++-- .github/actions/github/get-workflow-id/action.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index a122ac5b..5d6e4041 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -9,7 +9,7 @@ inputs: default: "master" github_token: description: 'The GitHub Token. (Required if github_app_id and github_app_private_key are not provided)' - required: false + required: true github_organization_name: description: 'The GitHub organization name.' required: true @@ -42,7 +42,7 @@ runs: GH_DEBUG: api GH_TOKEN: ${{ inputs.github_token }} run: | - gh workflow run --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} ${{ inputs.workflow_id }} --ref ${{ inputs.branch_name }} ${{ inputs.workflow_inputs }} + gh workflow run ${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --ref ${{ inputs.branch_name }} ${{ inputs.workflow_inputs }} shell: bash - id: watch-workflow diff --git a/.github/actions/github/get-workflow-id/action.yaml b/.github/actions/github/get-workflow-id/action.yaml index 2091e816..1cf0a0ce 100644 --- a/.github/actions/github/get-workflow-id/action.yaml +++ b/.github/actions/github/get-workflow-id/action.yaml @@ -5,7 +5,7 @@ description: 'Get the ID of a GitHub workflow based on the workflow file name an inputs: github_token: description: 'The GitHub Token.' - required: false + required: true github_organization_name: description: 'The GitHub organization name.' required: true From 1fed7e16252c51d895ef47c79259d8de34079078 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 16 Sep 2025 11:10:45 +0200 Subject: [PATCH 95/97] add watch run logic --- .../execute-manual-workflow/action.yaml | 38 +++++++++++++------ 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 5d6e4041..42edbb12 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -39,7 +39,6 @@ runs: - id: exec-workflow name: Execute Workflow env: - GH_DEBUG: api GH_TOKEN: ${{ inputs.github_token }} run: | gh workflow run ${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --ref ${{ inputs.branch_name }} ${{ inputs.workflow_inputs }} @@ -52,19 +51,36 @@ runs: GH_TOKEN: ${{ inputs.github_token }} GH_OUTPUT_FILE_NAME: gh-output.json run: | - gh run list --workflow=${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --json name,databaseId > $GH_OUTPUT_FILE_NAME + echo "Waiting for new run to appear..." + for i in {1..12}; do + sleep 10 + gh run list --workflow=${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --limit=1 --json name,databaseId,createdAt > $GH_OUTPUT_FILE_NAME + + if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then + echo "Workflow run not found. Still waiting... ($i/12)" + continue + fi - if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then - echo "Failed to list workflow runs" - exit 1 - fi + WORKFLOW_RUN_TIMESTAMP=$(cat $GH_OUTPUT_FILE_NAME | jq '.[0].createdAt' | | xargs -I {} date -d {} +%s) + CURRENT_TIMESTAMP=$(date +%s) - WORKFLOW_RUN_DBID=$(cat $GH_OUTPUT_FILE_NAME | jq --arg name "${{ inputs.workflow_watch_name_filter }}" '.[] | select(.name | contains($name))' | jq '.databaseId') + WORKFLOW_RUN_AGE=$((CURRENT_TIMESTAMP - WORKFLOW_RUN_TIMESTAMP)) + if [[ $WORKFLOW_RUN_AGE -lt 120 ]]; then + echo "Workflow run found with age of $WORKFLOW_RUN_AGE seconds" + + WORKFLOW_RUN_DBID=$(cat $GH_OUTPUT_FILE_NAME | jq --arg name "${{ inputs.workflow_watch_name_filter }}" '.[] | select(.name | contains($name))' | jq '.databaseId') - if [[ -z "$WORKFLOW_RUN_DBID" ]]; then - echo "Failed to get workflow run database ID" - exit 1 - fi + if [[ -z "$WORKFLOW_RUN_DBID" ]]; then + echo "Workflow run not found. Still waiting... ($i/12)" + continue + fi + echo "Workflow run found with database ID: $WORKFLOW_RUN_DBID" + break + else + echo "Workflow run not found. Still waiting... ($i/12)" + continue + fi + done gh run watch --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} $WORKFLOW_RUN_DBID shell: bash \ No newline at end of file From c4bf2031c9d5251bc8bc47b04075ad95669d0952 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 16 Sep 2025 11:15:31 +0200 Subject: [PATCH 96/97] add workflow user --- .../actions/github/execute-manual-workflow/action.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index 42edbb12..f5778c43 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -32,6 +32,10 @@ inputs: description: 'Filter the workflow run by name (Only available if workflow_watch is true).' required: false default: "" + workflow_watch_user: + description: 'The user to watch the workflow run as (Only available if workflow_watch is true).' + required: false + default: "" runs: using: "composite" @@ -54,14 +58,14 @@ runs: echo "Waiting for new run to appear..." for i in {1..12}; do sleep 10 - gh run list --workflow=${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --limit=1 --json name,databaseId,createdAt > $GH_OUTPUT_FILE_NAME + gh run list --workflow=${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --limit=1 --user "${{ inputs.workflow_watch_user }}" --json name,databaseId,createdAt > $GH_OUTPUT_FILE_NAME if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then echo "Workflow run not found. Still waiting... ($i/12)" continue fi - WORKFLOW_RUN_TIMESTAMP=$(cat $GH_OUTPUT_FILE_NAME | jq '.[0].createdAt' | | xargs -I {} date -d {} +%s) + WORKFLOW_RUN_TIMESTAMP=$(cat $GH_OUTPUT_FILE_NAME | jq '.[0].createdAt' | xargs -I {} date -d {} +%s) CURRENT_TIMESTAMP=$(date +%s) WORKFLOW_RUN_AGE=$((CURRENT_TIMESTAMP - WORKFLOW_RUN_TIMESTAMP)) From 29ae525a098734ce85e9654895cf97027337b322 Mon Sep 17 00:00:00 2001 From: David Pacheco Date: Tue, 16 Sep 2025 11:23:43 +0200 Subject: [PATCH 97/97] control the workflow output --- .github/actions/github/execute-manual-workflow/action.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/actions/github/execute-manual-workflow/action.yaml b/.github/actions/github/execute-manual-workflow/action.yaml index f5778c43..f8a8998d 100644 --- a/.github/actions/github/execute-manual-workflow/action.yaml +++ b/.github/actions/github/execute-manual-workflow/action.yaml @@ -58,6 +58,7 @@ runs: echo "Waiting for new run to appear..." for i in {1..12}; do sleep 10 + # Get the latest run of the workflow as the user specified gh run list --workflow=${{ inputs.workflow_id }} --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} --limit=1 --user "${{ inputs.workflow_watch_user }}" --json name,databaseId,createdAt > $GH_OUTPUT_FILE_NAME if [[ $? -ne 0 ]] || [ ! -f "$GH_OUTPUT_FILE_NAME" ] && [ ! -s "$GH_OUTPUT_FILE_NAME" ]; then @@ -71,7 +72,8 @@ runs: WORKFLOW_RUN_AGE=$((CURRENT_TIMESTAMP - WORKFLOW_RUN_TIMESTAMP)) if [[ $WORKFLOW_RUN_AGE -lt 120 ]]; then echo "Workflow run found with age of $WORKFLOW_RUN_AGE seconds" - + + # Get the database ID of the workflow run WORKFLOW_RUN_DBID=$(cat $GH_OUTPUT_FILE_NAME | jq --arg name "${{ inputs.workflow_watch_name_filter }}" '.[] | select(.name | contains($name))' | jq '.databaseId') if [[ -z "$WORKFLOW_RUN_DBID" ]]; then @@ -86,5 +88,6 @@ runs: fi done - gh run watch --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} $WORKFLOW_RUN_DBID + # Wait for the workflow to finish and exit with the same status. + gh run watch --repo ${{ inputs.github_organization_name }}/${{ inputs.github_repository_name }} $WORKFLOW_RUN_DBID --interval 15 --compact --exit-status shell: bash \ No newline at end of file