workflow #43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Apply Terraform on Google Cloud | |
#on: | |
# workflow_run: | |
# workflows: ["Build and Push Docker Image"] | |
# types: | |
# - completed | |
on: | |
push: | |
branches: | |
- build | |
- master | |
jobs: | |
terraform: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Set up gcloud CLI | |
uses: google-github-actions/[email protected] | |
with: | |
service_account_key: ${{ secrets.GCP_SA_KEY }} | |
project_id: ${{ secrets.GCP_PROJECT_ID }} | |
- name: Install Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: 1.6.5 | |
- name: Terraform Init | |
working-directory: infra/prod | |
run: terraform init | |
env: | |
GOOGLE_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
GOOGLE_CREDENTIALS: ${{ secrets.GCP_SA_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Terraform Refresh | |
working-directory: infra/prod | |
run: | | |
export TF_VAR_env="prod" | |
export TF_VAR_gcp_project_id="${{ secrets.GCP_PROJECT_ID }}" | |
export TF_VAR_aws_cognito_user_pool_id="${{ secrets.COGNITO_USER_POOL_ID }}" | |
export TF_VAR_aws_cognito_client_id="${{ secrets.COGNITO_CLIENT_ID }}" | |
export TF_VAR_aws_cognito_domain="${{ secrets.COGNITO_DOMAIN }}" | |
export TF_VAR_aws_cognito_client_secret="${{ secrets.COGNITO_CLIENT_SECRET }}" | |
export TF_VAR_aws_cognito_redirect_url="${{ secrets.COGNITO_REDIRECT_URI }}" | |
export TF_VAR_chainlit_auth_secret="${{ secrets.CHAINLIT_AUTH_SECRET }}" | |
export TF_VAR_chainlit_api_key="${{ secrets.CHAINLIT_API_KEY }}" | |
export TF_VAR_openai_api_key="${{ secrets.OPENAI_API_KEY }}" | |
export TF_VAR_redis_port="${{ secrets.REDIS_PORT }}" | |
export TF_VAR_redis_db="${{ secrets.REDIS_DB }}" | |
export TF_VAR_redis_ttl="${{ secrets.REDIS_TTL }}" | |
terraform refresh -input=false | |
env: | |
GOOGLE_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
GOOGLE_CREDENTIALS: ${{ secrets.GCP_SA_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Terraform DBG | |
working-directory: infra/prod | |
run: terraform state list | |
env: | |
GOOGLE_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
GOOGLE_CREDENTIALS: ${{ secrets.GCP_SA_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Terraform Apply | |
working-directory: infra/prod | |
run: | | |
export TF_VAR_env="prod" | |
export TF_VAR_gcp_project_id="${{ secrets.GCP_PROJECT_ID }}" | |
export TF_VAR_aws_cognito_user_pool_id="${{ secrets.COGNITO_USER_POOL_ID }}" | |
export TF_VAR_aws_cognito_client_id="${{ secrets.COGNITO_CLIENT_ID }}" | |
export TF_VAR_aws_cognito_domain="${{ secrets.COGNITO_DOMAIN }}" | |
export TF_VAR_aws_cognito_client_secret="${{ secrets.COGNITO_CLIENT_SECRET }}" | |
export TF_VAR_aws_cognito_redirect_url="${{ secrets.COGNITO_REDIRECT_URI }}" | |
export TF_VAR_chainlit_auth_secret="${{ secrets.CHAINLIT_AUTH_SECRET }}" | |
export TF_VAR_chainlit_api_key="${{ secrets.CHAINLIT_API_KEY }}" | |
export TF_VAR_openai_api_key="${{ secrets.OPENAI_API_KEY }}" | |
export TF_VAR_redis_port="${{ secrets.REDIS_PORT }}" | |
export TF_VAR_redis_db="${{ secrets.REDIS_DB }}" | |
export TF_VAR_redis_ttl="${{ secrets.REDIS_TTL }}" | |
terraform plan -input=false -out=tfplan | |
# terraform apply -input=false tfplan | |
env: | |
GOOGLE_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
GOOGLE_CREDENTIALS: ${{ secrets.GCP_SA_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |