forked from aismur/terraform-infra-eks
-
Notifications
You must be signed in to change notification settings - Fork 0
119 lines (118 loc) · 4.54 KB
/
terraform-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
name: Terraform Deployment Workflow
on:
push:
branches: ["dev"]
pull_request:
branches: ["main"]
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
environment: ${{ (github.ref == 'refs/heads/main' && 'dev') }}
defaults:
run:
working-directory: ./roots/main-eks-root/
shell: bash
steps:
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ vars.IAM_ROLE }}
role-session-name: githubactionssession
aws-region: "us-east-2"
- name: Checkout repository
uses: actions/checkout@v4
# # Run Terraform commands
- name: Initialize
run: terraform init
- name: Terraform Validate
run: terraform validate
- name: Plan Infrastructure
run: terraform plan -input=false -var-file=project-x.tfvars
- name: Deploy Infrastructure
run: terraform apply -input=false -auto-approve -var-file=project-x.tfvars
# # Login to ECR
- name: Login to ECR
if: github.ref != 'refs/heads/main'
id: login-to-ecr
uses: aws-actions/amazon-ecr-login@v2
# # Backend image to ECR
- name: Build, tag, and push Backend docker image to Amazon ECR
if: github.ref != 'refs/heads/main'
env:
REGISTRY: ${{ steps.login-to-ecr.outputs.registry }}
REPOSITORY: proshop-app-backend
IMAGE_TAG: ${{ github.sha }}
working-directory: .
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
# # Frontend image to ECR
- name: Build, tag, and push Frontend docker image to Amazon ECR
if: github.ref != 'refs/heads/main'
env:
REGISTRY: ${{ steps.login-to-ecr.outputs.registry }}
REPOSITORY: comet-shop-app-frontend
IMAGE_TAG: ${{ github.sha }}
working-directory: ./frontend/
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
# # Login to EKS
- name: Login to EKS
run: aws eks update-kubeconfig --region us-east-2 --name project-x-dev
# # Install Helm on the CI/CD Runner
- name: Install Helm
run: |
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# # Install NGINX Ingress Controller using Helm
- name: Install NGINX Ingress Controller
run: |
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx \
--namespace kube-system --create-namespace
# # Install the Secrets Store CSI Driver**
- name: Install Secrets Store CSI Driver
run: |
helm repo add csi-secrets-store https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
helm repo update
helm install csi-secrets-store csi-secrets-store/secrets-store-csi-driver --namespace kube-system
# # Apply Kubernetes file
- name: Apply Kubernetes YAML File
working-directory: ./kubernetes-resources/
run: |
kubectl apply -f proshop-app-tls-secret.yaml
# # Deploy Backend to Kubernetes
- name: Deploy Backend to Kubernetes
env:
IMAGE_TAG: ${{ github.sha }}
working-directory: ./backend/
run: |
helm upgrade --install proshop-app-backend backend-deploy \
--values ./backend-deploy/dev-values.yaml \
--set image.tag="$IMAGE_TAG" \
--namespace shop-app --create-namespace
# # Deploy Frontend to Kubernetes
- name: Deploy Frontend to Kubernetes
env:
IMAGE_TAG: ${{ github.sha }}
working-directory: ./frontend/
run: |
helm upgrade --install proshop-app-frontend frontend-deploy \
--values ./frontend-deploy/dev-values.yaml \
--set image.tag="$IMAGE_TAG" \
--namespace shop-app --create-namespace
# # Apply permissions in aws-auth for K8s RBAC
- name: Apply permissions in aws-auth for K8s RBAC
working-directory: ./eks-module
run: |
aws eks update-kubeconfig --name project-x-dev --region us-east-2
kubectl config current-context
kubectl apply -f aws-auth.yaml
# Destroy Infrastructure
# - name: Destroy Infrastructure
# run: terraform destroy -input=false -auto-approve -var-file=project-x.tfvars