-
Notifications
You must be signed in to change notification settings - Fork 3
/
action.yml
180 lines (158 loc) · 5.08 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
name: Duplocloud
description: Install Duplocloud tools and login.
author: duplocloud
branding:
icon: cloud
color: orange
inputs:
mask-account-id:
description: Mask AWS Account ID in logs
required: false
default: 'yes'
region:
required: false
description: Overide the cloud region from the default. For gcp this is required.
account-id:
required: false
description: Overide the cloud account id from the default. Required when on gcp where this would be the project name.
credentials:
required: false
description: Cloud credentials for Azure or GCP.
version:
required: false
description: The version of the duploctl to install.
default: latest
admin:
required: false
description: Admin user name.
default: "false"
runs:
using: composite
steps:
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Pip Upgrade
shell: bash
run: pip install --upgrade pip
- name: Install duploctl
id: install-duploctl
shell: bash
env:
VERSION: ${{ inputs.version }}
run: |
if [[ "$VERSION" == "latest" ]]; then
pip install duplocloud-client
else
pip install duplocloud-client==$VERSION
fi
- name: Duplo Version
id: duplo-version
shell: bash
run: |
echo "Successfully installed duploctl"
duploctl version
- name: Portal Info
id: portal-info
shell: bash
env:
DUPLO_ACCOUNT_ID: ${{ inputs.account-id }}
DUPLO_DEFAULT_REGION: ${{ inputs.region }}
ISADMIN: ${{ inputs.admin }}
run: |
PORTAL_INFO="$(duploctl system info)"
AWS_ENABLED="$(echo "$PORTAL_INFO" | jq -r '.IsAwsCloudEnabled')"
GCP_ENABLED="$(echo "$PORTAL_INFO" | jq -r '.IsGoogleCloudEnabled')"
AZURE_ENABLED="$(echo "$PORTAL_INFO" | jq -r '.IsAzureCloudEnabled')"
echo "AWS_ENABLED=$AWS_ENABLED" >> $GITHUB_ENV
echo "GCP_ENABLED=$GCP_ENABLED" >> $GITHUB_ENV
echo "AZURE_ENABLED=$AZURE_ENABLED" >> $GITHUB_ENV
echo "Portal info discovered"
# configure the cloud environments
if [[ "$AWS_ENABLED" == "true" ]]; then
echo "Configuring AWS Backend"
DUPLO_ACCOUNT_ID="$(echo "$PORTAL_INFO" | jq -r '.DefaultAwsAccount')"
DUPLO_DEFAULT_REGION="$(echo "$PORTAL_INFO" | jq -r '.DefaultAwsRegion')"
echo "AWS_DEFAULT_REGION=$DUPLO_DEFAULT_REGION" >> $GITHUB_ENV
echo "AWS_ACCOUNT_ID=$DUPLO_ACCOUNT_ID" >> $GITHUB_ENV
elif [[ "$GCP_ENABLED" == "true" ]]; then
echo "Configuring GCP Backend"
elif [[ "$AZURE_ENABLED" == "true" ]]; then
echo "Configuring Azure Backend"
fi
# if is admin
if [[ "$ISADMIN" == "true" ]]; then
echo "ADMIN_FLAG=--admin" >> $GITHUB_OUTPUT
else
echo "ADMIN_FLAG=" >> $GITHUB_OUTPUT
fi
echo "DUPLO_ACCOUNT_ID=$DUPLO_ACCOUNT_ID" >> $GITHUB_ENV
echo "DUPLO_DEFAULT_REGION=$DUPLO_DEFAULT_REGION" >> $GITHUB_ENV
# re-export duplo creds as lowercase
echo "duplo_token=$DUPLO_TOKEN" >> $GITHUB_ENV
echo "duplo_host=$DUPLO_HOST" >> $GITHUB_ENV
###
# AWS Configuration Flow
###
- name: Install AWS CLI
id: setup-aws-cli
if: env.AWS_ENABLED == 'true'
uses: unfor19/install-aws-cli-action@v1
- name: Duplo JIT for AWS
id: duplo-jit-aws
shell: bash
if: env.AWS_ENABLED == 'true'
env:
AWS_REGION: ${{ inputs.region }}
ADMIN_FLAG: ${{ steps.portal-info.outputs.ADMIN_FLAG }}
run: >-
duploctl jit aws -q '{
AWS_ACCESS_KEY_ID: AccessKeyId,
AWS_SECRET_ACCESS_KEY: SecretAccessKey,
AWS_SESSION_TOKEN: SessionToken,
AWS_REGION: Region
}' -o env $ADMIN_FLAG >> $GITHUB_OUTPUT
- name: Configure AWS IAM Credentials
id: aws-iam
uses: aws-actions/configure-aws-credentials@v4
if: env.AWS_ENABLED == 'true'
with:
aws-access-key-id: ${{ steps.duplo-jit-aws.outputs.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ steps.duplo-jit-aws.outputs.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ steps.duplo-jit-aws.outputs.AWS_SESSION_TOKEN }}
aws-region: ${{ env.AWS_REGION || steps.duplo-jit-aws.outputs.AWS_REGION }}
mask-aws-account-id: ${{ inputs.mask-account-id }}
###
# GCP Configuration Flow
###
- name: Authenticate to Google Cloud
id: login-gcp
uses: google-github-actions/auth@v2
if: env.GCP_ENABLED == 'true' && inputs.credentials
with:
credentials_json: ${{ inputs.credentials }}
export_environment_variables: true
- name: Set up Cloud SDK
id: setup-gcloud
uses: google-github-actions/setup-gcloud@v2
if: env.GCP_ENABLED == 'true'
with:
version: '>= 363.0.0'
###
# Azure Configuration Flow
###
- name: Azure Login
id: login-azure
uses: azure/login@v2
if: env.AZURE_ENABLED == 'true' && inputs.credentials
with:
creds: ${{ inputs.credentials }}
- name: Azure CLI script
id: setup-azure-cli
uses: azure/CLI@v2
if: env.AZURE_ENABLED == 'true'
with:
azcliversion: 2.57.0
inlineScript: |
az account show