add los (#6) #32

Summary
Jobs
- deploy
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/deploy_prod1.yaml at 50bd130

	name: Deploy Prod 1

	on:
	push:
	branches:
	- main
	workflow_dispatch:
	branches:
	- main

	permissions: read-all

	env:
	# Secrets
	TF_VAR_mesh_proxmox_host: ${{ secrets.TF_VAR_MESHDB_PROXMOX_HOST }}
	TF_VAR_mesh_proxmox_token_id: ${{ secrets.TF_VAR_MESHDB_PROXMOX_TOKEN_ID }}
	TF_VAR_mesh_proxmox_token_secret: ${{ secrets.TF_VAR_MESHDB_PROXMOX_TOKEN_SECRET }}
	TF_VAR_mesh_local_password: ${{ secrets.TF_VAR_MESHDB_LOCAL_PASSWORD }}
	TF_VAR_k3s_token: ${{ secrets.TF_VAR_K3S_TOKEN }}
	# Credentials for deployment to AWS
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	# S3 bucket for the Terraform state
	BUCKET_TF_STATE: ${{ secrets.BUCKET_TF_STATE}}
	TF_VAR_env_name: ${{ vars.ENV_NAME}}

	jobs:
	deploy:
	runs-on: ubuntu-latest
	environment: prod1
	steps:
	- name: Checkout
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # @v4

	- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d #@v5
	with:
	python-version: '3.11'

	- name: Setup ansible
	run: pip install ansible && export PATH="$HOME/.local/bin:$PATH" && ansible-galaxy collection install cloud.terraform && ansible-galaxy collection install git+https://github.com/k3s-io/k3s-ansible.git

	- name: Setup Terraform with specified version on the runner
	uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # @v3
	with:
	terraform_version: 1.8.3

	- name: Setup backend
	run: \|
	echo "bucket = \"${{ secrets.BUCKET_TF_STATE }}\"" > backend.tfvars
	echo "key = \"terraform/state/k8s-infra-${{ vars.ENV_NAME }}.tfstate\"" >> backend.tfvars
	working-directory: ./terraform/

	- name: Terraform init
	id: init
	run: terraform init -backend-config=backend.tfvars
	working-directory: ./terraform/

	- name: Terraform format
	id: fmt
	run: terraform fmt -check
	working-directory: ./terraform/

	- name: Terraform validate
	id: validate
	run: terraform validate
	working-directory: ./terraform/

	- name: Setup WireGuard
	run: \|
	sudo apt-get update && sudo apt-get install -y wireguard
	echo "${{ secrets.WIREGUARD_PRIVATE_KEY }}" > privatekey
	sudo ip link add dev wg0 type wireguard
	sudo ip address add dev wg0 ${{ secrets.WIREGUARD_OVERLAY_NETWORK_IP }} peer ${{ secrets.WIREGUARD_PEER }}
	sudo wg set wg0 listen-port 48123 private-key privatekey peer ${{ secrets.WIREGUARD_PEER_PUBLIC_KEY }} allowed-ips 0.0.0.0/0 endpoint ${{ secrets.WIREGUARD_ENDPOINT }}
	sudo ip link set up dev wg0
	rm privatekey

	- name: Terraform plan
	id: plan
	if: github.event_name == 'pull_request'
	run: terraform plan -no-color -input=false -var-file=${{ vars.ENV_NAME }}.tfvars
	continue-on-error: true
	working-directory: ./terraform/

	- name: Terraform Plan Status
	if: steps.plan.outcome == 'failure'
	run: exit 1

	- name: Terraform Apply
	run: \|
	echo "${{ secrets.SSH_PRIVATE_KEY }}" > mesh_cluster/mesh${{ vars.ENV_NAME }}
	echo "${{ secrets.SSH_PUBLIC_KEY }}" > mesh_cluster/mesh${{ vars.ENV_NAME }}.pub
	chmod 600 mesh_cluster/mesh${{ vars.ENV_NAME }}
	chmod 600 mesh_cluster/mesh${{ vars.ENV_NAME }}.pub
	terraform apply -auto-approve -input=false -var-file=${{ vars.ENV_NAME }}.tfvars
	working-directory: ./terraform/

	- name: Run playbook
	run: sleep 45 && export PATH="$HOME/.local/bin:$PATH" && ansible-playbook -i inventory.yaml k8s_infra.yaml
	working-directory: ./ansible/

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add los (#6) #32

Workflow file

add los (#6) #32

Jobs

Run details

Workflow file for this run