-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathaction.yaml
248 lines (233 loc) · 10.8 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
name: 'Deploy Single VM Stackstorm to AWS EC2'
description: 'Deploy a Single VM Stackstorm to an AWS Virtual Machine (EC2)'
branding:
icon: upload-cloud
color: red
inputs:
checkout:
description: 'Specifies if this action should checkout the code'
required: false
default: "true"
# AWS Configuration
aws_access_key_id:
description: 'AWS access key ID'
required: false
aws_secret_access_key:
description: 'AWS secret access key'
required: false
aws_session_token:
description: 'AWS session token'
required: false
aws_default_region:
description: 'AWS default region'
required: false
aws_resource_identifier:
description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.'
required: false
aws_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# EC2 Instance config
aws_ec2_iam_instance_profile:
description: 'The AWS IAM instance profile to use for the EC2 instance'
required: false
aws_ec2_instance_type:
description: 'The AWS Instance type'
default: t3.medium
required: false
aws_ec2_instance_root_vol_size:
description: 'Define the volume size (in GiB) for the root volume on the AWS Instance.'
required: false
default: 10
aws_ec2_instance_root_vol_preserve:
description: 'Set this to true to avoid deletion of root volume on termination. Defaults to false.'
required: false
aws_ec2_create_keypair_sm:
description: 'Creates a Secret in AWS secret manager to store a kypair'
required: false
aws_ec2_instance_public_ip:
description: 'Add a public IP to the instance or not. (Not an Elastic IP)'
required: false
default: true
aws_ec2_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# StackStorm configuration
st2_auth_username:
description: 'Username used by StackStorm standalone authentication. Set as a secret in GH Actions.'
required: true
st2_auth_password:
description: 'Password used by StackStorm standalone authentication. Set as a secret in GH Actions.'
required: true
st2_packs:
description: 'Comma separated list of packs to install. If you modify this option, be sure to also include `st2` in the list.'
default: "st2"
st2_ansible_extra_vars_file:
description: "Relative path from project root to Ansible vars file. If you'd like to adjust more advanced configuration; st2 version, st2.conf, RBAC, chatops, auth, etc. See https://github.com/stackStorm/ansible-st2#variables for the full list of settings. The Ansible vars will take higher precedence over the GHA inputs."
required: false
st2_version_tag:
description: "Stackstorm Ansible release tag to use. See https://github.com/StackStorm/ansible-st2/releases"
required: false
# Stack Management
tf_stack_destroy:
description: 'Set to "true" to Destroy the created AWS infrastructure for this instance'
default: "false"
tf_state_file_name:
description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
required: false
tf_state_file_name_append:
description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
required: false
tf_state_bucket:
description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state-aws`'
required: false
tf_state_bucket_destroy:
description: 'Force purge and deletion of S3 tf_state_bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`'
required: false
# Domains
aws_r53_domain_name:
description: "Define the root domain name for the application. e.g. bitovi.com. If empty, ELB URL will be provided."
required: false
aws_r53_sub_domain_name:
description: 'Define the sub-domain part of the URL. Defaults to `${org}-${repo}-{branch}`'
required: false
aws_r53_root_domain_deploy:
description: 'Deploy to root domain. Will generate two DNS recrods, one for root, another for www'
required: false
aws_r53_enable_cert:
description: 'Makes the application use a certificate by enabling a certificate lookup.'
required: false
aws_r53_cert_arn:
description: 'Define the certificate ARN to use for the application'
required: false
aws_r53_create_root_cert:
description: 'Generates and manage the root cert for the application'
required: false
aws_r53_create_sub_cert:
description: 'Generates and manage the sub-domain certificate for the application'
required: false
aws_r53_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# VPC Inputs
aws_vpc_create:
description: 'Define if a VPC should be created'
required: false
aws_vpc_name:
description: 'Set a specific name for the VPC'
required: false
aws_vpc_cidr_block:
description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
required: false
aws_vpc_public_subnets:
description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
required: false
aws_vpc_private_subnets:
description: 'Comma separated list of private subnets. If none, none will be created.'
required: false
aws_vpc_availability_zones:
description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
required: false
aws_vpc_id:
description: 'AWS VPC ID. Accepts `vpc-###` values.'
required: false
aws_vpc_subnet_id:
description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
required: false
aws_vpc_enable_nat_gateway:
description: 'Enables NAT gateway'
required: false
aws_vpc_single_nat_gateway:
description: 'Creates only one NAT gateway'
required: false
aws_vpc_external_nat_ip_ids:
description: 'Comma separated list of IP IDS to reuse in the NAT gateways'
required: false
aws_vpc_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
outputs:
# VPC
aws_vpc_id:
description: "The selected VPC ID used."
value: ${{ steps.deploy.outputs.aws_vpc_id }}
vm_url:
description: "The URL of the generated app"
value: ${{ steps.deploy.outputs.vm_url }}
instance_endpoint:
description: "The URL of the generated ec2 instance"
value: ${{ steps.deploy.outputs.instance_endpoint }}
ec2_sg_id:
description: "SG ID for the EC2 instance"
value: ${{ steps.deploy.outputs.ec2_sg_id }}
runs:
using: 'composite'
steps:
- name: Push ST2_PACKS to env_file
shell: bash
id: set-env_file
run: |
echo "ST2_PACKS=${{ inputs.st2_packs }}" > ${{ github.action_path }}/extra_env
- name: Deploy with BitOps
id: deploy
uses: bitovi/github-actions-commons@v1
with:
# Current repo vars
gh_action_repo: ${{ github.action_path }}
gh_action_input_ansible: operations/deployment/ansible
gh_deployment_action_input_ansible_extra_vars_file: ${{ inputs.st2_ansible_extra_vars_file }}
checkout: ${{ inputs.checkout }}
bitops_extra_env_vars: -e ST2_AUTH_USERNAME=${{ inputs.st2_auth_username }} -e ST2_AUTH_PASSWORD=${{ inputs.st2_auth_password }} -e ST2_VERSION_TAG=${{ inputs.st2_version_tag }}
bitops_extra_env_vars_file: extra_env
# AWS
aws_access_key_id: ${{ inputs.aws_access_key_id }}
aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
aws_session_token: ${{ inputs.aws_session_token }}
aws_default_region: ${{ inputs.aws_default_region }}
aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
aws_additional_tags: ${{ inputs.aws_additional_tags }}
# EC2
aws_ec2_instance_create: true
aws_ec2_ami_filter: 'ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*'
aws_ec2_ami_owner: '099720109477'
aws_ec2_iam_instance_profile: ${{ inputs.aws_ec2_instance_profile }}
aws_ec2_instance_type: ${{ inputs.aws_ec2_instance_type }}
aws_ec2_instance_root_vol_size: ${{ inputs.aws_ec2_instance_vol_size }}
aws_ec2_instance_root_vol_preserve: ${{ inputs.aws_ec2_instance_root_vol_preserve }}
aws_ec2_create_keypair_sm: ${{ inputs.aws_ec2_create_keypair_sm }}
aws_ec2_instance_public_ip: true
aws_ec2_additional_tags: ${{ inputs.aws_ec2_additional_tags }}
# AWS ELB
aws_elb_create: true
aws_elb_app_port: "443"
aws_elb_app_protocol: ssl
aws_elb_healthcheck: "HTTPS:443/"
# Stack management
tf_stack_destroy: ${{ inputs.tf_stack_destroy }}
tf_state_file_name: ${{ inputs.tf_state_file_name }}
tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
tf_state_bucket: ${{ inputs.tf_state_bucket }}
tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
tf_state_bucket_provider: 'aws'
# AWS Route53 Domains abd Certificates
aws_r53_enable: true
aws_r53_domain_name: ${{ inputs.aws_r53_domain_name }}
aws_r53_sub_domain_name: ${{ inputs.aws_r53_sub_domain_name }}
aws_r53_root_domain_deploy: ${{ inputs.aws_r53_root_domain_deploy }}
aws_r53_enable_cert: ${{ inputs.aws_r53_enable_cert }}
aws_r53_cert_arn: ${{ inputs.aws_r53_cert_arn }}
aws_r53_create_root_cert: ${{ inputs.aws_r53_create_root_cert }}
aws_r53_create_sub_cert: ${{ inputs.aws_r53_create_sub_cert }}
aws_r53_additional_tags: ${{ inputs.aws_r53_additional_tags }}
aws_vpc_create: ${{ inputs.aws_vpc_create }}
aws_vpc_name: ${{ inputs.aws_vpc_name }}
aws_vpc_cidr_block: ${{ inputs.aws_vpc_cidr_block }}
aws_vpc_public_subnets: ${{ inputs.aws_vpc_public_subnets }}
aws_vpc_private_subnets: ${{ inputs.aws_vpc_private_subnets }}
aws_vpc_availability_zones: ${{ inputs.aws_vpc_availability_zones }}
aws_vpc_id: ${{ inputs.aws_vpc_id }}
aws_vpc_subnet_id: ${{ inputs.aws_vpc_subnet_id }}
aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }}
aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }}
aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }}
aws_vpc_additional_tags: ${{ inputs.aws_vpc_additional_tags }}