Revert to very old but working version from 998addf

Author: neilmb

.docker/zscaler_cert.pem

@@ -15,9 +15,58 @@ env:
   ENCRYPT: "true"
 
 jobs:
-  apply:
 
-    name: apply
+  apply-staging:
+    name: apply (staging)
+    runs-on: ubuntu-latest
+    environment: staging
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      TF_VAR_cf_username: ${{ secrets.TF_VAR_cf_username }}
+      TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
+      TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
+      TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
+      TERRAFORM_PRE_RUN: |
+          ./install-tools.sh
+          cp helm /usr/local/bin/
+          cp kubectl /usr/local/bin/
+          cp aws-iam-authenticator /usr/local/bin/
+          aws-iam-authenticator help
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - name: prep applications
+        run: |
+          ./app-setup-eks.sh
+          ./app-setup-solrcloud.sh
+          ./app-setup-smtp.sh
+      - name: terraform apply (staging)
+        uses: dflook/terraform-apply@v1
+        with:
+          path: .
+          label: staging
+          workspace: staging
+          var_file: terraform.staging.tfvars
+          backend_config: >
+            bucket=${{ env.BUCKET }},
+            key=${{ env.KEY }},
+            region=${{ env.REGION }},
+            encrypt=${{ env.ENCRYPT }},
+            access_key=${{ env.AWS_ACCESS_KEY_ID }},
+            secret_key=${{ env.AWS_SECRET_ACCESS_KEY }}
+      # - name: Setup tmate session
+      #   if: ${{ failure() }}
+      #   uses: mxschmitt/action-tmate@v3
+      #   with:
+      #     limit-access-to-actor: true
+      - name: test staging environment
+        run: echo staging tests ok  # TODO staging smoke tests
+
+  apply-production:
+    needs: apply-staging
+
+    name: apply (production)
     runs-on: ubuntu-latest
     environment: production
     env:
@@ -26,16 +75,23 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
+      TERRAFORM_PRE_RUN: |
+          ./install-tools.sh
+          cp helm /usr/local/bin/
+          cp kubectl /usr/local/bin/
+          cp aws-iam-authenticator /usr/local/bin/
+          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-solr.sh
+          ./app-setup-eks.sh
+          ./app-setup-solrcloud.sh
           ./app-setup-smtp.sh
-      - name: OpenTofu apply (production)
-        uses: dflook/tofu-apply@v1
+      - name: terraform apply (production)
+        uses: dflook/terraform-apply@v1
         with:
           path: .
           label: production

.github/workflows/apply.yml

@@ -10,7 +10,7 @@ env:
   REGION: "${{ secrets.REGION }}"
   KEY: "ssb-tfstate"
   ENCRYPT: "true"
-
+  
 jobs:
   test:
     name: test format and validity
@@ -19,13 +19,13 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
 
-      - name: OpenTofu fmt
-        uses: dflook/tofu-fmt-check@v1
+      - name: terraform fmt
+        uses: dflook/terraform-fmt-check@v1
         with:
           path: .
 
-      - name: OpenTofu validate
-        uses: dflook/tofu-validate@v1
+      - name: terraform validate
+        uses: dflook/terraform-validate@v1
         with:
           path: .
 
@@ -40,17 +40,24 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
+      TERRAFORM_PRE_RUN: |
+          ./install-tools.sh
+          cp helm /usr/local/bin/
+          cp kubectl /usr/local/bin/
+          cp aws-iam-authenticator /usr/local/bin/
+          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-solr.sh
+          ./app-setup-eks.sh
+          ./app-setup-solrcloud.sh
           ./app-setup-smtp.sh
 
-      - name: OpenTofu apply (development)
-        uses: dflook/tofu-apply@v1
+      - name: terraform apply (development)
+        uses: dflook/terraform-apply@v1
         with:
           path: .
           label: development

.github/workflows/commit.yml

@@ -9,6 +9,7 @@ on:   # yamllint disable-line rule:truthy
         required: true
         type: choice
         options:
+          - "ssb-eks"
           - "ssb-smtp"
           - "ssb-solrcloud"
       appSpace:

.github/workflows/disable-egress.yml

@@ -9,6 +9,7 @@ on:   # yamllint disable-line rule:truthy
         required: true
         type: choice
         options:
+          - "ssb-eks"
           - "ssb-smtp"
           - "ssb-solrcloud"
       appSpace:

.github/workflows/enable-egress.yml

@@ -14,9 +14,47 @@ env:
 
 jobs:
 
+  plan-staging:
+    name: plan (staging)
+    runs-on: ubuntu-latest
+    environment: staging
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      TF_VAR_cf_username: ${{ secrets.TF_VAR_cf_username }}
+      TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
+      TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
+      TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
+      TERRAFORM_PRE_RUN: |
+          ./install-tools.sh
+          cp helm /usr/local/bin/
+          cp kubectl /usr/local/bin/
+          cp aws-iam-authenticator /usr/local/bin/
+          aws-iam-authenticator help
 
-  plan:
-    name: plan
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+      - name: prep applications
+        run: |
+          ./app-setup-eks.sh
+          ./app-setup-solrcloud.sh
+          ./app-setup-smtp.sh
+      - name: terraform plan (staging)
+        uses: dflook/terraform-plan@v1
+        with:
+          path: .
+          label: staging
+          workspace: staging
+          var_file: terraform.staging.tfvars
+          backend_config: >
+            bucket=${{ env.BUCKET }},
+            key=${{ env.KEY }},
+            region=${{ env.REGION }},
+            encrypt=${{ env.ENCRYPT }},
+            access_key=${{ env.AWS_ACCESS_KEY_ID }},
+            secret_key=${{ env.AWS_SECRET_ACCESS_KEY }}
+  plan-production:
+    name: plan (production)
     runs-on: ubuntu-latest
     environment: production
     env:
@@ -25,16 +63,23 @@ jobs:
       TF_VAR_cf_password: ${{ secrets.TF_VAR_cf_password }}
       TF_VAR_aws_access_key_id: ${{ secrets.TF_VAR_aws_access_key_id }}
       TF_VAR_aws_secret_access_key: ${{ secrets.TF_VAR_aws_secret_access_key }}
+      TERRAFORM_PRE_RUN: |
+          ./install-tools.sh
+          cp helm /usr/local/bin/
+          cp kubectl /usr/local/bin/
+          cp aws-iam-authenticator /usr/local/bin/
+          aws-iam-authenticator help
 
     steps:
       - name: checkout
         uses: actions/checkout@v3
       - name: prep applications
         run: |
-          ./app-setup-solr.sh
+          ./app-setup-eks.sh
+          ./app-setup-solrcloud.sh
           ./app-setup-smtp.sh
-      - name: OpenTofu plan (production)
-        uses: dflook/tofu-plan@v1
+      - name: terraform plan (production)
+        uses: dflook/terraform-plan@v1
         with:
           path: .
           label: production