From c4004f7c0f5e3f878bd94b86a8aa478727d16de4 Mon Sep 17 00:00:00 2001
From: Guillaume Foreau <guillaume.foreau@insidegroup.fr>
Date: Mon, 22 May 2023 15:08:07 +0200
Subject: [PATCH] Add GCP auth at apply and simplify check-secure-estimate
 workflow

* Add Google auth file if the corresponding secret is set
* Remove terraform plan from estimation job in
  check-secure-estimate workflow
* Remove AWS-related auth env vars in check-secure-estimate workflow
---
 .github/workflows/tf-check-secure-estimate.yml | 11 ++---------
 .github/workflows/tf-plan-apply.yml            | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/tf-check-secure-estimate.yml b/.github/workflows/tf-check-secure-estimate.yml
index 2a6efa9..e5310d6 100644
--- a/.github/workflows/tf-check-secure-estimate.yml
+++ b/.github/workflows/tf-check-secure-estimate.yml
@@ -10,8 +10,6 @@ permissions:
   pull-requests: write
 
 env:
-  AWS_ACCESS_KEY_ID : "${{ secrets.AWS_ACCESS_KEY_ID }}"
-  AWS_SECRET_ACCESS_KEY : "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
   TF_ROOT : "."
   
 jobs:
@@ -32,7 +30,7 @@ jobs:
 
     # Initialize a new or existing Terraform working directory
     - name: Terraform Init
-      run: terraform init
+      run: terraform init -backend=false
 
     # Validate terraform files
     - name: Terraform Validate
@@ -98,14 +96,9 @@ jobs:
       with:
         terraform_wrapper: false
 
-    # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc.
     - name: Terraform Init
-      run: terraform init
+      run: terraform init -backend=false
 
-    # Plan change 
-    - name: Terraform Plan
-      run: terraform plan
-  
     - name: Setup Infracost
       uses: infracost/actions/setup@v2
       with:
diff --git a/.github/workflows/tf-plan-apply.yml b/.github/workflows/tf-plan-apply.yml
index b497793..1a0a726 100644
--- a/.github/workflows/tf-plan-apply.yml
+++ b/.github/workflows/tf-plan-apply.yml
@@ -14,6 +14,7 @@ permissions:
 env:
   AWS_ACCESS_KEY_ID : "${{ secrets.AWS_ACCESS_KEY_ID }}"
   AWS_SECRET_ACCESS_KEY : "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
+  GOOGLE_APPLICATION_CREDENTIALS  : /tmp/gcp.creds
   TF_ROOT : "."
 
 jobs:
@@ -27,6 +28,13 @@ jobs:
       tfplanExitCode: ${{ steps.tf-plan.outputs.exitcode }}
 
     steps:
+    # Set-up Google authentication if configured
+    - name: Set-up GCP auth
+      if: ${{ env.GOOGLE_APPLICATION_CREDENTIALS_CONTENT != '' }}
+      run: cat - <<<"${GOOGLE_APPLICATION_CREDENTIALS_CONTENT}" > "$GOOGLE_APPLICATION_CREDENTIALS"
+      env:
+        GOOGLE_APPLICATION_CREDENTIALS_CONTENT: "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_CONTENT }}"
+
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
       uses: actions/checkout@v3
@@ -119,6 +127,13 @@ jobs:
     needs: [terraform-plan]
     
     steps:
+    # Set-up Google authentication if configured
+    - name: Set-up GCP auth
+      if: ${{ env.GOOGLE_APPLICATION_CREDENTIALS_CONTENT != '' }}
+      run: cat - <<<"${GOOGLE_APPLICATION_CREDENTIALS_CONTENT}" > "$GOOGLE_APPLICATION_CREDENTIALS"
+      env:
+        GOOGLE_APPLICATION_CREDENTIALS_CONTENT: "${{ secrets.GOOGLE_APPLICATION_CREDENTIALS_CONTENT }}"
+
     # Checkout the repository to the GitHub Actions runner
     - name: Checkout
       uses: actions/checkout@v3