From 7c18c4c6706a7bfea5fe9a1b2307cc09f0133b50 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 09:44:46 -0400 Subject: [PATCH 1/8] update GitHub actions to use equinix-labs Use latest equinix-labs published GitHub actions --- .github/workflows/integration.yml | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index d268597..6558d41 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -36,34 +36,28 @@ jobs: TF_VAR_router_size: "c3.medium.x86" TF_VAR_facility: "dc13" TF_VAR_create_project : false - # TODO only provide this to terraform steps that need it - TF_VAR_auth_token: ${{ secrets.METAL_AUTH_TOKEN }} - TF_VAR_s3_url: ${{ secrets.S3_URL }} - TF_VAR_object_store_bucket_name: ${{ secrets.S3_BUCKET_NAME }} - TF_VAR_s3_access_key: ${{ secrets.S3_ACCESS_KEY }} - TF_VAR_s3_secret_key: ${{ secrets.S3_SECRET_KEY }} steps: - name: Checkout from Github - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Add SHORT_SHA env property with commit short sha run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV - name: Install Terraform - uses: hashicorp/setup-terraform@v1 + uses: hashicorp/setup-terraform@v3 with: terraform_version: ${{ env.TF_VERSION }} - name: Initialize Terraform, Modules, and Plugins id: init run: terraform init -input=false - id: project - uses: displague/metal-project-action@v0.10.0 + uses: equinix-labs/metal-project-action@v0.14.1 env: METAL_AUTH_TOKEN: ${{ secrets.METAL_AUTH_TOKEN }} # Configure an SSH Agent with a key that can access the project - name: SSH Agent run: | ssh-agent -a $SSH_AUTH_SOCK > /dev/null - ssh-add <(echo $METAL_SSH_PRIVATE_KEY_BASE64 | base64 -d) + ssh-add <(echo ${{ steps.metal-project.outputs.projectSSHPrivateKeyBase64 }} | base64 -d) - name: Terraform Vars - Cluster Name run: echo "TF_VAR_vcenter_cluster_name=tfacc-${SHORT_SHA}" >> $GITHUB_ENV - name: Terraform Vars - Project ID @@ -75,14 +69,26 @@ jobs: - name: Terraform Apply id: apply timeout-minutes: 120 + continue-on-error: true run: terraform apply -input=false tfplan + env: + METAL_AUTH_TOKEN: ${{ steps.project.outputs.projectToken }} # used by Equinix provider when auth_token not specified + TF_VAR_auth_token: ${{ steps.project.outputs.projectToken }} + TF_VAR_s3_url: ${{ secrets.S3_URL }} + TF_VAR_object_store_bucket_name: ${{ secrets.S3_BUCKET_NAME }} + TF_VAR_s3_access_key: ${{ secrets.S3_ACCESS_KEY }} + TF_VAR_s3_secret_key: ${{ secrets.S3_SECRET_KEY }} - name: Terraform Destroy + continue-on-error: true id: destroy if: ${{ always() }} run: terraform destroy -input=false -auto-approve + env: + TF_VAR_auth_token: ${{ steps.project.outputs.projectToken }} + METAL_AUTH_TOKEN: ${{ steps.project.outputs.projectToken }} - name: Project Delete if: ${{ always() }} - uses: displague/metal-sweeper-action@v0.3.0 + uses: equinix-labs/metal-sweeper-action@v0.6.1 env: METAL_PROJECT_ID: ${{ steps.project.outputs.projectID }} METAL_AUTH_TOKEN: ${{ secrets.METAL_AUTH_TOKEN }} From 38cf11d0a82645bfa66178810d244ea1d7aea784 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 09:48:18 -0400 Subject: [PATCH 2/8] update project-action to use with.userToken --- .github/workflows/integration.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 6558d41..54e3b01 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -51,8 +51,8 @@ jobs: run: terraform init -input=false - id: project uses: equinix-labs/metal-project-action@v0.14.1 - env: - METAL_AUTH_TOKEN: ${{ secrets.METAL_AUTH_TOKEN }} + with: + userToken: ${{ secrets.METAL_AUTH_TOKEN }} # Configure an SSH Agent with a key that can access the project - name: SSH Agent run: | From 9f34f517503f1fcd7e636da20834c4bf309e36f8 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 09:53:08 -0400 Subject: [PATCH 3/8] use with.authToken and with.projectID in sweeper action --- .github/workflows/integration.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 54e3b01..2c17c18 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -89,6 +89,6 @@ jobs: - name: Project Delete if: ${{ always() }} uses: equinix-labs/metal-sweeper-action@v0.6.1 - env: - METAL_PROJECT_ID: ${{ steps.project.outputs.projectID }} - METAL_AUTH_TOKEN: ${{ secrets.METAL_AUTH_TOKEN }} + with: + authToken: ${{ secrets.METAL_AUTH_TOKEN }} + projectID: ${{ steps.project.outputs.projectID }} From 4051895d6d7cd10559e4c6bf16db7f2a9d1e7a39 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 09:53:49 -0400 Subject: [PATCH 4/8] fix reference to private ssh key in integration CI --- .github/workflows/integration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 2c17c18..8bef4fe 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -57,7 +57,7 @@ jobs: - name: SSH Agent run: | ssh-agent -a $SSH_AUTH_SOCK > /dev/null - ssh-add <(echo ${{ steps.metal-project.outputs.projectSSHPrivateKeyBase64 }} | base64 -d) + ssh-add <(echo ${{ steps.project.outputs.projectSSHPrivateKeyBase64 }} | base64 -d) - name: Terraform Vars - Cluster Name run: echo "TF_VAR_vcenter_cluster_name=tfacc-${SHORT_SHA}" >> $GITHUB_ENV - name: Terraform Vars - Project ID From 22d6fbffcf403727e28307e7b0e4e1371876e785 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 10:00:41 -0400 Subject: [PATCH 5/8] ensure auth tokens are available during CI plan phase --- .github/workflows/integration.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 8bef4fe..b3f7ceb 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -61,7 +61,14 @@ jobs: - name: Terraform Vars - Cluster Name run: echo "TF_VAR_vcenter_cluster_name=tfacc-${SHORT_SHA}" >> $GITHUB_ENV - name: Terraform Vars - Project ID - run: echo "TF_VAR_project_id=${{ steps.project.outputs.projectID }}" >> $GITHUB_ENV + run: | + echo "TF_VAR_project_id=${{ steps.project.outputs.projectID }}" >> $GITHUB_ENV + echo "METAL_AUTH_TOKEN: ${{ steps.project.outputs.projectToken }}" >> $GITHUB_ENV # used by Equinix provider when auth_token not specified + echo "TF_VAR_auth_token: ${{ steps.project.outputs.projectToken }}" >> $GITHUB_ENV + echo "TF_VAR_s3_url: ${{ secrets.S3_URL }}" >> $GITHUB_ENV + echo "TF_VAR_object_store_bucket_name: ${{ secrets.S3_BUCKET_NAME }}" >> $GITHUB_ENV + echo "TF_VAR_s3_access_key: ${{ secrets.S3_ACCESS_KEY }}" >> $GITHUB_ENV + echo "TF_VAR_s3_secret_key: ${{ secrets.S3_SECRET_KEY }}" >> $GITHUB_ENV - name: Terraform Plan id: plan timeout-minutes: 120 @@ -71,21 +78,11 @@ jobs: timeout-minutes: 120 continue-on-error: true run: terraform apply -input=false tfplan - env: - METAL_AUTH_TOKEN: ${{ steps.project.outputs.projectToken }} # used by Equinix provider when auth_token not specified - TF_VAR_auth_token: ${{ steps.project.outputs.projectToken }} - TF_VAR_s3_url: ${{ secrets.S3_URL }} - TF_VAR_object_store_bucket_name: ${{ secrets.S3_BUCKET_NAME }} - TF_VAR_s3_access_key: ${{ secrets.S3_ACCESS_KEY }} - TF_VAR_s3_secret_key: ${{ secrets.S3_SECRET_KEY }} - name: Terraform Destroy continue-on-error: true id: destroy if: ${{ always() }} run: terraform destroy -input=false -auto-approve - env: - TF_VAR_auth_token: ${{ steps.project.outputs.projectToken }} - METAL_AUTH_TOKEN: ${{ steps.project.outputs.projectToken }} - name: Project Delete if: ${{ always() }} uses: equinix-labs/metal-sweeper-action@v0.6.1 From 81e7c2e5f3948408ed640000be37b05040d55f01 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 10:27:29 -0400 Subject: [PATCH 6/8] fix formatting of GHA env file in integration CI --- .github/workflows/integration.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index b3f7ceb..f87d44f 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -63,12 +63,12 @@ jobs: - name: Terraform Vars - Project ID run: | echo "TF_VAR_project_id=${{ steps.project.outputs.projectID }}" >> $GITHUB_ENV - echo "METAL_AUTH_TOKEN: ${{ steps.project.outputs.projectToken }}" >> $GITHUB_ENV # used by Equinix provider when auth_token not specified - echo "TF_VAR_auth_token: ${{ steps.project.outputs.projectToken }}" >> $GITHUB_ENV - echo "TF_VAR_s3_url: ${{ secrets.S3_URL }}" >> $GITHUB_ENV - echo "TF_VAR_object_store_bucket_name: ${{ secrets.S3_BUCKET_NAME }}" >> $GITHUB_ENV - echo "TF_VAR_s3_access_key: ${{ secrets.S3_ACCESS_KEY }}" >> $GITHUB_ENV - echo "TF_VAR_s3_secret_key: ${{ secrets.S3_SECRET_KEY }}" >> $GITHUB_ENV + echo "METAL_AUTH_TOKEN=${{ steps.project.outputs.projectToken }}" >> $GITHUB_ENV # used by Equinix provider when auth_token not specified + echo "TF_VAR_auth_token=${{ steps.project.outputs.projectToken }}" >> $GITHUB_ENV + echo "TF_VAR_s3_url=${{ secrets.S3_URL }}" >> $GITHUB_ENV + echo "TF_VAR_object_store_bucket_name=${{ secrets.S3_BUCKET_NAME }}" >> $GITHUB_ENV + echo "TF_VAR_s3_access_key=${{ secrets.S3_ACCESS_KEY }}" >> $GITHUB_ENV + echo "TF_VAR_s3_secret_key=${{ secrets.S3_SECRET_KEY }}" >> $GITHUB_ENV - name: Terraform Plan id: plan timeout-minutes: 120 From 27893ef58eda9a4c7dc99087484128528345dddf Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Tue, 30 May 2023 10:55:05 -0400 Subject: [PATCH 7/8] ci: update TF and metal GH actions version to fix CI builds Signed-off-by: Marques Johansson --- .github/workflows/integration.yml | 4 ++-- .github/workflows/terraform.yml | 2 +- versions.tf | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index f87d44f..f9842e9 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -18,7 +18,7 @@ jobs: strategy: matrix: os: [ubuntu-latest] - tf: [1.0.7] + tf: [1.4] vsphere: #- vmware_os: vmware_esxi_6_7 # vcenter_iso: VMware-VCSA-all-6.7.0-14367737.iso @@ -34,7 +34,7 @@ jobs: TF_VAR_esxi_host_count: 2 TF_VAR_esxi_size: "c3.medium.x86" TF_VAR_router_size: "c3.medium.x86" - TF_VAR_facility: "dc13" + TF_VAR_metro: "dc" TF_VAR_create_project : false steps: - name: Checkout from Github diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 64fc216..f664f29 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -19,7 +19,7 @@ jobs: strategy: matrix: os: [ubuntu-latest] - tf: [0.14.8] + tf: [1.4] steps: - name: Checkout from Github uses: actions/checkout@v2 diff --git a/versions.tf b/versions.tf index e1e723a..fdf9b46 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,5 @@ terraform { - experiments = [module_variable_optional_attrs] + required_version = "~> 1.4" required_providers { null = { source = "hashicorp/null" From 173d965ea63ca78e92d8875141adf62fce02c2a1 Mon Sep 17 00:00:00 2001 From: Marques Johansson Date: Mon, 3 Jun 2024 15:08:43 +0000 Subject: [PATCH 8/8] remove continue-on-error from terraform apply/destroy steps Signed-off-by: Marques Johansson --- .github/workflows/integration.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index f9842e9..4b7deae 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -76,10 +76,8 @@ jobs: - name: Terraform Apply id: apply timeout-minutes: 120 - continue-on-error: true run: terraform apply -input=false tfplan - name: Terraform Destroy - continue-on-error: true id: destroy if: ${{ always() }} run: terraform destroy -input=false -auto-approve