kopia lustrzana https://github.com/cloudflare/wildebeest
keep tfstate in KV
rodzic
d233324197
commit
bdb6dd7c01
|
@ -80,10 +80,35 @@ jobs:
|
||||||
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain')
|
-H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain')
|
||||||
printf "auth_domain=$auth_domain" >> $GITHUB_ENV
|
printf "auth_domain=$auth_domain" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: retrieve Terraform state KV namespace
|
||||||
|
uses: cloudflare/wrangler-action@2.0.0
|
||||||
|
with:
|
||||||
|
command: kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.OWNER_LOWER }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV
|
||||||
|
apiToken: ${{ secrets.CF_API_TOKEN }}
|
||||||
|
preCommands: |
|
||||||
|
echo "*** pre commands ***"
|
||||||
|
apt-get update && apt-get -y install jq
|
||||||
|
echo "******"
|
||||||
|
env:
|
||||||
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
|
||||||
|
|
||||||
- name: Init
|
- name: Init
|
||||||
run: terraform init
|
run: terraform init
|
||||||
working-directory: ./tf
|
working-directory: ./tf
|
||||||
|
|
||||||
|
- name: download Terraform state
|
||||||
|
uses: cloudflare/wrangler-action@2.0.0
|
||||||
|
with:
|
||||||
|
command: kv:key get --namespace-id=${{ env.tfstate_kv }} terraform.tfstate > ./tf/terraform.tfstate
|
||||||
|
postCommands: |
|
||||||
|
echo "*** post commands ***"
|
||||||
|
chmod 777 ./tf/terraform.tfstate
|
||||||
|
echo "******"
|
||||||
|
apiToken: ${{ secrets.CF_API_TOKEN }}
|
||||||
|
env:
|
||||||
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
|
||||||
|
if: ${{ env.tfstate_kv != '' }}
|
||||||
|
|
||||||
- name: Configure
|
- name: Configure
|
||||||
run: terraform plan && terraform apply -auto-approve
|
run: terraform plan && terraform apply -auto-approve
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
|
@ -97,6 +122,27 @@ jobs:
|
||||||
TF_VAR_d1_id: ${{ env.d1_id }}
|
TF_VAR_d1_id: ${{ env.d1_id }}
|
||||||
TF_VAR_access_auth_domain: ${{ env.auth_domain }}
|
TF_VAR_access_auth_domain: ${{ env.auth_domain }}
|
||||||
|
|
||||||
|
- name: retrieve Terraform state KV namespace
|
||||||
|
uses: cloudflare/wrangler-action@2.0.0
|
||||||
|
with:
|
||||||
|
command: kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.OWNER_LOWER }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV
|
||||||
|
apiToken: ${{ secrets.CF_API_TOKEN }}
|
||||||
|
preCommands: |
|
||||||
|
echo "*** pre commands ***"
|
||||||
|
apt-get update && apt-get -y install jq
|
||||||
|
echo "******"
|
||||||
|
env:
|
||||||
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
|
||||||
|
if: ${{ env.tfstate_kv == '' }}
|
||||||
|
|
||||||
|
- name: store Terraform state
|
||||||
|
uses: cloudflare/wrangler-action@2.0.0
|
||||||
|
with:
|
||||||
|
command: kv:key put --namespace-id=${{ env.tfstate_kv }} terraform.tfstate --path=./tf/terraform.tfstate
|
||||||
|
apiToken: ${{ secrets.CF_API_TOKEN }}
|
||||||
|
env:
|
||||||
|
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
|
||||||
|
|
||||||
- name: Publish
|
- name: Publish
|
||||||
uses: cloudflare/wrangler-action@2.0.0
|
uses: cloudflare/wrangler-action@2.0.0
|
||||||
with:
|
with:
|
||||||
|
|
27
tf/main.tf
27
tf/main.tf
|
@ -1,17 +1,21 @@
|
||||||
variable "cloudflare_account_id" {
|
variable "cloudflare_account_id" {
|
||||||
type = string
|
type = string
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cloudflare_zone_id" {
|
variable "cloudflare_zone_id" {
|
||||||
type = string
|
type = string
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cloudflare_deploy_domain" {
|
variable "cloudflare_deploy_domain" {
|
||||||
type = string
|
type = string
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "cloudflare_api_token" {
|
variable "cloudflare_api_token" {
|
||||||
type = string
|
type = string
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "gh_username" {
|
variable "gh_username" {
|
||||||
|
@ -20,10 +24,12 @@ variable "gh_username" {
|
||||||
|
|
||||||
variable "d1_id" {
|
variable "d1_id" {
|
||||||
type = string
|
type = string
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "access_auth_domain" {
|
variable "access_auth_domain" {
|
||||||
type = string
|
type = string
|
||||||
|
sensitive = true
|
||||||
}
|
}
|
||||||
|
|
||||||
terraform {
|
terraform {
|
||||||
|
@ -49,6 +55,11 @@ resource "cloudflare_workers_kv_namespace" "wildebeest_cache" {
|
||||||
title = "wildebeest-${lower(var.gh_username)}-cache"
|
title = "wildebeest-${lower(var.gh_username)}-cache"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_workers_kv_namespace" "terraform_state" {
|
||||||
|
account_id = var.cloudflare_account_id
|
||||||
|
title = "wildebeest-terraform-${lower(var.gh_username)}-state"
|
||||||
|
}
|
||||||
|
|
||||||
resource "random_password" "user_key" {
|
resource "random_password" "user_key" {
|
||||||
length = 256
|
length = 256
|
||||||
special = false
|
special = false
|
||||||
|
@ -62,20 +73,20 @@ resource "cloudflare_pages_project" "wildebeest_pages_project" {
|
||||||
deployment_configs {
|
deployment_configs {
|
||||||
production {
|
production {
|
||||||
environment_variables = {
|
environment_variables = {
|
||||||
CF_ACCOUNT_ID = var.cloudflare_account_id
|
CF_ACCOUNT_ID = sensitive(var.cloudflare_account_id)
|
||||||
CF_API_TOKEN = var.cloudflare_api_token
|
CF_API_TOKEN = sensitive(var.cloudflare_api_token)
|
||||||
|
|
||||||
USER_KEY = random_password.user_key.result
|
USER_KEY = sensitive(random_password.user_key.result)
|
||||||
|
|
||||||
DOMAIN = trimspace(var.cloudflare_deploy_domain)
|
DOMAIN = sensitive(trimspace(var.cloudflare_deploy_domain))
|
||||||
ACCESS_AUD = cloudflare_access_application.wildebeest_access.aud
|
ACCESS_AUD = sensitive(cloudflare_access_application.wildebeest_access.aud)
|
||||||
ACCESS_AUTH_DOMAIN = var.access_auth_domain
|
ACCESS_AUTH_DOMAIN = sensitive(var.access_auth_domain)
|
||||||
}
|
}
|
||||||
kv_namespaces = {
|
kv_namespaces = {
|
||||||
KV_CACHE = cloudflare_workers_kv_namespace.wildebeest_cache.id
|
KV_CACHE = sensitive(cloudflare_workers_kv_namespace.wildebeest_cache.id)
|
||||||
}
|
}
|
||||||
d1_databases = {
|
d1_databases = {
|
||||||
DATABASE = var.d1_id
|
DATABASE = sensitive(var.d1_id)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Ładowanie…
Reference in New Issue