Skip to content

Commit

Permalink
Merge pull request #113 from kartverket/add_tailscale_to_tf
Browse files Browse the repository at this point in the history 
Use tailscale if cyrilgdn/postgresql provider is present
  • Loading branch information
@martinhny
martinhny authored Nov 8, 2024
2 parents e8f1b0c + ca82ca0 commit 26bfa1b
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 0 deletions.
41 changes: 41 additions & 0 deletions .github/workflows/run-terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ env:
ARM_CLIENT_ID: ${{ secrets.arm_client_id }}
ARM_CLIENT_SECRET: ${{ secrets.arm_client_secret }}
ARM_TENANT_ID: ${{ secrets.arm_tenant_id }}
NEED_TAILSCALE: false

jobs:
setup-env:
Expand Down Expand Up @@ -246,6 +247,26 @@ jobs:
FAILURE! The above files are not properly formatted.
Run `terraform fmt` in $WORKING_DIRECTORY, commit the changed files and push to fix the issue' | tee -a $GITHUB_STEP_SUMMARY ; exit 1; }
- name: Check for PostgreSQL Provider
id: check_postgresql
run: |
PROVIDER_CHECK=$(terraform providers | grep cyrilgdn/postgresql) || true
if [ -n "$PROVIDER_CHECK" ]; then
echo "PostgreSQL provider found."
echo "NEED_TAILSCALE=true" >> $GITHUB_ENV
else
echo "PostgreSQL provider not found."
echo "NEED_TAILSCALE=false" >> $GITHUB_ENV
fi
- name: Tailscale
if: env.NEED_TAILSCALE == 'true'
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{ secrets.TS_CLOUDSQL_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_CLOUDSQL_OAUTH_SECRET }}
tags: tag:cloudsql-user

- name: Terraform Plan
id: plan
run: |
Expand Down Expand Up @@ -486,6 +507,26 @@ jobs:
${TF_INIT_OPTION_2:+"$TF_INIT_OPTION_2"} \
${TF_INIT_OPTION_3:+"$TF_INIT_OPTION_3"}
- name: Check for PostgreSQL Provider
id: check_postgresql
run: |
PROVIDER_CHECK=$(terraform providers | grep cyrilgdn/postgresql) || true
if [ -n "$PROVIDER_CHECK" ]; then
echo "PostgreSQL provider found."
echo "NEED_TAILSCALE=true" >> $GITHUB_ENV
else
echo "PostgreSQL provider not found."
echo "NEED_TAILSCALE=false" >> $GITHUB_ENV
fi
- name: Tailscale
if: env.NEED_TAILSCALE == 'true'
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{ secrets.TS_CLOUDSQL_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_CLOUDSQL_OAUTH_SECRET }}
tags: tag:cloudsql-user

# Run terraform destroy on push to main if 'destroy' is set to true
- name: Terraform Destroy
if: env.DESTROY == 'true'
Expand Down
8 changes: 8 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,7 @@ This workflow plans and applies Terraform config to deploy to an environment.
- Prevents deploys running in parallel against the same environment crashing due to failing to acquire state lock
- Allows for the choice of deploying and/or destroying terraform config
- Will only deploy on push or workflow_dispatch event to main by default. Can be configured to deploy on a different branch using the `deploy_on` input.
- Logs into tailscale if using the postgresql provider

### Example

Expand All @@ -183,6 +184,7 @@ jobs:
# For accessing repository
packages: write
uses: kartverket/github-workflows/.github/workflows/run-terraform.yml@<release tag>
secrets: inherit # Optional, but required if you need to use tailscale
with:
runner: ubuntu-latest
environment: dev
Expand Down Expand Up @@ -227,6 +229,12 @@ jobs:
| destroy | boolean | | An optional boolean that determines whether terraform will be destroyed. Defaults to 'false'. |
| unlock | string | | An optional string which runs terraform force-unlock on the provided `LOCK_ID`, if set. |

### Tailscale

If the `cyrilgdn/postgresql` provider is present, the `secrets: inherit` input is required to use the tailscale provider.
The provider will set the environment variable `NEED_TAILSCALE` to true, which will trigger the tailscale login.
As long as your repository is internal, the tailscale secrets should be present on your repository.

<br />

## run-security-scans
Expand Down

0 comments on commit 26bfa1b

Please sign in to comment.