Merge pull request #27 from meshcloud/feature/github-connector

Feature/GitHub connector

Author: florianow

modules/aks/github-connector/backplane/output.tf

@@ -2,38 +2,13 @@ output "config_tf" {
   description = "Generates a config.tf that can be dropped into meshStack's BuildingBlockDefinition as an encrypted file input to configure this building block."
   sensitive   = true
   value       = <<-EOF
-  terraform {
-    backend "azurerm" {
-      use_azuread_auth      = true
-      tenant_id             = "${data.azurerm_subscription.current.tenant_id}"
-      subscription_id       = "${data.azurerm_subscription.current.subscription_id}"
-      resource_group_name   = "${var.tfstates_resource_group_name}"
-      storage_account_name  = "${var.tfstates_storage_account_name}"
-      container_name        = "${var.tfstates_storage_container_name}"
-      key                   = "bb-github-connector.tfstate"
-
-      client_id             = "${azuread_service_principal.bb_github_connector.client_id}"
-      client_secret         = "${azuread_service_principal_password.bb_github_connector.value}"
-    }
-  }
-
-  provider "kubernetes" {
+    provider "kubernetes" {
     host = "${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].host}"
     cluster_ca_certificate = base64decode("${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].cluster_ca_certificate}")
     client_certificate = base64decode("${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].client_certificate}")
     client_key = base64decode("${data.azurerm_kubernetes_cluster.aks.kube_admin_config[0].client_key}")
   }
 
-  provider "github" {
-    owner = "likvid-bank"
-
-    app_auth {
-      id = "654209"
-      installation_id = "44437049"
-      pem_file = file("./likvid-bank-devops-toolchain-team.private-key.pem")
-    }
-  }
-
   locals {
     aks_kubeconfig_stub = {
       apiVersion = "v1"

modules/aks/github-connector/buildingblock/README.md

@@ -49,8 +49,9 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [github_actions_secret.container_registry](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_secret) | resource |
-| [github_actions_secret.kubeconfig](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_secret) | resource |
+| [github_actions_environment_secret.container_registry](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_environment_secret) | resource |
+| [github_actions_environment_secret.kubeconfig](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/actions_environment_secret) | resource |
+| [github_repository_environment.env](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/repository_environment) | resource |
 | [github_repository_file.dockerfile](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/repository_file) | resource |
 | [github_repository_file.workflow](https://registry.terraform.io/providers/integrations/github/6.5.0/docs/resources/repository_file) | resource |
 | [kubernetes_role.github_actions](https://registry.terraform.io/providers/hashicorp/kubernetes/2.35.1/docs/resources/role) | resource |

modules/aks/github-connector/buildingblock/github.tf

@@ -23,27 +23,42 @@ locals {
   kubeconfig = merge(local.aks_kubeconfig_stub, local.kubeconfig_user)
 }
 
-resource "github_actions_secret" "kubeconfig" {
-  repository      = var.github_repo
+resource "github_repository_environment" "env" {
+  environment = var.namespace
+  repository  = var.github_repo
+}
+
+resource "github_actions_environment_secret" "kubeconfig" {
+  environment     = var.namespace
+  repository      = github_repository_environment.env.repository
   secret_name     = "KUBECONFIG"
   plaintext_value = yamlencode(local.kubeconfig)
+
+  depends_on = [
+    github_repository_environment.env
+  ]
 }
 
 
-resource "github_actions_secret" "container_registry" {
+resource "github_actions_environment_secret" "container_registry" {
   for_each = {
     host     = local.acr.host
     username = local.acr.username
     password = local.acr.password
   }
 
-  repository      = var.github_repo
+  environment     = var.namespace
+  repository      = github_repository_environment.env.repository
   secret_name     = "aks_container_registry_${each.key}"
   plaintext_value = each.value
+
+  depends_on = [
+    github_repository_environment.env
+  ]
 }
 
 resource "github_repository_file" "dockerfile" {
-  repository = var.github_repo
+  repository = github_repository_environment.env.repository
 
   file    = "Dockerfile"
   content = file("${path.module}/repo_content/Dockerfile")
@@ -57,9 +72,9 @@ resource "github_repository_file" "dockerfile" {
 }
 
 resource "github_repository_file" "workflow" {
-  repository = var.github_repo
+  repository = github_repository_environment.env.repository
 
-  file = ".github/workflows/build-deploy.yml"
+  file = ".github/workflows/${var.namespace}-deploy.yml"
   content = templatefile(
     "${path.module}/repo_content/workflow.yml",
     {

modules/aks/github-connector/buildingblock/provider.tf

@@ -1,4 +1,4 @@
-name: build and deploy
+name: ${namespace}
 
 on:
   push:
@@ -8,6 +8,7 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment: ${namespace}
     steps:
       - uses: actions/checkout@v4