-
Notifications
You must be signed in to change notification settings - Fork 14
/
action.yaml
775 lines (749 loc) · 35.1 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
name: 'Deploy Docker to AWS (EC2)'
description: 'Deploy a Docker app to an AWS Virtual Machine (EC2) with Docker Compose'
branding:
icon: upload-cloud
color: red
inputs:
# AWS Specific
aws_access_key_id:
description: 'AWS access key ID'
required: false
aws_secret_access_key:
description: 'AWS secret access key'
required: false
aws_session_token:
description: 'AWS session token'
required: false
aws_default_region:
description: 'AWS default region'
default: us-east-1
required: false
aws_resource_identifier:
description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.'
required: false
aws_additional_tags: # additional_tags
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# GitHub Commons main inputs
checkout:
description: 'Specifies if this action should checkout the code'
required: false
default: 'true'
bitops_code_only:
description: 'Will run only the generation phase of BitOps, where the Terraform and Ansible code is built.'
required: false
bitops_code_store:
description: 'Store BitOps code as a GitHub artifact'
required: false
tf_stack_destroy: # stack_destroy
description: 'Set to "true" to Destroy the stack through Terraform.'
required: false
tf_state_file_name:
description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
required: false
tf_state_file_name_append:
description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
required: false
tf_state_bucket:
description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`'
required: false
tf_state_bucket_destroy:
description: 'Force purge and deletion of S3 bucket defined. Only evaluated when `tf_stack_destroy` is also true, so it is safe to leave this enabled when standing up your stack.'
required: false
tf_targets: # targets
description: 'A list of targets to create before the full stack creation.'
required: false
ansible_skip:
description: 'Skip Ansible execution after Terraform excecution.'
required: false
ansible_ssh_to_private_ip:
description: 'Make Ansible connect to the private IP of the instance. Only usefull if using a hosted runner in the same network.'
required: false
ansible_start_docker_timeout:
description: 'Ammount of time in seconds it takes Ansible to mark as failed the startup of docker. Defaults to `300`'
required: false
# ENV files
env_aws_secret: # aws_secret_env
description: 'Secret name to pull env variables from AWS Secret Manager, could be a comma separated list, read in order. Expected JSON content.'
required: false
env_repo: # repo_env
description: 'File containing environment variables to be used with the app'
required: false
env_ghs: # ghv_env
description: 'GitHub Secret Name containing `.env` file style to be used with the app.'
required: false
env_ghv: # dot_env
description: 'GitHub Variable Name containing `.env` file style to be used with the app.'
required: false
# EC2 Instance
aws_ec2_instance_create:
description: 'Define if an EC2 instance should be created'
required: false
default: true
aws_ec2_ami_filter:
description: 'AWS AMI Filter string. Will be used to lookup for lates image based on the string. Defaults to `ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*`.'
required: false
aws_ec2_ami_owner:
description: 'Owner of AWS AMI image. This ensures the provider is the one we are looking for. Defaults to `099720109477`, Canonical (Ubuntu).'
required: false
aws_ec2_ami_id: # aws_ami_id
description: 'AWS AMI ID. Will default to lookup for latest image of the `aws_ec2_ami_filter` string. This will override `aws_ec2_ami_filter` lookup.'
required: false
aws_ec2_ami_update:
description: 'Set this to true if you want to recreate the EC2 instance if there is a newer version of the AMI.'
required: false
aws_ec2_iam_instance_profile: # ec2_instance_profile
description: 'The AWS IAM instance profile to use for the EC2 instance'
required: false
aws_ec2_instance_type: # ec2_instance_type
description: 'The AWS Instance type'
required: false
aws_ec2_instance_root_vol_size: # ec2_volume_size
description: 'Define the volume size (in GiB) for the root volume on the AWS Instance.'
required: false
aws_ec2_instance_root_vol_preserve:
description: 'Set this to true to avoid deletion of root volume on termination. Defaults to false.'
required: false
aws_ec2_security_group_name:
description: 'The name of the EC2 security group'
required: false
aws_ec2_create_keypair_sm: # create_keypair_sm_entry
required: false
description: 'Generates and manages a secret manager entry that contains the public and private keys created for the ec2 instance.'
aws_ec2_instance_public_ip:
description: 'Add a public IP to the instance or not. (Not an Elastic IP)'
required: false
default: true
aws_ec2_port_list:
description: 'List of ports to be enabled as an ingress rule in the EC2 SG, in a [xx,yy] format - Not the ELB'
required: false
aws_ec2_user_data_file:
description: 'Relative path in the repo for a user provided script to be executed with Terraform EC2 Instance creation.'
required: false
aws_ec2_user_data_replace_on_change:
description: 'If user_data file changes, instance will stop and start. Hence public IP will change. Defaults to true.'
required: false
aws_ec2_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# AWS VPC Inputs
aws_vpc_create:
description: 'Define if a VPC should be created'
required: false
aws_vpc_name:
description: 'Set a specific name for the VPC'
required: false
aws_vpc_cidr_block:
description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
required: false
aws_vpc_public_subnets:
description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
required: false
aws_vpc_private_subnets:
description: 'Comma separated list of private subnets. If none, none will be created.'
required: false
aws_vpc_availability_zones:
description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
required: false
aws_vpc_id:
description: 'AWS VPC ID. Accepts `vpc-###` values.'
required: false
aws_vpc_subnet_id:
description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
required: false
aws_vpc_enable_nat_gateway:
description: 'Enables NAT gateway'
required: false
aws_vpc_single_nat_gateway:
description: 'Creates only one NAT gateway'
required: false
aws_vpc_external_nat_ip_ids:
description: 'Comma separated list of IP IDS to reuse in the NAT gateways'
required: false
aws_vpc_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# AWS Route53 Domains abd Certificates
aws_r53_enable:
description: 'Enables the usage of Route53 to manage DNS records.'
required: false
aws_r53_domain_name: # domain_name
description: 'Define the root domain name for the application. e.g. app.com'
required: false
aws_r53_sub_domain_name: # sub_domain
description: 'Define the sub-domain part of the URL. Defaults to `${org}-${repo}-{branch}`'
aws_r53_root_domain_deploy: # root_domain
description: 'Deploy to root domain. Will generate two DNS recrods, one for root, another for www'
required: false
aws_r53_enable_cert: # no_cert
description: 'Makes the application use a certificate by enabling a certificate lookup.'
required: false
default: true # Legacy enable
aws_r53_cert_arn: # cert_arn
description: 'Define the certificate ARN to use for the application'
required: false
aws_r53_create_root_cert: # create_root_cert
description: 'Generates and manage the root cert for the application'
required: false
aws_r53_create_sub_cert: # create_sub_cert
description: 'Generates and manage the sub-domain certificate for the application'
required: false
aws_r53_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# AWS ELB
aws_elb_create:
description: 'Create a load balancer and map ports to the EC2 instance.'
required: false
default: true
aws_elb_security_group_name:
description: 'The name of the ELB security group'
required: false
aws_elb_app_port: # app_port
description: 'Port to expose for the app'
required: false
default: 3000
aws_elb_app_protocol:
description: 'Protocol to enable. Could be HTTP, HTTPS, TCP or SSL. Defaults to TCP.'
required: false
aws_elb_listen_port: # lb_port
description: 'Load balancer listening port. Defaults to 80 if NO FQDN provided, 443 if FQDN provided'
required: false
aws_elb_listen_protocol:
description: 'Protocol to enable. Could be HTTP, HTTPS, TCP or SSL. Defaults to TCP if NO FQDN provided, SSL if FQDN provided'
required: false
aws_elb_healthcheck: # lb_healthcheck
description: 'Load balancer health check string. Defaults to TCP:22'
required: false
aws_elb_access_log_bucket_name:
description: 'S3 bucket name to store the ELB access logs.'
required: false
aws_elb_access_log_expire:
description: 'Delete the access logs after this amount of days. Defaults to 90.'
required: false
aws_elb_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# Docker
docker_install:
description: 'Define if docker should be installed. After this, docker-compose up will be excecuted.'
required: false
default: true
docker_remove_orphans:
description: 'Toggle --remove-orphans flag. Defaults to false.'
required: false
docker_full_cleanup:
description: 'Set to true to run docker-compose down and docker system prune --all --force --volumes after.'
required: false
docker_repo_app_directory: # app_directory
description: 'Relative path for the directory of the app (i.e. where `Dockerfile` and `docker-compose.yaml` files are located). This is the directory that is copied to the compute instance (EC2). Default is the root of the repo. Add a .gha-ignore file with a list of files to be exluded. '
required: false
docker_repo_app_directory_cleanup: # app_directory_cleanup
description: 'Will generate a timestamped compressed file and delete the app repo directory.'
required: false
docker_efs_mount_target: # data_mount_target
description: 'Directory path within docker env to mount directory to, default is `/data`'
required: false
docker_cloudwatch_enable:
description: 'Toggle cloudwatch creation for Docker containers.'
required: false
docker_cloudwatch_lg_name:
description: 'Log group name. Will default to aws_identifier if none.'
required: false
docker_cloudwatch_skip_destroy:
description: 'Toggle deletion or not when destroying the stack.'
required: false
docker_cloudwatch_retention_days:
description: 'Number of days to retain logs. 0 to never expire.'
required: false
# AWS EFS
aws_efs_create:
description: 'Toggle to indicate whether to create and EFS and mount it to the ec2 as a part of the provisioning. Note: The EFS will be managed by the stack and will be destroyed along with the stack.'
required: false
aws_efs_fs_id:
description: 'ID of existing EFS'
required: false
aws_efs_create_mount_target:
description: 'Toggle to indicate whether we should create a mount target for the EFS volume. Accepts incoming fs_id with no mount targets too.'
required: false
aws_efs_create_ha:
description: 'Toggle to indicate whether the EFS resource should be highly available (mount points in all available zones within region).'
required: false
aws_efs_vol_encrypted:
description: 'Toggle encryption of the EFS volume.'
required: false
aws_efs_kms_key_id:
description: 'The ARN for the KMS encryption key. Default key will be used if none defined.'
required: false
aws_efs_performance_mode:
description: 'Toggle perfomance mode. Options are: generalPurpose or maxIO.'
required: false
aws_efs_throughput_mode:
description: 'Throughput mode for the file system. Defaults to bursting. Valid values: bursting, provisioned, or elastic. When using provisioned, also set provisioned_throughput_in_mibps.'
required: false
aws_efs_throughput_speed:
description: 'The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with throughput_mode set to provisioned.'
required: false
aws_efs_security_group_name:
description: 'The name of the EFS security group. Defaults to SG for aws_resource_identifier - EFS.'
required: false
aws_efs_allowed_security_groups:
description: 'Comma separated list of security groups to be added to the EFS SG.'
required: false
aws_efs_ingress_allow_all:
description: 'Allow incoming traffic from 0.0.0.0/0.'
required: false
aws_efs_create_replica:
description: 'Toggle to indiciate whether a read-only replica should be created for the EFS primary file system'
required: false
aws_efs_replication_destination:
description: 'AWS Region to target for replication'
required: false
aws_efs_enable_backup_policy:
description: 'Toggle to indiciate whether the EFS should have a backup policy, default is `false`'
required: false
aws_efs_transition_to_inactive:
description: 'https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system#transition_to_ia'
required: false
aws_efs_mount_target:
description: 'Directory path in efs to mount to'
required: false
aws_efs_ec2_mount_point:
description: 'Directory path in application env to mount directory'
required: false
aws_efs_additional_tags:
description: 'A list of strings that will be added to created resources'
required: false
# AWS RDS
aws_rds_db_enable: # aws_enable_postgres
description: 'Set to true to enable an RDS DB.'
required: false
aws_rds_db_proxy:
description: 'Set to true to add a RDS DB Proxy'
required: false
aws_rds_db_identifier:
description: 'Database identifier that will appear in the AWS Console. Defaults to aws_resource_identifier if none set.'
required: false
aws_rds_db_name: # aws_postgres_database_name
description: 'The name of the database to create when the DB instance is created.'
required: false
aws_rds_db_user:
description: 'Username for the db. Defaults to dbuser.'
required: false
aws_rds_db_engine: # aws_postgres_engine
description: 'Which Database engine to use. Default is postgres'
required: false
aws_rds_db_engine_version: # aws_postgres_engine_version
description: 'Which Database engine version to use.'
required: false
aws_rds_db_ca_cert_identifier:
description: 'Certificate to use with the database. Defaults to rds-ca-ecc384-g1'
required: false
aws_rds_db_security_group_name:
description: 'The name of the database security group. Defaults to SG for aws_resource_identifier - RDS.'
required: false
aws_rds_db_allowed_security_groups:
description: 'Comma separated list of security groups to add to the DB SG'
required: false
aws_rds_db_ingress_allow_all:
description: 'Allow incoming traffic from 0.0.0.0/0.'
required: false
aws_rds_db_publicly_accessible:
description: 'Allow the database to be publicly accessible.'
required: false
aws_rds_db_port: # aws_postgres_database_port
description: ' Port where the DB listens to.'
required: false
aws_rds_db_subnets: # aws_postgres_subnets
description: 'Specify which subnets to use as a list of strings. '
required: false
aws_rds_db_allocated_storage:
description: 'Storage size. Defaults to 10.'
required: false
aws_rds_db_max_allocated_storage:
description: 'Max storage size. Defaults to 0 to disable auto-scaling.'
required: false
aws_rds_db_instance_class: # aws_postgres_instance_class
description: 'DB instance server type. Defaults to db.t3.micro.'
required: false
aws_rds_db_storage_encrypted:
description: 'Toogle storage encryption. Defatuls to false.'
required: false
aws_rds_db_storage_type:
description: 'Storage type. Like gp2 / gp3. Defaults to gp2.'
required: false
aws_rds_db_kms_key_id:
description: 'The ARN for the KMS encryption key.'
required: false
aws_rds_db_final_snapshot: # aws_postgres_database_final_snapshot
description: 'Generates a snapshot of the database before deletion.'
required: false
aws_rds_db_restore_snapshot_identifier:
description: 'Name of the snapshot to restore the database from.'
required: false
aws_rds_db_cloudwatch_logs_exports:
description: 'Set of log types to enable for exporting to CloudWatch logs.'
required: false
aws_rds_db_multi_az:
description: 'Specifies if the RDS instance is multi-AZ'
required: false
aws_rds_db_maintenance_window:
description: 'The window to perform maintenance in. Eg: Mon:00:00-Mon:03:00 '
required: false
aws_rds_db_apply_immediately:
description: 'Specifies whether any database modifications are applied immediately, or during the next maintenance window'
required: false
aws_rds_db_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# RDS Proxy
aws_db_proxy_name:
description: 'DB Proxy name'
required: false
aws_db_proxy_client_password_auth_type:
description: 'Auth type to use, will use the following, depending on DB the family. MYSQL_NATIVE_PASSWORD, POSTGRES_SCRAM_SHA_256, and SQL_SERVER_AUTHENTICATION'
required: false
aws_db_proxy_tls:
description: 'Toogle TLS enforcement for connection'
required: false
aws_db_proxy_security_group_name:
description: 'Name for the proxy security group. Default to aws_resource_identifier if none.'
required: false
aws_db_proxy_database_security_group_allow:
description: 'Will add an incoming rule from every security group associated with the DB'
required: false
aws_db_proxy_allowed_security_group:
description: 'Comma separated list of SG Ids to add.'
required: false
aws_db_proxy_allow_all_incoming:
description: 'Allow all incoming traffic to the DB Proxy. Mind that the proxy is only available from the internal network except manually exposed.'
required: false
aws_db_proxy_cloudwatch_enable:
description: 'Toggle Cloudwatch logs. Will be stored in /aws/rds/proxy/rds_proxy.name'
required: false
aws_db_proxy_cloudwatch_retention_days:
description: 'Number of days to retain logs'
required: false
aws_db_proxy_additional_tags:
description: 'A list of strings that will be added to created resources'
required: false
# GitHub Deployment repo inputs
gh_deployment_input_terraform:
description: 'Folder to store Terraform files to be included during Terraform execution.'
required: false
gh_deployment_input_ansible:
description: 'Folder where a whole Ansible structure is expected. If missing bitops.config.yaml a default will be generated.'
required: false
gh_deployment_input_ansible_playbook:
description: 'Main playbook to be looked for.'
required: false
default: playbook.yml
gh_deployment_input_ansible_extra_vars_file:
description: "Relative path to file from project root to Ansible vars file to be applied. "
required: false
gh_deployment_action_input_ansible_extra_vars_file:
description: "Relative path to file from project root to Ansible vars file to be applied into the Action Ansible execution. "
required: false
#### Legacy inputs
aws_ami_id:
required: false
## ENV
repo_env:
required: false
dot_env:
required: false
ghv_env:
required: false
aws_secret_env:
required: false
## Application
app_directory:
required: false
app_directory_cleanup:
required: false
app_port:
required: false
lb_port:
required: false
lb_healthcheck:
required: false
## EC2
ec2_instance_profile:
required: false
ec2_instance_type:
required: false
ec2_volume_size:
required: false
## EFS
aws_create_efs:
required: false
aws_create_ha_efs:
required: false
aws_create_efs_replica:
required: false
aws_enable_efs_backup_policy:
required: false
# aws_efs_zone_mapping - GONE
aws_replication_configuration_destination:
required: false
aws_mount_efs_id:
required: false
aws_mount_efs_security_group_id:
required: false
## Stack Management
stack_destroy:
required: false
## Domains
domain_name:
required: false
sub_domain:
required: false
root_domain:
required: false
cert_arn:
required: false
create_root_cert:
required: false
create_sub_cert:
required: false
no_cert:
required: false
## Terraform
targets:
required: false
additional_tags:
required: false
## Secret Manager
create_keypair_sm_entry:
required: false
## RDS
aws_enable_postgres:
required: false
aws_postgres_engine:
required: false
aws_postgres_engine_version:
required: false
aws_postgres_instance_class:
required: false
aws_postgres_subnets:
required: false
aws_postgres_database_name:
required: false
aws_postgres_database_port:
required: false
#aws_postgres_database_group_family - GONE
# aws_postgres_database_protection - GONE
aws_postgres_database_final_snapshot:
required: false
## Ansible
application_mount_target:
required: false
data_mount_target:
required: false
efs_mount_target:
required: false
####
outputs:
# VPC
aws_vpc_id:
description: "The selected VPC ID used."
value: ${{ steps.deploy.outputs.aws_vpc_id }}
# EC2
vm_url:
description: "The URL of the generated app"
value: ${{ steps.deploy.outputs.vm_url }}
instance_endpoint:
description: "The URL of the generated ec2 instance"
value: ${{ steps.deploy.outputs.instance_endpoint }}
ec2_sg_id:
description: "SG ID for the EC2 instance"
value: ${{ steps.deploy.outputs.ec2_sg_id }}
# EFS
aws_efs_fs_id:
description: "EFS FS ID"
value: ${{ steps.deploy.outputs.aws_efs_fs_id }}
aws_efs_replica_fs_id:
description: "EFS FS Replica ID"
value: ${{ steps.deploy.outputs.aws_efs_replica_fs_id }}
aws_efs_sg_id:
description: "EFS FS SG ID"
value: ${{ steps.deploy.outputs.aws_efs_sg_id }}
# RDS
db_endpoint:
description: "RDS Endpoint"
value: ${{ steps.deploy.outputs.db_endpoint }}
db_secret_details_name:
description: "AWS Secret name containing db credentials"
value: ${{ steps.deploy.outputs.db_secret_details_name }}
db_sg_id:
description: "SG ID for the RDS instance"
value: ${{ steps.deploy.outputs.db_sg_id }}
db_proxy_rds_endpoint:
description: "Database proxy endpoint"
value: ${{ steps.deploy.outputs.db_proxy_rds_endpoint }}
db_proxy_secret_name_rds:
description: "AWS Secret name containing proxy credentials"
value: ${{ steps.deploy.outputs.db_proxy_secret_name_rds }}
db_proxy_sg_id_rds:
description: "SG ID for the RDS Proxy instance"
value: ${{ steps.deploy.outputs.db_proxy_sg_id_rds }}
runs:
using: 'composite'
steps:
- name: Checkout if required
if: ${{ inputs.checkout == 'true' }}
uses: actions/checkout@v4
- name: Deploy with BitOps
id: deploy
uses: bitovi/github-actions-commons@v0.0.13
with:
# AWS Specific
aws_access_key_id: ${{ inputs.aws_access_key_id }}
aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
aws_session_token: ${{ inputs.aws_session_token }}
aws_default_region: ${{ inputs.aws_default_region }}
aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
aws_additional_tags: ${{ inputs.aws_additional_tags || inputs.additional_tags}}
# Action main inputs
gh_action_repo: ${{ github.action_path }}
checkout: ${{ inputs.checkout }}
bitops_code_only: ${{ inputs.bitops_code_only }}
tf_stack_destroy: ${{ inputs.tf_stack_destroy || inputs.stack_destroy }}
tf_state_file_name: ${{ inputs.tf_state_file_name }}
tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
tf_state_bucket: ${{ inputs.tf_state_bucket }}
tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
tf_targets: ${{ inputs.tf_targets || inputs.targets }}
ansible_skip: ${{ inputs.ansible_skip }}
ansible_ssh_to_private_ip: ${{ inputs.ansible_ssh_to_private_ip }}
ansible_start_docker_timeout: ${{ inputs.ansible_start_docker_timeout }}
# ENV Files
env_aws_secret: ${{ inputs.env_aws_secret || inputs.aws_secret_env }}
env_repo: ${{ inputs.env_repo || inputs.repo_env }}
env_ghs: ${{ inputs.env_ghs || inputs.dot_env }}
env_ghv: ${{ inputs.env_ghv || inputs.ghv_env }}
# EC2 Instance
aws_ec2_instance_create: ${{ inputs.aws_ec2_instance_create }}
aws_ec2_ami_filter: ${{ inputs.aws_ec2_ami_filter }}
aws_ec2_ami_owner: ${{ inputs.aws_ec2_ami_owner }}
aws_ec2_ami_id: ${{ inputs.aws_ec2_ami_id || inputs.aws_ami_id }}
aws_ec2_ami_update: ${{ inputs. aws_ec2_ami_update }}
aws_ec2_iam_instance_profile: ${{ inputs.aws_ec2_iam_instance_profile || inputs.ec2_instance_profile }}
aws_ec2_instance_type : ${{ inputs.aws_ec2_instance_type || inputs.ec2_instance_type }}
aws_ec2_instance_root_vol_size: ${{ inputs.aws_ec2_instance_root_vol_size || inputs.ec2_volume_size }}
aws_ec2_instance_root_vol_preserve: ${{ inputs.aws_ec2_instance_root_vol_preserve }}
aws_ec2_security_group_name: ${{ inputs.aws_ec2_security_group_name }}
aws_ec2_create_keypair_sm: ${{ inputs.aws_ec2_create_keypair_sm || inputs.create_keypair_sm_entry }}
aws_ec2_instance_public_ip: ${{ inputs.aws_ec2_instance_public_ip }}
aws_ec2_port_list: ${{ inputs.aws_ec2_port_list }}
aws_ec2_user_data_file: ${{ inputs.aws_ec2_user_data_file }}
aws_ec2_user_data_replace_on_change: ${{ inputs.aws_ec2_user_data_replace_on_change }}
aws_ec2_additional_tags: ${{ inputs.aws_ec2_additional_tags }}
## AWS VPC
aws_vpc_create: ${{ inputs.aws_vpc_create }}
aws_vpc_name: ${{ inputs.aws_vpc_name }}
aws_vpc_cidr_block: ${{ inputs.aws_vpc_cidr_block }}
aws_vpc_public_subnets: ${{ inputs.aws_vpc_public_subnets }}
aws_vpc_private_subnets: ${{ inputs.aws_vpc_private_subnets }}
aws_vpc_availability_zones: ${{ inputs.aws_vpc_availability_zones }}
aws_vpc_id: ${{ inputs.aws_vpc_id }}
aws_vpc_subnet_id: ${{ inputs.aws_vpc_subnet_id }}
aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }}
aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }}
aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }}
aws_vpc_additional_tags: ${{ inputs.aws_vpc_additional_tags }}
# AWS Route53 Domains abd Certificates
aws_r53_enable: ${{ inputs.aws_r53_enable }}
aws_r53_domain_name: ${{ inputs.aws_r53_domain_name || inputs.domain_name }}
aws_r53_sub_domain_name: ${{ inputs.aws_r53_sub_domain_name || inputs.sub_domain }}
aws_r53_root_domain_deploy: ${{ inputs.aws_r53_root_domain_deploy || inputs.root_domain }}
aws_r53_enable_cert: ${{ inputs.aws_r53_enable_cert }}
aws_r53_cert_arn: ${{ inputs.aws_r53_cert_arn || inputs.cert_arn }}
aws_r53_create_root_cert: ${{ inputs.aws_r53_create_root_cert || inputs.create_root_cert }}
aws_r53_create_sub_cert: ${{ inputs.aws_r53_create_sub_cert || inputs.create_sub_cert }}
aws_r53_additional_tags: ${{ inputs.aws_r53_additional_tags }}
# AWS ELB
aws_elb_create: ${{ inputs.aws_elb_create }}
aws_elb_security_group_name: ${{ inputs.aws_elb_security_group_name }}
aws_elb_app_port: ${{ inputs.aws_elb_app_port || inputs.app_port }}
aws_elb_app_protocol: ${{ inputs.aws_elb_app_protocol }}
aws_elb_listen_port: ${{ inputs.aws_elb_listen_port || inputs.lb_port }}
aws_elb_listen_protocol: ${{ inputs.aws_elb_listen_protocol }}
aws_elb_healthcheck: ${{ inputs.aws_elb_healthcheck || inputs.lb_healthcheck }}
aws_elb_access_log_bucket_name: ${{ inputs.aws_elb_access_log_bucket_name }}
aws_elb_access_log_expire: ${{ inputs.aws_elb_access_log_expire }}
aws_elb_additional_tags: ${{ inputs.aws_elb_additional_tags }}
# Docker
docker_install: ${{ inputs.docker_install }}
docker_remove_orphans: ${{ inputs.docker_remove_orphans }}
docker_full_cleanup: ${{ inputs.docker_full_cleanup }}
docker_repo_app_directory: ${{ inputs.docker_repo_app_directory || inputs.app_directory }}
docker_repo_app_directory_cleanup: ${{ inputs.docker_repo_app_directory_cleanup || inputs.app_directory_cleanup }}
docker_efs_mount_target: ${{ inputs.docker_efs_mount_target || inputs.data_mount_target }}
docker_cloudwatch_enable: ${{ inputs.docker_cloudwatch_enable }}
docker_cloudwatch_lg_name: ${{ inputs.docker_cloudwatch_lg_name }}
docker_cloudwatch_skip_destroy: ${{ inputs.docker_cloudwatch_skip_destroy }}
docker_cloudwatch_retention_days: ${{ inputs.docker_cloudwatch_retention_days }}
# AWS EFS
aws_efs_create: ${{ inputs.aws_efs_create || inputs.aws_create_efs }}
aws_efs_fs_id: ${{ inputs.aws_efs_fs_id || inputs.aws_mount_efs_id }}
aws_efs_create_mount_target: ${{ inputs.aws_efs_create_mount_target }}
aws_efs_create_ha: ${{ inputs.aws_efs_create_ha || inputs.aws_create_ha_efs }}
aws_efs_vol_encrypted: ${{ inputs.aws_efs_vol_encrypted }}
aws_efs_kms_key_id: ${{ inputs.aws_efs_kms_key_id }}
aws_efs_performance_mode: ${{ inputs.aws_efs_performance_mode }}
aws_efs_throughput_mode: ${{ inputs.aws_efs_throughput_mode }}
aws_efs_throughput_speed: ${{ inputs.aws_efs_throughput_speed }}
aws_efs_security_group_name: ${{ inputs.aws_efs_security_group_name }}
aws_efs_allowed_security_groups: ${{ inputs.aws_efs_allowed_security_groups }}
aws_efs_ingress_allow_all: ${{ inputs.aws_efs_ingress_allow_all }}
aws_efs_create_replica: ${{ inputs.aws_efs_create_replica || inputs.aws_create_efs_replica }}
aws_efs_replication_destination: ${{ inputs.aws_efs_replication_destination || inputs.aws_replication_configuration_destination }}
aws_efs_enable_backup_policy: ${{ inputs.aws_efs_enable_backup_policy || inputs.aws_enable_efs_backup_policy }}
aws_efs_transition_to_inactive: ${{ inputs.aws_efs_transition_to_inactive }}
aws_efs_additional_tags: ${{ inputs.aws_efs_additional_tags }}
# AWS RDS
aws_rds_db_enable: ${{ inputs.aws_rds_db_enable || inputs.aws_enable_postgres }}
aws_rds_db_proxy: ${{ inputs.aws_rds_db_proxy }}
aws_rds_db_identifier: ${{ inputs.aws_rds_db_identifier }}
aws_rds_db_name: ${{ inputs.aws_rds_db_name || inputs.aws_postgres_database_name }}
aws_rds_db_user: ${{ inputs.aws_rds_db_user }}
aws_rds_db_engine: ${{ inputs.aws_rds_db_engine || inputs.aws_postgres_engine }}
aws_rds_db_engine_version: ${{ inputs.aws_rds_db_engine_version || inputs.aws_postgres_engine_version }}
aws_rds_db_ca_cert_identifier: ${{ inputs.aws_rds_db_ca_cert_identifier }}
aws_rds_db_security_group_name: ${{ inputs.aws_rds_db_security_group_name }}
aws_rds_db_allowed_security_groups: ${{ inputs.aws_rds_db_allowed_security_groups }}
aws_rds_db_ingress_allow_all: ${{ inputs.aws_rds_db_ingress_allow_all }}
aws_rds_db_publicly_accessible: ${{ inputs.aws_rds_db_publicly_accessible }}
aws_rds_db_port: ${{ inputs.aws_rds_db_port || inputs.aws_postgres_database_port }}
aws_rds_db_subnets: ${{ inputs.aws_rds_db_subnets || inputs.aws_postgres_subnets }}
aws_rds_db_allocated_storage: ${{ inputs.aws_rds_db_allocated_storage }}
aws_rds_db_max_allocated_storage: ${{ inputs.aws_rds_db_max_allocated_storage }}
aws_rds_db_storage_encrypted: ${{ inputs.aws_rds_db_storage_encrypted }}
aws_rds_db_storage_type: ${{ inputs.aws_rds_db_storage_type }}
aws_rds_db_kms_key_id: ${{ inputs.aws_rds_db_kms_key_id }}
aws_rds_db_instance_class: ${{ inputs.aws_rds_db_instance_class || inputs.aws_postgres_instance_class }}
aws_rds_db_final_snapshot: ${{ inputs.aws_rds_db_final_snapshot || inputs.aws_postgres_database_final_snapshot }}
aws_rds_db_restore_snapshot_identifier: ${{ inputs.aws_rds_db_restore_snapshot_identifier }}
aws_rds_db_cloudwatch_logs_exports: ${{ inputs.aws_rds_db_cloudwatch_logs_exports }}
aws_rds_db_multi_az: ${{ inputs.aws_rds_db_multi_az }}
aws_rds_db_maintenance_window: ${{ inputs.aws_rds_db_maintenance_window }}
aws_rds_db_apply_immediately: ${{ inputs.aws_rds_db_apply_immediately }}
aws_rds_db_additional_tags: ${{ inputs.aws_rds_db_additional_tags }}
# DB Proxy
aws_db_proxy_name : ${{ inputs.aws_db_proxy_name }}
aws_db_proxy_client_password_auth_type : ${{ inputs.aws_db_proxy_client_password_auth_type }}
aws_db_proxy_tls : ${{ inputs.aws_db_proxy_tls }}
aws_db_proxy_security_group_name : ${{ inputs.aws_db_proxy_security_group_name }}
aws_db_proxy_database_security_group_allow : ${{ inputs.aws_db_proxy_database_security_group_allow }}
aws_db_proxy_allowed_security_group : ${{ inputs.aws_db_proxy_allowed_security_group }}
aws_db_proxy_allow_all_incoming : ${{ inputs.aws_db_proxy_allow_all_incoming }}
aws_db_proxy_cloudwatch_enable : ${{ inputs.aws_db_proxy_cloudwatch_enable }}
aws_db_proxy_cloudwatch_retention_days : ${{ inputs.aws_db_proxy_cloudwatch_retention_days }}
aws_db_proxy_additional_tags: ${{ inputs.aws_db_proxy_additional_tags }}
# Deployment repo
gh_deployment_input_terraform: ${{ inputs.gh_deployment_input_terraform }}
gh_deployment_input_ansible: ${{ inputs.gh_deployment_input_ansible }}
gh_deployment_input_ansible_playbook: ${{ inputs.gh_deployment_input_ansible_playbook }}
gh_deployment_input_ansible_extra_vars_file: ${{ inputs.gh_deployment_input_ansible_extra_vars_file }}
gh_deployment_action_input_ansible_extra_vars_file: ${{ inputs.gh_deployment_action_input_ansible_extra_vars_file }}