feat(workflows): init terraform

2023-12-09 10:23:24 +02:00
parent d75891b4c8
commit 8c153bb976
2 changed files with 54 additions and 0 deletions
--- a/.gitea/workflows/tf-apply.yml
+++ b/.gitea/workflows/tf-apply.yml
@@ -2,12 +2,18 @@ name: tf-apply
 on:
  workflow_call:
    secrets:
+      gpg-key:
+        required: true
+        type: string
      tf-api-token:
        required: true
+        type: string
      ssh-private-key:
        required: true
+        type: string
      ssh-known-hosts:
        required: true
+        type: string

 jobs:
  tf-plan:
@@ -17,6 +23,20 @@ jobs:
      tfplanexitcode: ${{ steps.tfplan.outputs.exitcode }}

    steps:
+      - name: Clone blackbox repo
+        uses: actions/checkout@v4
+        with:
+          repository: xaked/blackbox
+          path: /tmp/blackbox
+          ref: master
+      - name: Decrypt secrets
+        shell: bash
+        run: |
+          cd /tmp/blackbox || exit 1;
+          make copy-install;
+          echo ${{ secrets.gpg-key }} | base64 -d | gpg --import;
+          cd ${{ github.workspace }};
+          blackbox_decrypt_all_files;
      - uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.5.7
@@ -71,6 +91,20 @@ jobs:
    if: needs.tf-plan.outputs.tfplanexitcode == 2

    steps:
+      - name: Clone blackbox repo
+        uses: actions/checkout@v4
+        with:
+          repository: xaked/blackbox
+          path: /tmp/blackbox
+          ref: master
+      - name: Decrypt secrets
+        shell: bash
+        run: |
+          cd /tmp/blackbox || exit 1;
+          make copy-install;
+          echo ${{ secrets.gpg-key }} | base64 -d | gpg --import;
+          cd ${{ github.workspace }};
+          blackbox_decrypt_all_files;
      - uses: hashicorp/setup-terraform@v2
        with:
          terraform_version: 1.5.7