-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yaml
382 lines (370 loc) · 18.4 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
name: 'Deploy Amazon Aurora DB cluster (Postgres/MySQL)'
description: 'Deploys an AWS Aurora cluster database (Postgres/MySQL)'
branding:
icon: upload-cloud
color: red
inputs:
bitops_code_only:
description: 'Will run only the generation phase of BitOps, where the Terraform and Ansible code is built.'
required: false
bitops_code_store:
description: 'Store BitOps code as a GitHub artifact'
required: false
default: false
# AWS
aws_access_key_id:
description: 'AWS access key ID'
required: true
aws_secret_access_key:
description: 'AWS secret access key'
required: true
aws_session_token:
description: 'AWS session token'
required: false
aws_default_region:
description: 'AWS default region'
required: false
default: us-east-1
aws_resource_identifier:
description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.'
required: false
aws_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# Terraform
tf_stack_destroy:
description: 'Set to "true" to Destroy the stack through Terraform.'
required: false
tf_state_file_name:
description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
required: false
tf_state_file_name_append:
description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
required: false
tf_state_bucket:
description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`'
required: false
tf_state_bucket_destroy:
description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`'
required: false
# AWS Aurora
aws_aurora_enable:
description: 'Toggles deployment of an Aurora database. Defaults to true.'
required: false
default: true
aws_aurora_proxy:
description: 'Aurora DB Proxy Toggle. Defaults to false.'
required: false
aws_aurora_cluster_name:
description: 'The name of the cluster. Will be created if it does not exist. Defaults to aws_resource_identifier if none set.'
required: false
aws_aurora_engine:
description: 'The database engine to use. Defaults to aurora-postgresql.'
required: false
aws_aurora_engine_version:
description: 'The DB version of the engine to use.'
required: false
aws_aurora_engine_mode:
description: 'Database engine mode. Could be global, multimaster, parallelquey, provisioned, serverless.'
required: false
aws_aurora_availability_zones:
description: 'List of availability zones for the DB cluster storage where DB cluster instances can be created.'
required: false
aws_aurora_cluster_apply_immediately:
description: 'Apply changes immediately to the cluster. If not, will be done in next maintenance window.. Default false'
required: false
# Storage
aws_aurora_allocated_storage:
description: 'Amount of storage in gigabytes. Required for multi-az cluster.'
required: false
aws_aurora_storage_encrypted:
description: 'Toggles whether the DB cluster is encrypted. Defaults to true.'
required: false
aws_aurora_kms_key_id:
description: 'KMS Key ID to use with the cluster encrypted storage.'
required: false
aws_aurora_storage_type:
description: 'Define type of storage to use. Required for multi-az cluster.'
required: false
aws_aurora_storage_iops:
description: 'iops for storage. Required for multi-az cluster. '
required: false
# Cluster details
aws_aurora_database_name:
description: 'The name of the database. will be created if it does not exist. Defaults to aurora'
required: false
aws_aurora_master_username:
description: 'Master username. Defaults to aurora'
required: false
aws_aurora_database_group_family:
description: 'The family of the DB parameter group. See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Reference.html https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraPostgreSQL.Reference.html. Defaults set for Postges and MySQL.'
required: false
aws_aurora_iam_auth_enabled:
description: 'Toggles IAM Authentication. Defaults to false.'
required: false
aws_aurora_iam_roles:
description: 'Define the ARN list of allowed roles.'
required: false
aws_aurora_cluster_db_instance_class:
description: 'To create a Multi-AZ RDS cluster, you must additionally specify the engine, storage_type, allocated_storage, iops and aws_aurora_db_cluster_instance_class attributes.'
required: false
# Networking
aws_aurora_security_group_name:
description: 'Name of the security group to use for postgres. Defaults to SG for ${var.aws_resource_identifier} - Aurora'
required: false
aws_aurora_ingress_allow_all:
description: 'Allow access from 0.0.0.0/0 in the same VPC. Defaults to true'
required: false
aws_aurora_allowed_security_groups:
description: 'Extra names of the security groups to access Aurora.'
required: false
aws_aurora_subnets:
description: 'The list of subnet ids to use for postgres.'
required: false
aws_aurora_database_port:
description: 'Database port. Defaults to 5432'
required: false
aws_aurora_db_publicly_accessible:
description: 'Make database publicly accessible. Defaults to false.'
required: false
# Backup & maint
aws_aurora_cloudwatch_enable:
description: 'Toggles cloudwatch. Defaults to true'
required: false
aws_aurora_cloudwatch_log_type:
description: 'Comma separated list of log types to include in cloudwatch. If none defined, will use [postgresql] or [audit,error,general,slowquery]. Based on the db engine.'
required: false
aws_aurora_cloudwatch_retention_days:
description: 'Days to store cloudwatch logs. Defaults to 7.'
required: false
aws_aurora_backtrack_window:
description: 'Target backtrack window, in seconds. Only available for aurora and aurora-mysql engines currently. 0 to disable. Defaults to 0'
required: false
aws_aurora_backup_retention_period:
description: 'Days to retain backups for. Defaults to 5.'
required: false
aws_aurora_backup_window:
description: 'Daily time range during which the backups happen.'
required: false
aws_aurora_maintenance_window:
description: 'Maintenance window.'
required: false
aws_aurora_database_final_snapshot:
description: 'Set the name to Generate a snapshot of the database before deletion.'
required: false
aws_aurora_deletion_protection:
description: 'Protects the database from deletion. Defaults to false. This wont prevent Terraform from destroying it.'
required: false
aws_aurora_delete_auto_backups:
description: 'Specifies whether to remove automated backups immediately after the DB cluster is deleted. Default is true.'
required: false
aws_aurora_restore_snapshot_id:
description: 'Restore an initial snapshot of the DB if specified.'
required: false
aws_aurora_restore_to_point_in_time:
description: 'Restore database to a point in time. Will require a map of strings. Like {"restore_to_time"="W","restore_type"="X","source_cluster_identifier"="Y", "use_latest_restorable_time"="Z"}. Default {}'
required: false
aws_aurora_snapshot_name:
description: 'Takes a snapshot of the DB.'
required: false
aws_aurora_snapshot_overwrite:
description: 'Overwrites snapshot if same name is set. Defaults to false.'
required: false
# DB Parameters
aws_aurora_db_instances_count:
description: 'Amount of instances to create. Defaults to 1.'
required: false
aws_aurora_db_instance_class:
description: 'Database instance size. Defaults to db.r6g.large.'
required: false
aws_aurora_db_apply_immediately:
description: 'Specifies whether any modifications are applied immediately, or during the next maintenance window. Defaults to false.'
required: false
aws_aurora_db_ca_cert_identifier:
description: 'Certificate to use with the database. Defaults to rds-ca-ecc384-g1.'
required: false
aws_aurora_db_maintenance_window:
description: 'Maintenance window.'
required: false
aws_aurora_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# Aurora Proxy
aws_db_proxy_name:
description: 'DB Proxy name'
required: false
aws_db_proxy_client_password_auth_type:
description: 'Auth type to use, will use the following, depending on DB the family. MYSQL_NATIVE_PASSWORD, POSTGRES_SCRAM_SHA_256, and SQL_SERVER_AUTHENTICATION'
required: false
aws_db_proxy_tls:
description: 'Toogle TLS enforcement for connection'
required: false
aws_db_proxy_security_group_name:
description: 'Name for the proxy security group. Default to aws_resource_identifier if none.'
required: false
aws_db_proxy_database_security_group_allow:
description: 'Will add an incoming rule from every security group associated with the DB'
required: false
aws_db_proxy_allowed_security_group:
description: 'Comma separated list of SG Ids to add.'
required: false
aws_db_proxy_allow_all_incoming:
description: 'Allow all incoming traffic to the DB Proxy. Mind that the proxy is only available from the internal network except manually exposed.'
required: false
aws_db_proxy_cloudwatch_enable:
description: 'Toggle Cloudwatch logs. Will be stored in /aws/rds/proxy/rds_proxy.name'
required: false
aws_db_proxy_cloudwatch_retention_days:
description: 'Number of days to retain logs'
required: false
aws_db_proxy_additional_tags:
description: 'A list of strings that will be added to created resources'
required: false
# AWS VPC Inputs
aws_vpc_create:
description: 'Define if a VPC should be created'
required: false
aws_vpc_name:
description: 'Set a specific name for the VPC'
required: false
aws_vpc_cidr_block:
description: 'Define Base CIDR block which is divided into subnet CIDR blocks. Defaults to 10.0.0.0/16.'
required: false
aws_vpc_public_subnets:
description: 'Comma separated list of public subnets. Defaults to 10.10.110.0/24'
required: false
aws_vpc_private_subnets:
description: 'Comma separated list of private subnets. If none, none will be created.'
required: false
aws_vpc_availability_zones:
description: 'Comma separated list of availability zones. Defaults to `aws_default_region.'
required: false
aws_vpc_id:
description: 'AWS VPC ID. Accepts `vpc-###` values.'
required: false
aws_vpc_subnet_id:
description: 'Specify a Subnet to be used with the instance. If none provided, will pick one.'
required: false
aws_vpc_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
outputs:
aws_vpc_id:
description: "The selected VPC ID used."
value: ${{ steps.deploy.outputs.aws_vpc_id }}
aurora_db_endpoint:
description: "Aurora Endpoint"
value: ${{ steps.deploy.outputs.aurora_db_endpoint }}
aurora_db_secret_details_name:
description: "AWS Secret name containing db credentials"
value: ${{ steps.deploy.outputs.aurora_db_secret_details_name }}
aurora_db_sg_id:
description: "SG ID for the Aurora instance"
value: ${{ steps.deploy.outputs.aurora_db_sg_id }}
aurora_proxy_endpoint:
description: "Database proxy endpoint"
value: ${{ steps.deploy.outputs.aurora_proxy_endpoint }}
aurora_proxy_secret_name:
description: "AWS Secret name containing proxy credentials"
value: ${{ steps.deploy.outputs.aurora_proxy_secret_name }}
aurora_proxy_sg_id:
description: "SG ID for the Aurora Proxy instance"
value: ${{ steps.deploy.outputs.aurora_proxy_sg_id }}
runs:
using: 'composite'
steps:
- name: Deploy with BitOps
id: deploy
uses: bitovi/[email protected]
with:
# AWS
aws_access_key_id: ${{ inputs.aws_access_key_id }}
aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
aws_session_token: ${{ inputs.aws_session_token }}
aws_default_region: ${{ inputs.aws_default_region }}
aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
aws_additional_tags: ${{ inputs.aws_additional_tags }}
# Terraform
tf_stack_destroy: ${{ inputs.tf_stack_destroy }}
tf_state_file_name: ${{ inputs.tf_state_file_name }}
tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
tf_state_bucket: ${{ inputs.tf_state_bucket }}
tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
# Aurora
aws_aurora_enable: ${{ inputs.aws_aurora_enable }}
aws_aurora_proxy: ${{ inputs.aws_aurora_proxy }}
aws_aurora_cluster_name: ${{ inputs.aws_aurora_cluster_name }}
aws_aurora_engine: ${{ inputs.aws_aurora_engine }}
aws_aurora_engine_version: ${{ inputs.aws_aurora_engine_version }}
aws_aurora_engine_mode: ${{ inputs.aws_aurora_engine_mode }}
aws_aurora_availability_zones: ${{ inputs.aws_aurora_availability_zones }}
aws_aurora_cluster_apply_immediately: ${{ inputs.aws_aurora_cluster_apply_immediately }}
# Storage
aws_aurora_allocated_storage: ${{ inputs.aws_aurora_allocated_storage }}
aws_aurora_storage_encrypted: ${{ inputs.aws_aurora_storage_encrypted }}
aws_aurora_kms_key_id: ${{ inputs.aws_aurora_kms_key_id }}
aws_aurora_storage_type: ${{ inputs.aws_aurora_storage_type }}
aws_aurora_storage_iops: ${{ inputs.aws_aurora_storage_iops }}
# DB Details
aws_aurora_database_name: ${{ inputs.aws_aurora_database_name }}
aws_aurora_master_username: ${{ inputs.aws_aurora_master_username }}
aws_aurora_database_group_family: ${{ inputs.aws_aurora_database_group_family }}
aws_aurora_iam_auth_enabled: ${{ inputs.aws_aurora_iam_auth_enabled }}
aws_aurora_iam_roles: ${{ inputs.aws_aurora_iam_roles }}
aws_aurora_cluster_db_instance_class: ${{ inputs.aws_aurora_cluster_db_instance_class }}
# Net
aws_aurora_security_group_name: ${{ inputs.aws_aurora_security_group_name }}
aws_aurora_ingress_allow_all: ${{ inputs.aws_aurora_ingress_allow_all }}
aws_aurora_allowed_security_groups: ${{ inputs.aws_aurora_allowed_security_groups }}
aws_aurora_db_publicly_accessible: ${{ inputs.aws_aurora_db_publicly_accessible }}
aws_aurora_subnets: ${{ inputs.aws_aurora_subnets }}
aws_aurora_database_port: ${{ inputs.aws_aurora_database_port }}
# Backup & Maint
aws_aurora_cloudwatch_enable: ${{ inputs.aws_aurora_cloudwatch_enable }}
aws_aurora_cloudwatch_log_type: ${{ inputs.aws_aurora_cloudwatch_log_type }}
aws_aurora_cloudwatch_retention_days: ${{ inputs.aws_aurora_cloudwatch_retention_days }}
aws_aurora_backtrack_window: ${{ inputs.aws_aurora_backtrack_window }}
aws_aurora_backup_retention_period: ${{ inputs.aws_aurora_backup_retention_period }}
aws_aurora_backup_window: ${{ inputs.aws_aurora_backup_window }}
aws_aurora_maintenance_window: ${{ inputs.aws_aurora_maintenance_window }}
aws_aurora_database_final_snapshot: ${{ inputs.aws_aurora_database_final_snapshot }}
aws_aurora_deletion_protection: ${{ inputs.aws_aurora_deletion_protection }}
aws_aurora_delete_auto_backups: ${{ inputs.aws_aurora_delete_auto_backups }}
aws_aurora_restore_snapshot_id: ${{ inputs.aws_aurora_restore_snapshot_id }}
aws_aurora_restore_to_point_in_time: ${{ inputs.aws_aurora_restore_to_point_in_time }}
aws_aurora_snapshot_name: ${{ inputs.aws_aurora_snapshot_name }}
aws_aurora_snapshot_overwrite: ${{ inputs.aws_aurora_snapshot_overwrite }}
# DB Parameters
aws_aurora_db_instances_count: ${{ inputs.aws_aurora_db_instances_count }}
aws_aurora_db_instance_class: ${{ inputs.aws_aurora_db_instance_class }}
aws_aurora_db_apply_immediately: ${{ inputs.aws_aurora_db_apply_immediately }}
aws_aurora_db_ca_cert_identifier: ${{ inputs.aws_aurora_db_ca_cert_identifier }}
aws_aurora_db_maintenance_window: ${{ inputs.aws_aurora_db_maintenance_window }}
aws_aurora_additional_tags: ${{ inputs.aws_aurora_additional_tags }}
# Proxy
aws_db_proxy_name : ${{ inputs.aws_db_proxy_name }}
aws_db_proxy_client_password_auth_type : ${{ inputs.aws_db_proxy_client_password_auth_type }}
aws_db_proxy_tls : ${{ inputs.aws_db_proxy_tls }}
aws_db_proxy_security_group_name : ${{ inputs.aws_db_proxy_security_group_name }}
aws_db_proxy_database_security_group_allow : ${{ inputs.aws_db_proxy_database_security_group_allow }}
aws_db_proxy_allowed_security_group : ${{ inputs.aws_db_proxy_allowed_security_group }}
aws_db_proxy_allow_all_incoming : ${{ inputs.aws_db_proxy_allow_all_incoming }}
aws_db_proxy_cloudwatch_enable : ${{ inputs.aws_db_proxy_cloudwatch_enable }}
aws_db_proxy_cloudwatch_retention_days : ${{ inputs.aws_db_proxy_cloudwatch_retention_days }}
aws_db_proxy_additional_tags: ${{ inputs.aws_db_proxy_additional_tags }}
# Current repo vars
bitops_code_only: ${{ inputs.bitops_code_only }}
bitops_code_store: ${{ inputs.bitops_code_store }}
# AWS VPC Inputs
aws_vpc_create: ${{inputs.aws_vpc_create }}
aws_vpc_name: ${{inputs.aws_vpc_name }}
aws_vpc_cidr_block: ${{inputs.aws_vpc_cidr_block }}
aws_vpc_public_subnets: ${{inputs.aws_vpc_public_subnets }}
aws_vpc_private_subnets: ${{inputs.aws_vpc_private_subnets }}
aws_vpc_availability_zones: ${{inputs.aws_vpc_availability_zones }}
aws_vpc_id: ${{inputs.aws_vpc_id }}
aws_vpc_subnet_id: ${{inputs.aws_vpc_subnet_id }}
aws_vpc_enable_nat_gateway: ${{ inputs.aws_vpc_enable_nat_gateway }}
aws_vpc_single_nat_gateway: ${{ inputs.aws_vpc_single_nat_gateway }}
aws_vpc_external_nat_ip_ids: ${{ inputs.aws_vpc_external_nat_ip_ids }}
aws_vpc_additional_tags: ${{inputs.aws_vpc_additional_tags }}