Merge pull request #48 from bitovi/feature/bitops-env-vars

arm4b · web-flow · commit 4d5e43d76a19 · 2023-02-21T00:48:35.000Z
Bypass BITOPS_ extra ENV vars to Docker run
diff --git a/README.md b/README.md
@@ -97,7 +97,30 @@ For some specific resources, we have a `32` characters limit. If the identifier
 Bucket names can be made of up to 63 characters. If the length allows us to add `-tf-state`, we will do so. If not, a simple `-tf` will be added.
 
 ## Made with BitOps
-[BitOps](https://bitops.sh/) allows you to define Infrastructure-as-Code for multiple tools in a central place. This action uses BitOps [Operations Repository Structure](https://bitops.sh/operations-repo-structure/) to organize the necessary Terraform and Ansible steps, create infrastructure and deploy to it.
+[BitOps](https://bitops.sh/) allows you to define Infrastructure-as-Code for multiple tools in a central place. This action uses BitOps Docker container with prebuilt deployment tools and [Operations Repository Structure](https://bitops.sh/operations-repo-structure/) to organize the necessary Terraform and Ansible steps, create infrastructure and deploy to it.
+
+### Extra BitOps Configuration
+You can pass additional `BITOPS_` ENV variables to adjust the deployment behavior.
+```yaml
+- name: Deploy StackStorm to AWS (dry-run)
+  uses: bitovi/github-actions-deploy-stackstorm@main
+  env:
+    # Extra BitOps configuration:
+    BITOPS_LOGGING_LEVEL: INFO
+    # Extra Terraform configuration:
+    # https://bitops.sh/tool-configuration/configuration-terraform/#terraform-bitops-schema
+    BITOPS_TERRAFORM_SKIP_DEPLOY: true
+    # Extra Ansible configuration:
+    # https://bitops.sh/tool-configuration/configuration-ansible/#cli-configuration
+    BITOPS_ANSIBLE_DRYRUN: true
+  with:
+    aws_default_region: us-east-1
+    aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+    aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+    st2_auth_username: ${{ secrets.ST2_AUTH_USERNAME }}
+    st2_auth_password: ${{ secrets.ST2_AUTH_PASSWORD}}
+```
+In this example, we instruct BitOps to run a `terraform plan` instead of `terraform apply` and to run Ansible in `--check` mode, additionally, we set the BitOps container logging level to `DEBUG`.
 
 ## Future
 In the future, this action may support more cloud providers (via [BitOps Plugins](https://bitops.sh/plugins/) like [AWS](https://github.com/bitops-plugins/aws)) such as:
diff --git a/action.yaml b/action.yaml
@@ -96,8 +96,6 @@ runs:
         # Skip ansible deployment if deploying only infrastructure
         ANSIBLE_SKIP_DEPLOY: ${{ inputs.infrastructure_only }}
 
-        BITOPS_FAST_FAIL: "true"
-
         # ST2 config
         ST2_AUTH_USERNAME: ${{ inputs.st2_auth_username }}
         ST2_AUTH_PASSWORD: ${{ inputs.st2_auth_password }}
diff --git a/operations/_scripts/deploy/deploy.sh b/operations/_scripts/deploy/deploy.sh
@@ -29,46 +29,39 @@ export LB_LOGS_BUCKET="$(/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/gener
 # Generate app repo
 /bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_app_repo.sh
 
-# Generate bitops config
-/bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_bitops_config.sh
-
 # Generate `00_acm_create`
 if [[ "$CREATE_DOMAIN" == "true" ]]; then
   /bin/bash $GITHUB_ACTION_PATH/operations/_scripts/generate/generate_acm_tf.sh
 fi
 
-TERRAFORM_COMMAND=""
-TERRAFORM_DESTROY=""
 if [ "$STACK_DESTROY" == "true" ]; then
-  TERRAFORM_COMMAND="destroy"
-  TERRAFORM_DESTROY="true"
-  ANSIBLE_SKIP_DEPLOY="true"
+  export BITOPS_TERRAFORM_STACK_ACTION="destroy"
+  export BITOPS_ANSIBLE_SKIP_DEPLOY="true"
 fi
 
 if [[ "$GHA_TESTING" == "true" ]]; then
   echo "Quitting before BitOps invoke"
   exit 1
 fi
 
+# Bypass all the 'BITOPS_' ENV vars to docker
+DOCKER_EXTRA_ARGS=""
+for i in $(env | grep BITOPS_); do
+  DOCKER_EXTRA_ARGS="${DOCKER_EXTRA_ARGS} -e ${i}"
+done
+
 echo "Running BitOps for env: $BITOPS_ENVIRONMENT"
 docker run --rm --name bitops \
 -e AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID}" \
 -e AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY}" \
 -e AWS_SESSION_TOKEN="${AWS_SESSION_TOKEN}" \
 -e AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION}" \
--e BITOPS_ENVIRONMENT="${BITOPS_ENVIRONMENT}" \
--e SKIP_DEPLOY_TERRAFORM="${SKIP_DEPLOY_TERRAFORM}" \
--e SKIP_DEPLOY_HELM="${SKIP_DEPLOY_HELM}" \
--e BITOPS_TERRAFORM_COMMAND="${TERRAFORM_COMMAND}" \
--e TERRAFORM_DESTROY="${TERRAFORM_DESTROY}" \
--e ANSIBLE_SKIP_DEPLOY="${ANSIBLE_SKIP_DEPLOY}" \
 -e TF_STATE_BUCKET="${TF_STATE_BUCKET}" \
 -e TF_STATE_BUCKET_DESTROY="${TF_STATE_BUCKET_DESTROY}" \
--e DEFAULT_FOLDER_NAME="_default" \
 -e CREATE_VPC="${CREATE_VPC}" \
--e BITOPS_FAST_FAIL="${BITOPS_FAST_FAIL}" \
 -e ST2_AUTH_USERNAME="${ST2_AUTH_USERNAME}" \
 -e ST2_AUTH_PASSWORD="${ST2_AUTH_PASSWORD}" \
 -e ST2_PACKS="${ST2_PACKS}" \
+${DOCKER_EXTRA_ARGS} \
 -v $(echo $GITHUB_ACTION_PATH)/operations:/opt/bitops_deployment \
-bitovi/bitops:2.3.0
+bitovi/bitops:2.4.0
diff --git a/operations/_scripts/generate/generate_bitops_config.sh b/operations/_scripts/generate/generate_bitops_config.sh
diff --git a/operations/deployment/ansible/bitops.config.yaml b/operations/deployment/ansible/bitops.config.yaml
@@ -1,7 +1,5 @@
+# https://github.com/bitops-plugins/ansible
 ansible:
-    cli:
-      main-playbook: playbook.yml
-      # todo: (currently handled via vars/st2.yaml)
-      # extra-vars: "@extra-vars.yaml"
-    options:
-      dryrun: false
+  cli:
+    main-playbook: playbook.yml
+  options: {}
diff --git a/operations/deployment/terraform/bitops.after-deploy.d/delete-tf-state-bucket.sh b/operations/deployment/terraform/bitops.after-deploy.d/delete-tf-state-bucket.sh
@@ -1,10 +1,10 @@
 #!/bin/bash
 
-if [[ $TERRAFORM_DESTROY = true ]] && [[ $TF_STATE_BUCKET_DESTROY = true ]]; then
+if [[ $TERRAFORM_COMMAND = "destroy" ]] && [[ $TF_STATE_BUCKET_DESTROY = true ]]; then
   echo "Destroying S3 buket --> $TF_STATE_BUCKET"
   aws s3 rb s3://$TF_STATE_BUCKET --force
-else 
-  if [[ $TERRAFORM_DESTROY != true ]] && [[ $TF_STATE_BUCKET_DESTROY = true ]]; then
-    echo "TF_STATE_BUCKET_DESTROY set to true, but TERRAFORM_DESTROY wasn't. Not destroying the state bucket ($TF_STATE_BUCKET)"
+else
+  if [[ $TERRAFORM_COMMAND != "destroy" ]] && [[ $TF_STATE_BUCKET_DESTROY = true ]]; then
+    echo "TF_STATE_BUCKET_DESTROY set to true, but Terraform action wasn't 'destroy'. Not destroying the state bucket ($TF_STATE_BUCKET)"
   fi
 fi
diff --git a/operations/deployment/terraform/bitops.config.yaml b/operations/deployment/terraform/bitops.config.yaml
@@ -1,6 +1,5 @@
-
+# https://github.com/bitops-plugins/terraform
 terraform:
-    cli: 
-      stack-action: apply
-    options: {}
-
+  cli:
+    stack-action: apply
+  options: {}
