-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathaction.yaml
182 lines (174 loc) · 8.73 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
name: 'Deploy an ECR Registry to AWS'
description: 'Deploys an Amazon hosted ECR Registry to store Docker and OCI images and artifacts.'
branding:
icon: upload-cloud
color: red
inputs:
bitops_code_only:
description: 'Will run only the generation phase of BitOps, where the Terraform and Ansible code is built.'
required: false
bitops_code_store:
description: 'Store BitOps code as a GitHub artifact'
required: false
default: false
# AWS
aws_access_key_id:
description: 'AWS access key ID'
required: true
aws_secret_access_key:
description: 'AWS secret access key'
required: true
aws_session_token:
description: 'AWS session token'
required: false
aws_default_region:
description: 'AWS default region'
required: false
default: us-east-1
aws_resource_identifier:
description: 'Set to override the AWS resource identifier for the deployment. Defaults to `${org}-{repo}-{branch}`. Use with destroy to destroy specific resources.'
required: false
aws_additional_tags:
description: 'A JSON object of additional tags that will be included on created resources. Example: `{"key1": "value1", "key2": "value2"}`'
required: false
# Terraform
tf_stack_destroy:
description: 'Set to "true" to Destroy the stack through Terraform.'
required: false
tf_state_file_name:
description: 'Change this to be anything you want to. Carefull to be consistent here. A missing file could trigger recreation, or stepping over destruction of non-defined objects.'
required: false
tf_state_file_name_append:
description: 'Append a string to the tf-state-file. Setting this to `unique` will generate `tf-state-aws-unique`. Can co-exist with the tf_state_file_name variable. '
required: false
tf_state_bucket:
description: 'AWS S3 bucket to use for Terraform state. Defaults to `${org}-${repo}-{branch}-tf-state`'
required: false
tf_state_bucket_destroy:
description: 'Force purge and deletion of S3 bucket defined. Any file contained there will be destroyed. `tf_stack_destroy` must also be `true`'
required: false
# ECR Inputs
aws_ecr_repo_create:
description: 'Determines whether a repository will be created'
required: false
aws_ecr_repo_type:
description: 'The type of repository to create. Either `public` or `private`. Defaults to `private`.'
required: false
aws_ecr_repo_name:
description: 'The name of the repository. If none, will use the default resource-identifier.'
required: false
aws_ecr_repo_mutable:
description: 'The tag mutability setting for the repository. Set this to true if `MUTABLE`. Defaults to false, so `IMMUTABLE`'
required: false
aws_ecr_repo_encryption_type:
description: 'The encryption type for the repository. Must be one of: `KMS` or `AES256`. Defaults to `AES256`'
required: false
aws_ecr_repo_encryption_key_arn:
description: 'The ARN of the KMS key to use when encryption_type is `KMS`. If not specified, uses the default AWS managed key for ECR'
required: false
aws_ecr_repo_force_destroy:
description: 'If `true`, will delete the repository even if it contains images. Defaults to `false`'
required: false
aws_ecr_repo_image_scan:
description: 'Indicates whether images are scanned after being pushed to the repository (`true`) (default) or not scanned (`false`)'
required: false
aws_ecr_registry_scan_rule:
description: 'One or multiple blocks specifying scanning rules to determine which repository filters are used and at what frequency scanning will occur. Use []'
required: false
aws_ecr_registry_pull_through_cache_rules:
description: 'List of pull through cache rules to create. Use map(map(string)). '
required: false
aws_ecr_registry_scan_config:
description: 'Scanning type to set for the registry. Can be either `ENHANCED` or `BASIC`. Defaults to null.'
required: false
aws_ecr_registry_replication_rules_input:
description: 'The replication rules for a replication configuration. A maximum of 10 are allowed. Defaults to `[]`.'
required: false
aws_ecr_repo_policy_attach:
description: 'Determines whether a repository policy will be attached to the repository. Defaults to `true`.'
required: false
aws_ecr_repo_policy_create:
description: 'Determines whether a repository policy will be created. Defaults to `true`.'
required: false
aws_ecr_repo_policy_input:
description: 'The JSON policy to apply to the repository. If defined overrides the default policy'
required: false
aws_ecr_repo_read_arn:
description: 'The ARNs of the IAM users/roles that have read access to the repository. (Comma separated list)'
required: false
aws_ecr_repo_write_arn:
description: 'The ARNs of the IAM users/roles that have read/write access to the repository. (Comma separated list)'
required: false
aws_ecr_repo_read_arn_lambda:
description: 'The ARNs of the Lambda service roles that have read access to the repository. (Comma separated list)'
required: false
aws_ecr_lifecycle_policy_input:
description: 'The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs'
required: false
aws_ecr_public_repo_catalog:
description: 'Catalog data configuration for the repository. Defaults to `{}`.'
required: false
aws_ecr_registry_policy_input:
description: 'The policy document. This is a JSON formatted string'
required: false
aws_ecr_additional_tags:
description: 'A list of strings that will be added to created resources'
required: false
outputs:
# ECR
ecr_repository_url:
description: "ECR Repo URL"
value: ${{ steps.deploy.outputs.ecr_repository_url }}
ecr_repository_arn:
description: "ECR Repo ARN"
value: ${{ steps.deploy.outputs.ecr_repository_arn }}
ecr_repository_registry_id:
description: "ECR Repo Registry ID"
value: ${{ steps.deploy.outputs.ecr_repository_registry_id }}
runs:
using: 'composite'
steps:
- name: Deploy with BitOps
id: deploy
uses: bitovi/[email protected]
with:
# Current repo vars
bitops_code_only: ${{ inputs.bitops_code_only }}
bitops_code_store: ${{ inputs.bitops_code_store }}
# AWS
aws_access_key_id: ${{ inputs.aws_access_key_id }}
aws_secret_access_key: ${{ inputs.aws_secret_access_key }}
aws_session_token: ${{ inputs.aws_session_token }}
aws_default_region: ${{ inputs.aws_default_region }}
aws_resource_identifier: ${{ inputs.aws_resource_identifier }}
aws_additional_tags: ${{ inputs.aws_additional_tags }}
# Terraform
tf_stack_destroy: ${{ inputs.tf_stack_destroy }}
tf_state_file_name: ${{ inputs.tf_state_file_name }}
tf_state_file_name_append: ${{ inputs.tf_state_file_name_append }}
tf_state_bucket: ${{ inputs.tf_state_bucket }}
tf_state_bucket_destroy: ${{ inputs.tf_state_bucket_destroy }}
tf_state_bucket_provider: 'aws'
# ECR
aws_ecr_repo_create: ${{ inputs.aws_ecr_repo_create }}
aws_ecr_repo_type: ${{ inputs.aws_ecr_repo_type }}
aws_ecr_repo_name: ${{ inputs.aws_ecr_repo_name }}
aws_ecr_repo_mutable: ${{ inputs.aws_ecr_repo_mutable }}
aws_ecr_repo_encryption_type: ${{ inputs.aws_ecr_repo_encryption_type }}
aws_ecr_repo_encryption_key_arn: ${{ inputs.aws_ecr_repo_encryption_key_arn }}
aws_ecr_repo_force_destroy: ${{ inputs.aws_ecr_repo_force_destroy }}
aws_ecr_repo_image_scan: ${{ inputs.aws_ecr_repo_image_scan }}
aws_ecr_registry_scan_rule: ${{ inputs.aws_ecr_registry_scan_rule }}
aws_ecr_registry_pull_through_cache_rules: ${{ inputs.aws_ecr_registry_pull_through_cache_rules }}
aws_ecr_registry_scan_config: ${{ inputs.aws_ecr_registry_scan_config }}
aws_ecr_registry_replication_rules_input: ${{ inputs.aws_ecr_registry_replication_rules_input }}
aws_ecr_repo_policy_attach: ${{ inputs.aws_ecr_repo_policy_attach }}
aws_ecr_repo_policy_create: ${{ inputs.aws_ecr_repo_policy_create }}
aws_ecr_repo_policy_input: ${{ inputs.aws_ecr_repo_policy_input }}
aws_ecr_repo_read_arn: ${{ inputs.aws_ecr_repo_read_arn }}
aws_ecr_repo_write_arn: ${{ inputs.aws_ecr_repo_write_arn }}
aws_ecr_repo_read_arn_lambda: ${{ inputs.aws_ecr_repo_read_arn_lambda }}
aws_ecr_lifecycle_policy_input: ${{ inputs.aws_ecr_lifecycle_policy_input }}
aws_ecr_public_repo_catalog: ${{ inputs.aws_ecr_public_repo_catalog }}
aws_ecr_registry_policy_input: ${{ inputs.aws_ecr_registry_policy_input }}
aws_ecr_additional_tags: ${{ inputs.aws_ecr_additional_tags }}