init

.github/workflows/actions-demo.yaml

@@ -0,0 +1,57 @@
+name: Terraform Github Actions
+run-name: ${{ github.actor }} is testing GitHub Actions 🚀
+on: [push]
+
+defaults:
+  run:
+    working-directory: ./terraform
+
+env:
+ NSXT_MANAGER_HOST: ${{ secrets.NSXT_MANAGER_HOST }}
+ NSXT_USERNAME: ${{ secrets.NSXT_USERNAME }}
+ NSXT_PASSWORD: ${{ secrets.NSXT_PASSWORD }}
+ S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }}
+ S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }}
+
+jobs:
+  Validate:
+    runs-on: [self-hosted]
+    container:
+      image: hashicorp/terraform
+    steps:
+      - name: clone repository
+        uses: actions/checkout@v2
+      - name: terraform init
+        id: init
+        run: terraform init -backend-config="access_key=${S3_ACCESS_KEY}" -backend-config="secret_key=${S3_SECRET_KEY}"
+        continue-on-error: false
+      - name: terraform fmt
+        id: fmt
+        run: terraform fmt -check -recursive -diff
+        continue-on-error: false
+      - name: terraform validate
+        id: validate
+        run: terraform validate
+        continue-on-error: false
+  Plan:
+    needs: [Validate]
+    runs-on: [self-hosted]
+    container:
+      image: hashicorp/terraform
+    steps:
+      - name: terraform init
+        id: init
+        run: terraform init -backend-config="access_key=${S3_ACCESS_KEY}" -backend-config="secret_key=${S3_SECRET_KEY}"
+      - name: terraform plan
+        id: plan
+        run: terraform plan -out=planfile
+  Apply:
+    needs: [Validate, Plan]
+    runs-on: [self-hosted]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    container:
+      image: hashicorp/terraform
+    steps:
+      - name: terraform apply
+        id: apply
+        run: terraform apply -input=false "planfile"

terraform/data.tf

@@ -0,0 +1,3 @@
+data "nsxt_policy_transport_zone" "tz1" {
+  display_name = "HTZ-Overlay"
+}

terraform/provider.tf

@@ -0,0 +1,30 @@
+terraform {
+  required_providers {
+    nsxt = {
+      source  = "vmware/nsxt"
+      version = "3.3.0"
+    }
+  }
+  backend "s3" {
+    bucket = "tf-state" # Name of the S3 bucket
+    endpoints = {
+      s3 = "https://mys3endpoint" # Minio endpoint
+    }
+    key = "actions-terraform.tfstate" # Name of the tfstate file
+
+    #config needed for s3 minio to work
+    region                      = "main" # Region validation will be skipped
+    skip_credentials_validation = true   # Skip AWS related checks and validations
+    skip_requesting_account_id  = true
+    skip_metadata_api_check     = true
+    skip_region_validation      = true
+    use_path_style              = true # Enable path-style S3 URLs (https://<HOST>/<BUCKET> https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style
+    insecure                    = true
+    skip_s3_checksum            = true
+  }
+}
+
+provider "nsxt" {
+  allow_unverified_ssl = true
+  max_retries          = 5
+}

terraform/test.tf

@@ -0,0 +1,5 @@
+resource "nsxt_policy_segment" "tf-actions-segment" {
+  display_name        = "segment01-test"
+  description         = "Terraform provisioned Segment via Github Actions"
+  transport_zone_path = data.nsxt_policy_transport_zone.tz1.path
+}