diff --git a/.github/workflows/actions-demo.yaml b/.github/workflows/actions-demo.yaml new file mode 100644 index 0000000..9a7afb3 --- /dev/null +++ b/.github/workflows/actions-demo.yaml @@ -0,0 +1,57 @@ +name: Terraform Github Actions +run-name: ${{ github.actor }} is testing GitHub Actions 🚀 +on: [push] + +defaults: + run: + working-directory: ./terraform + +env: + NSXT_MANAGER_HOST: ${{ secrets.NSXT_MANAGER_HOST }} + NSXT_USERNAME: ${{ secrets.NSXT_USERNAME }} + NSXT_PASSWORD: ${{ secrets.NSXT_PASSWORD }} + S3_ACCESS_KEY: ${{ secrets.S3_ACCESS_KEY }} + S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY }} + +jobs: + Validate: + runs-on: [self-hosted] + container: + image: hashicorp/terraform + steps: + - name: clone repository + uses: actions/checkout@v2 + - name: terraform init + id: init + run: terraform init -backend-config="access_key=${S3_ACCESS_KEY}" -backend-config="secret_key=${S3_SECRET_KEY}" + continue-on-error: false + - name: terraform fmt + id: fmt + run: terraform fmt -check -recursive -diff + continue-on-error: false + - name: terraform validate + id: validate + run: terraform validate + continue-on-error: false + Plan: + needs: [Validate] + runs-on: [self-hosted] + container: + image: hashicorp/terraform + steps: + - name: terraform init + id: init + run: terraform init -backend-config="access_key=${S3_ACCESS_KEY}" -backend-config="secret_key=${S3_SECRET_KEY}" + - name: terraform plan + id: plan + run: terraform plan -out=planfile + Apply: + needs: [Validate, Plan] + runs-on: [self-hosted] + if: ${{ github.ref == 'refs/heads/main' }} + container: + image: hashicorp/terraform + steps: + - name: terraform apply + id: apply + run: terraform apply -input=false "planfile" \ No newline at end of file diff --git a/terraform/data.tf b/terraform/data.tf new file mode 100644 index 0000000..be3fb6f --- /dev/null +++ b/terraform/data.tf @@ -0,0 +1,3 @@ +data "nsxt_policy_transport_zone" "tz1" { + display_name = "HTZ-Overlay" +} \ No newline at end of file diff --git a/terraform/provider.tf b/terraform/provider.tf new file mode 100644 index 0000000..55ea4ed --- /dev/null +++ b/terraform/provider.tf @@ -0,0 +1,30 @@ +terraform { + required_providers { + nsxt = { + source = "vmware/nsxt" + version = "3.3.0" + } + } + backend "s3" { + bucket = "tf-state" # Name of the S3 bucket + endpoints = { + s3 = "https://mys3endpoint" # Minio endpoint + } + key = "actions-terraform.tfstate" # Name of the tfstate file + + #config needed for s3 minio to work + region = "main" # Region validation will be skipped + skip_credentials_validation = true # Skip AWS related checks and validations + skip_requesting_account_id = true + skip_metadata_api_check = true + skip_region_validation = true + use_path_style = true # Enable path-style S3 URLs (https:/// https://developer.hashicorp.com/terraform/language/settings/backends/s3#use_path_style + insecure = true + skip_s3_checksum = true + } +} + +provider "nsxt" { + allow_unverified_ssl = true + max_retries = 5 +} \ No newline at end of file diff --git a/terraform/test.tf b/terraform/test.tf new file mode 100644 index 0000000..9a27cda --- /dev/null +++ b/terraform/test.tf @@ -0,0 +1,5 @@ +resource "nsxt_policy_segment" "tf-actions-segment" { + display_name = "segment01-test" + description = "Terraform provisioned Segment via Github Actions" + transport_zone_path = data.nsxt_policy_transport_zone.tz1.path +} \ No newline at end of file