apply-config.sh

Apply a consistent configuration for all (relevant) Github repositories.

Overview

This script applies a consistent configuration across all Github repositories. using Terraform. The Terraform Github Provider allows interaction with Github.

Terraform is started inside a Docker container, so there is no need to install Terraform or any other software on your machine. Only Docker is required.

Terraform is an open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure. It provides infrastructure automation with workflows to build composition, collaboration, and reuse of infrastructure as code.

The Github Actions workflow: Global: Apply Github Configuration

Available Terraform commands

  • apply → Executes the actions proposed in a Terraform plan.

  • cleanup → Cleanup local filesystem.

  • docs → Generate Asciidoc for this Terraform configration and write into Antora partials directory.

  • fmt → Rewrite Terraform configuration files to a canonical format and style.

  • init → Initializes a working directory containing Terraform configuration files. This is the first command that should be run.

  • lint → Run TFLint in Docker container to check the Terraform config.

  • plan → Create an execution plan, which lets you preview the changes that Terraform plans to make.

  • validate → Validates configuration files in a directory, referring only to configuration and not accessing any remote services.

  • -version → Display Terraform version.

Use run-local.sh while developing on your localhost instead of direct calls to this script. run-local.sh provides a more conviniert way to trigger the terraform commands.

Script Arguments

  • $1 (string): The terraform command to run - Mandatory

  • $2 (string): Github token …​ when running on localhost pass a token from anywhere, when running in a Github Actions workflow pass ${{ secrets.GITHUB_TOKEN }} - Mandatory for plan and apply

  • $3 (string): Bitwarden client id …​ when running on localhost pass a data from anywhere, when running in a Github Actions workflow pass the correct Actions secret - Mandatory for plan and apply

  • $4 (string): Bitwarden client secret …​ when running on localhost pass a data from anywhere, when running in a Github Actions workflow pass the correct Actions secret - Mandatory for plan and apply

  • $5 (string): Bitwarden master password …​ when running on localhost pass a data from anywhere, when running in a Github Actions workflow pass the correct Actions secret - Mandatory for plan and apply

Script Example

To run this script locally, run the commands in the same order as the pipeline does (see docs for each function). Running this script without arguments will result in an error.

./apply-config.sh init
./apply-config.sh lint
./apply-config.sh validate
./apply-config.sh fmt
./apply-config.sh plan "$TOKEN" "$BW_CLIENT_ID" "$BW_CLIENT_SECRET" "$BW_MASTER_PASS"
./apply-config.sh apply "$TOKEN" "$BW_CLIENT_ID" "$BW_CLIENT_SECRET" "$BW_MASTER_PASS"
./apply-config.sh docs
./apply-config.sh cleanup

Index

terraform

Wrapper function to encapsulate terraform in a Docker container. The current working directory is mounted into the container and selected as working directory so that all files are available to terraform. Paths are preserved. The container runs with the current user.

When running plan or apply: All mandatory tokens, secrets, etc. which are passed to the script (see "Script Arguments"), are configured as environment variables for the container.

Example

terraform -version

Arguments

  • …​ (String): The terraform commands (1-n arguments) - $1 is mandatory

Exit codes

  • 8: If param with terraform command is missing

apply

Apply this configuration by running terraform apply -auto-approve. After applying the configuration the terraform.state file is copied back to the local clone of the configs-persistent-data repository. This updated is committed and pushed back to the remote repository.

Example

apply

cleanup

Remove all temporary files. When running in a pipeline, this step is always invoked.

Example

apply

docs

Generate documentation about this terraform configuratio by running terraform-docs inside a Docker container. The generated docs are stored as an Antora partials file.

Example

validate

format

Apply consistent format to all *.tf files by running terraform fmt -recursive.

Example

fmt

initialize

Initialize this configuration by running terraform init.

When running on a local machine during development

Before running terraform init the configs-persistent-data repo is cloned and the terraform state is copied to its correct location. This is done to use terraform as it is intended. Without a state, terraform assumes that every config must be applied (which mostly is not necessary). Terraform sould only apply the settings that don’t match the defintion.

Example

initialize

lint

Use terraform-linters/tflint linter (or terraform-linters/tflint-bundle to be precice) to check terraform config.

Example

lint

plan

Plan this configuration by running terraform plan.

Example

plan

validate

Validate this configuration by running terraform validate.

Example

validate

version

Show Terraform version by running terraform -version.

Example

version