segraef
diff --git a/‎.github/actions/storage-firewall/action.yml‎
Lines changed: 60 additions & 0 deletions b/‎.github/actions/storage-firewall/action.yml‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎.github/actions/terraform-apply/action.yml‎
Lines changed: 59 additions & 0 deletions b/‎.github/actions/terraform-apply/action.yml‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎.github/actions/terraform-destroy/action.yml‎
Lines changed: 51 additions & 0 deletions b/‎.github/actions/terraform-destroy/action.yml‎
Lines changed: 51 additions & 0 deletions
diff --git a/‎.github/actions/terraform-init/action.yml‎
Lines changed: 119 additions & 0 deletions b/‎.github/actions/terraform-init/action.yml‎
Lines changed: 119 additions & 0 deletions
@@ -0,0 +1,60 @@
+name: 'Storage Firewall Management'
+description: 'Add or remove agent IP from storage account firewall'
+inputs:
+  subscription_id:
+    description: 'Azure subscription ID for storage account'
+    required: true
+  storage_account:
+    description: 'Storage account name'
+    required: true
+  resource_group:
+    description: 'Resource group name'
+    required: true
+  mode:
+    description: 'Mode: on to add IP, off to remove IP'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Get Public IP
+      id: get-ip
+      shell: bash
+      run: |
+        PUBLIC_IP=$(curl -s https://api.ipify.org)
+        echo "ip=$PUBLIC_IP" >> $GITHUB_OUTPUT
+        echo "Public IP: $PUBLIC_IP"
+
+    - name: Set Azure Subscription
+      shell: bash
+      run: |
+        az account set --subscription ${{ inputs.subscription_id }}
+        echo "Set subscription to: $(az account show --query name -o tsv)"
+
+    - name: Add IP to Storage Firewall
+      if: inputs.mode == 'on'
+      shell: bash
+      run: |
+        echo "Adding IP ${{ steps.get-ip.outputs.ip }} to storage account firewall..."
+        az storage account network-rule add \
+          --resource-group ${{ inputs.resource_group }} \
+          --account-name ${{ inputs.storage_account }} \
+          --ip-address ${{ steps.get-ip.outputs.ip }}
+        
+        echo "IP added to firewall rules"
+        
+        # Wait for rule to propagate
+        echo "Waiting 30 seconds for firewall rule to propagate..."
+        sleep 30
+
+    - name: Remove IP from Storage Firewall
+      if: inputs.mode == 'off'
+      shell: bash
+      run: |
+        echo "Removing IP ${{ steps.get-ip.outputs.ip }} from storage account firewall..."
+        az storage account network-rule remove \
+          --resource-group ${{ inputs.resource_group }} \
+          --account-name ${{ inputs.storage_account }} \
+          --ip-address ${{ steps.get-ip.outputs.ip }} || true
+        
+        echo "IP removed from firewall rules"
@@ -0,0 +1,59 @@
+name: 'Terraform Apply'
+description: 'Apply Terraform plan'
+inputs:
+  working_directory:
+    description: 'Working directory for Terraform'
+    required: true
+  plan_file:
+    description: 'Path to the plan file to apply'
+    required: true
+  subscription_id:
+    description: 'Azure subscription ID'
+    required: true
+  tf_debug:
+    description: 'Terraform debug level (e.g., INFO, DEBUG)'
+    required: false
+    default: ''
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Verify Plan File
+      shell: bash
+      run: |
+        if [ ! -f "${{ inputs.working_directory }}/${{ inputs.plan_file }}" ]; then
+          echo "Error: Plan file not found at ${{ inputs.working_directory }}/${{ inputs.plan_file }}"
+          exit 1
+        fi
+        echo "Plan file found: ${{ inputs.working_directory }}/${{ inputs.plan_file }}"
+
+    - name: Terraform Version
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      run: |
+        echo "Terraform version:"
+        terraform version
+
+    - name: Terraform Apply
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      env:
+        TF_IN_AUTOMATION: 'true'
+        TF_LOG: ${{ inputs.tf_debug }}
+        ARM_USE_OIDC: 'true'
+        ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
+        ARM_TENANT_ID: ${{ env.TENANT_ID }}
+      run: |
+        echo "Environment variables:"
+        env | grep -E '^(ARM_|TF_|GITHUB_)' | sort
+        
+        echo -e "\n\nApplying Terraform plan..."
+        terraform apply -input=false -auto-approve "${{ inputs.plan_file }}"
+        
+        exit_code=$?
+        if [ $exit_code -ne 0 ]; then
+          echo "Terraform apply failed with exit code: $exit_code"
+          exit 1
+        fi
+        
+        echo "Terraform apply completed successfully"
@@ -0,0 +1,51 @@
+name: 'Terraform Destroy'
+description: 'Destroy Terraform-managed infrastructure'
+inputs:
+  working_directory:
+    description: 'Working directory for Terraform'
+    required: true
+  subscription_id:
+    description: 'Azure subscription ID'
+    required: true
+  additional_parameters:
+    description: 'Additional Terraform destroy parameters'
+    required: false
+    default: ''
+  tf_debug:
+    description: 'Terraform debug level (e.g., INFO, DEBUG)'
+    required: false
+    default: ''
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Terraform Version
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      run: |
+        echo "Terraform version:"
+        terraform version
+
+    - name: Terraform Destroy
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      env:
+        TF_IN_AUTOMATION: 'true'
+        TF_LOG: ${{ inputs.tf_debug }}
+        ARM_USE_OIDC: 'true'
+        ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
+        ARM_TENANT_ID: ${{ env.TENANT_ID }}
+      run: |
+        echo "Environment variables:"
+        env | grep -E '^(ARM_|TF_|GITHUB_)' | sort
+        
+        echo -e "\n\nWARNING: Destroying infrastructure..."
+        terraform destroy ${{ inputs.additional_parameters }} -input=false -auto-approve
+        
+        exit_code=$?
+        if [ $exit_code -ne 0 ]; then
+          echo "Terraform destroy failed with exit code: $exit_code"
+          exit 1
+        fi
+        
+        echo "Terraform destroy completed successfully"
@@ -0,0 +1,119 @@
+name: 'Terraform Init'
+description: 'Initialize Terraform with Azure backend'
+inputs:
+  working_directory:
+    description: 'Working directory for Terraform'
+    required: true
+  backend_subscription_id:
+    description: 'Azure subscription ID for backend storage'
+    required: true
+  backend_resource_group:
+    description: 'Resource group for backend storage'
+    required: true
+  backend_storage_account:
+    description: 'Storage account for backend'
+    required: true
+  backend_container:
+    description: 'Storage container for state files'
+    required: true
+    default: 'tfstate'
+  backend_key:
+    description: 'State file key/name'
+    required: true
+  subscription_id:
+    description: 'Target Azure subscription ID'
+    required: true
+  terraform_version:
+    description: 'Terraform version to use'
+    required: false
+    default: '1.11.2'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Create backend.tf
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      run: |
+        cat > backend.tf <<EOF
+        terraform {
+          backend "azurerm" {
+            subscription_id      = "${{ inputs.backend_subscription_id }}"
+            resource_group_name  = "${{ inputs.backend_resource_group }}"
+            storage_account_name = "${{ inputs.backend_storage_account }}"
+            container_name       = "${{ inputs.backend_container }}"
+            key                  = "${{ inputs.backend_key }}"
+          }
+        }
+        EOF
+        echo "Created backend.tf:"
+        cat backend.tf
+
+    - name: Set Terraform Version
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      run: |
+        if [ -f .terraform-version ]; then
+          echo "Removing existing .terraform-version file"
+          rm -f .terraform-version
+        fi
+        
+        echo "${{ inputs.terraform_version }}" > .terraform-version
+        echo "Created .terraform-version:"
+        cat .terraform-version
+        
+        echo "Current directory contents:"
+        ls -la
+
+    - name: Check Terraform Version and Lockfile
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      run: |
+        if [ -f .terraform-version ]; then
+          echo ".terraform-version file found:"
+          cat .terraform-version
+        fi
+        
+        echo "Terraform version:"
+        terraform version
+        
+        if [ -f .terraform.lock.hcl ]; then
+          echo ".terraform.lock.hcl file found:"
+          cat .terraform.lock.hcl
+        else
+          echo "No .terraform.lock.hcl file found"
+        fi
+
+    - name: Configure Git for Module Access
+      shell: bash
+      run: |
+        git config --global credential.helper store
+        echo "https://${{ github.actor }}:${{ github.token }}@github.com" > ~/.git-credentials
+
+    - name: Terraform Init
+      shell: bash
+      working-directory: ${{ inputs.working_directory }}
+      env:
+        TF_IN_AUTOMATION: 'true'
+        ARM_USE_MSI: 'false'
+        ARM_USE_OIDC: 'true'
+        ARM_SUBSCRIPTION_ID: ${{ inputs.subscription_id }}
+        ARM_TENANT_ID: ${{ env.TENANT_ID }}
+      run: |
+        echo "All Environment Variables:"
+        env | sort
+        
+        echo -e "\n\nSetting Azure subscription: ${{ inputs.backend_subscription_id }}"
+        az account set -s ${{ inputs.backend_subscription_id }}
+        az account show
+        
+        echo -e "\n\nInitializing Terraform..."
+        terraform init
+        
+        echo -e "\n\nContents of Terraform Providers Lock File:"
+        if [ -f .terraform.lock.hcl ]; then
+          cat .terraform.lock.hcl
+        fi
+        
+        echo -e "\n\nList Terraform Providers:"
+        terraform providers