[f397ea42] digger plan main By: b- PR: 5 #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Digger Workflow | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| spec: | |
| description: Digger spec input | |
| required: true | |
| run_name: | |
| description: Digger run name | |
| required: false | |
| run-name: '${{inputs.run_name}}' | |
| jobs: | |
| digger-job: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # required to merge PRs | |
| actions: write # required for plan persistence | |
| id-token: write # required for workload-identity-federation | |
| pull-requests: write # required to post PR comments | |
| issues: read # required to check if PR number is an issue or not | |
| statuses: write # required to validate combined PR status | |
| steps: | |
| - uses: actions/checkout@v5 | |
| # | |
| ###- uses: ./.github/workflows/infra_connect.yml | |
| - name: Install 1Password CLI | |
| uses: 1password/install-cli-action@v2 | |
| - name: Load secrets | |
| id: load-secrets | |
| uses: 1password/load-secrets-action@v3 | |
| with: | |
| export-env: false # Export loaded secrets as environment variables | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| #TF_ENCRYPT_PASSPHRASE: "op://perchnet/tf_encrypt_passphrase/password" | |
| #TF_API_TOKEN: "op://perchnet/terraform-token-github-actions/credential" | |
| TS_OAUTH_CLIENT_ID: "op://perchnet/tailscale-oauth-github-runner/username" | |
| TS_OAUTH_CLIENT_SECRET: "op://perchnet/tailscale-oauth-github-runner/credential" | |
| TF_VAR_onepassword_sdk_token: "op://perchnet/1p-terraform/credential" | |
| OCI_region: "op://perchnet/oci-terraform/oci-meta/region" | |
| OCI_user_ocid: "op://perchnet/oci-terraform/oci-meta/user_ocid" | |
| OCI_compartment_ocid: "op://perchnet/oci-terraform/oci-meta/compartment_ocid" | |
| OCI_tenancy_ocid: "op://perchnet/oci-terraform/oci-meta/tenancy_ocid" | |
| OCI_fingerprint: "op://perchnet/oci-terraform/oci-meta/fingerprint" | |
| OCI_private_key: "op://perchnet/oci-terraform/private key" | |
| #TF_VAR_state_par_url: "op://perchnet/oci-par-url/password" | |
| #SSH_PRIVATE_KEY: "op://perchnet/proxmox-ssh/private key?ssh-format=openssh" | |
| #- name: Inject OCI State URL into TF config | |
| # run: op inject -i backend.tf -o backend.tf -f | |
| # env: | |
| # OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| - name: Connect to Tailscale | |
| uses: tailscale/github-action@v3 | |
| with: | |
| oauth-client-id: ${{ steps.load-secrets.outputs.TS_OAUTH_CLIENT_ID }} | |
| oauth-secret: ${{ steps.load-secrets.outputs.TS_OAUTH_CLIENT_SECRET }} | |
| tags: tag:github-runner | |
| use-cache: "true" | |
| #args: '--accept-routes' | |
| # - uses: mxschmitt/action-tmate@v3 | |
| - run: tailscale ping pve1.shark-perch.ts.net | |
| ### | |
| - name: ${{ fromJSON(github.event.inputs.spec).job_id }} | |
| run: echo "job id ${{ fromJSON(github.event.inputs.spec).job_id }}" | |
| - uses: diggerhq/digger@vLatest | |
| with: | |
| digger-spec: ${{ inputs.spec }} | |
| setup-aws: false | |
| setup-terraform: true | |
| terraform-version: 1.13.2 | |
| env: | |
| GITHUB_CONTEXT: ${{ toJson(github) }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| TF_VAR_onepassword_sdk_token: ${{ steps.load-secrets.outputs.TF_VAR_onepassword_sdk_token }} | |
| OCI_region: ${{ steps.load-secrets.outputs.OCI_region }} | |
| OCI_user_ocid: ${{ steps.load-secrets.outputs.OCI_user_ocid }} | |
| OCI_compartment_ocid: ${{ steps.load-secrets.outputs.OCI_compartment_ocid }} | |
| OCI_tenancy_ocid: ${{ steps.load-secrets.outputs.OCI_tenancy_ocid }} | |
| OCI_fingerprint: ${{ steps.load-secrets.outputs.OCI_fingerprint }} | |
| OCI_private_key: ${{ steps.load-secrets.outputs.OCI_private_key }} |