fix: Write SSH keys to files before Terraform plan/apply
This commit is contained in:
@@ -49,13 +49,21 @@ jobs:
|
|||||||
working-directory: terraform
|
working-directory: terraform
|
||||||
run: terraform validate
|
run: terraform validate
|
||||||
|
|
||||||
|
- name: Setup SSH Keys
|
||||||
|
run: |
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
|
||||||
|
chmod 600 ~/.ssh/id_ed255
|
||||||
|
echo "${{ secrets.SSH_PUBLIC_KEY }}" > ~/.ssh/id_ed25519.pub
|
||||||
|
chmod 644 ~/.ssh/id_ed25519.pub
|
||||||
|
|
||||||
- name: Terraform Plan
|
- name: Terraform Plan
|
||||||
id: plan
|
id: plan
|
||||||
working-directory: terraform
|
working-directory: terraform
|
||||||
run: |
|
run: |
|
||||||
terraform plan \
|
terraform plan \
|
||||||
-var="ssh_public_key=${{ secrets.SSH_PUBLIC_KEY }}" \
|
-var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
|
||||||
-var="ssh_private_key=${{ secrets.SSH_PRIVATE_KEY }}" \
|
-var="ssh_private_key=$HOME/.ssh/id_ed25519" \
|
||||||
-out=tfplan \
|
-out=tfplan \
|
||||||
-no-color
|
-no-color
|
||||||
continue-on-error: true
|
continue-on-error: true
|
||||||
@@ -85,8 +93,8 @@ jobs:
|
|||||||
working-directory: terraform
|
working-directory: terraform
|
||||||
run: |
|
run: |
|
||||||
terraform apply \
|
terraform apply \
|
||||||
-var="ssh_public_key=${{ secrets.SSH_PUBLIC_KEY }}" \
|
-var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
|
||||||
-var="ssh_private_key=${{ secrets.SSH_PRIVATE_KEY }}" \
|
-var="ssh_private_key=$HOME/.ssh/id_ed25519" \
|
||||||
-auto-approve
|
-auto-approve
|
||||||
|
|
||||||
- name: Save Terraform Outputs
|
- name: Save Terraform Outputs
|
||||||
|
|||||||
@@ -42,14 +42,19 @@ jobs:
|
|||||||
-backend-config="secret_key=${{ secrets.S3_SECRET_KEY }}" \
|
-backend-config="secret_key=${{ secrets.S3_SECRET_KEY }}" \
|
||||||
-backend-config="skip_requesting_account_id=true"
|
-backend-config="skip_requesting_account_id=true"
|
||||||
|
|
||||||
|
- name: Setup SSH Keys
|
||||||
|
run: |
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
|
||||||
|
chmod 600 ~/.ssh/id_ed25519
|
||||||
|
echo "${{ secrets.SSH_PUBLIC_KEY }}" > ~/.ssh/id_ed25519.pub
|
||||||
|
chmod 644 ~/.ssh/id_ed25519.pub
|
||||||
|
|
||||||
- name: Terraform Destroy
|
- name: Terraform Destroy
|
||||||
working-directory: terraform
|
working-directory: terraform
|
||||||
run: |
|
run: |
|
||||||
terraform destroy \
|
terraform destroy \
|
||||||
-var="hcloud_token=${{ secrets.HCLOUD_TOKEN }}" \
|
-var="hcloud_token=${{ secrets.HCLOUD_TOKEN }}" \
|
||||||
-var="ssh_public_key=${{ secrets.SSH_PUBLIC_KEY }}" \
|
-var="ssh_public_key=$HOME/.ssh/id_ed25519.pub" \
|
||||||
-var="ssh_private_key=${{ secrets.SSH_PRIVATE_KEY }}" \
|
-var="ssh_private_key=$HOME/.ssh/id_ed25519" \
|
||||||
-var="s3_access_key=${{ secrets.S3_ACCESS_KEY }}" \
|
|
||||||
-var="s3_secret_key=${{ secrets.S3_SECRET_KEY }}" \
|
|
||||||
-var="s3_endpoint=${{ secrets.S3_ENDPOINT }}" \
|
|
||||||
-auto-approve
|
-auto-approve
|
||||||
|
|||||||
Reference in New Issue
Block a user