[QT-318] Add workflow dispatch trigger for bootstrap workflow, update ssh key name (#18174)

* Added a workflow dispatch trigger for bootstrap workflow, updated ssh key name * Ensure the bootstrap workflow is only run for PRs that change the bootstrapping code
2022-12-02 14:29:20 -05:00 · 2022-12-02 14:29:20 -05:00 · cdb6303c4d
parent ea41e62e83
commit cdb6303c4d
4 changed files with 21 additions and 15 deletions
--- a/.github/workflows/enos-ci-bootstrap.yml
+++ b/.github/workflows/enos-ci-bootstrap.yml
@ -1,19 +1,28 @@
 name: enos-ci-bootstrap

 on:
+  workflow_dispatch:
  pull_request:
    branches:
      - main
+    paths:
+      - enos/ci/**
+      - .github/workflows/enos-ci-bootstrap.yml
  push:
    branches:
      - main
    paths:
      - enos/ci/**
-      - .github/workflows/enos-bootstrap-ci.yml
+      - .github/workflows/enos-ci-bootstrap.yml

 jobs:
  bootstrap-ci:
    runs-on: ubuntu-latest
+    env:
+      TF_WORKSPACE: "${{ github.event.repository.name }}-ci-enos-bootstrap"
+      TF_VAR_repository: ${{ github.event.repository.name }}
+      TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }}
+      TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
    steps:
      - uses: actions/checkout@v3
      - name: Set up Terraform
@ -26,13 +35,9 @@ jobs:
          if ${IS_ENT} == true; then
            echo "aws_role=arn:aws:iam::505811019928:role/github_actions-vault-enterprise_ci" >> $GITHUB_OUTPUT
            echo "aws role set to 'arn:aws:iam::505811019928:role/github_actions-vault-enterprise_ci'"
-            echo "product_line=vault-enterprise" >> $GITHUB_OUTPUT
-            echo "product line set to 'vault-enterprise'"
          else
            echo "aws_role=arn:aws:iam::040730498200:role/github_actions-vault_ci" >> $GITHUB_OUTPUT
            echo "aws role set to 'arn:aws:iam::040730498200:role/github_actions-vault_ci'"
-            echo "product_line=vault" >> $GITHUB_OUTPUT
-            echo "product line set to 'vault'"
          fi
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
@ -46,22 +51,13 @@ jobs:
      - name: Init Terraform
        id: tf_init
        run: |
-          export TF_WORKSPACE="${{ steps.prepare_for_terraform.outputs.product_line }}-ci-enos-bootstrap"
-          export TF_VAR_aws_ssh_public_key="${{ secrets.ENOS_CI_SSH_KEY }}"
-          export TF_TOKEN_app_terraform_io="${{ secrets.TF_API_TOKEN }}"
          terraform -chdir=enos/ci/bootstrap init
      - name: Plan Terraform
        id: tf_plan
        run: |
-          export TF_WORKSPACE="${{ steps.prepare_for_terraform.outputs.product_line }}-ci-enos-bootstrap"
-          export TF_VAR_aws_ssh_public_key="${{ secrets.ENOS_CI_SSH_KEY }}"
-          export TF_TOKEN_app_terraform_io="${{ secrets.TF_API_TOKEN }}"
          terraform -chdir=enos/ci/bootstrap plan
      - name: Apply Terraform
        if: ${{ github.ref == 'refs/heads/main' }}
        id: tf_apply
        run: |
-          export TF_WORKSPACE="${{ steps.prepare_for_terraform.outputs.product_line }}-ci-enos-bootstrap"
-          export TF_VAR_aws_ssh_public_key="${{ secrets.ENOS_CI_SSH_KEY }}"
-          export TF_TOKEN_app_terraform_io="${{ secrets.TF_API_TOKEN }}"
          terraform -chdir=enos/ci/bootstrap apply -auto-approve
--- a/enos/README.md
+++ b/enos/README.md
@ -185,6 +185,7 @@ state will be managed by Terraform Cloud. Here are the steps to configure the Gi
 > cd ./enos/ci/service-user-iam
 > export TF_WORKSPACE=<repo name>-ci-service-user-iam
 > export TF_TOKEN_app_terraform_io=<Terraform Cloud Token>
+> export TF_VAR_aws_ssh_public_key=<public key>
 > export TF_VAR_repository=<repository name>
 > terraform init
 > terraform plan
--- a/enos/ci/bootstrap/main.tf
+++ b/enos/ci/bootstrap/main.tf
@ -34,7 +34,7 @@ provider "aws" {


 locals {
-  key_name = "enos-ci-ssh-key"
+  key_name = "${var.repository}-ci-ssh-key"
 }

 resource "aws_key_pair" "enos_ci_key_us_east_1" {
--- a/enos/ci/bootstrap/variables.tf
+++ b/enos/ci/bootstrap/variables.tf
@ -2,3 +2,12 @@ variable "aws_ssh_public_key" {
  description = "The public key to use for the ssh key"
  type        = string
 }
+
+variable "repository" {
+  description = "The repository to bootstrap the ci for, either 'vault' or 'vault-enterprise'"
+  type        = string
+  validation {
+    condition     = contains(["vault", "vault-enterprise"], var.repository)
+    error_message = "Repository must be one of either 'vault' or 'vault-enterprise'"
+  }
+}