prepare for avm repos, add manually trigger apply

2024-01-09 14:06:45 +08:00 · 2024-01-09 14:06:45 +08:00 · 361e279df3
--- a/.github/workflows/apply.yaml
+++ b/.github/workflows/apply.yaml
@ -0,0 +1,26 @@
+name: Terraform Apply
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  apply:
+    runs-on: [self-hosted, 1ES.Pool=terraform-azurerm-container-apps]
+    environment:
+      name: tfstate
+    steps:
+      - name: checkout
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
+        with:
+          submodules: "recursive"
+      - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # 2.0.3
+      - name: apply
+        run: |
+          az login --identity --username $MSI_ID > /dev/null
+          export ARM_SUBSCRIPTION_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .id')
+          export ARM_TENANT_ID=$(az login --identity --username $MSI_ID | jq -r '.[0] | .tenantId')
+          export ARM_USE_MSI=true
+          sh scripts/terragrunt-init.sh
+          terraform apply -auto-approve -input=false -compact-warnings
--- a/.github/workflows/pr-check.yaml
+++ b/.github/workflows/pr-check.yaml
@ -19,6 +19,8 @@ jobs:
    steps:
      - name: checkout
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # 3.6.0
+        with:
+          submodules: "recursive"
      - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # 2.0.3
      - name: plan
        run: |
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "Azure-Verified-Modules"]
+	path = Azure-Verified-Modules
+	url = https://github.com/Azure/Azure-Verified-Modules.git
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit ed2b0882551b5b25e19bc80b73f6713997e85183
--- a/locals.tf
+++ b/locals.tf
@ -12,7 +12,15 @@ locals {
    "https://github.com/Azure/terraform-azurerm-avm-ptn-vnetgateway": "terraform-azurerm-vnet-gateway"
    "https://github.com/Azure/terraform-azurerm-avm-ptn-alz-management": "terraform-azurerm-alz-management"
  })
-  repos = [
+  bypass_set = toset([
+    "https://github.com/Azure/terraform-azurerm-avm-res-authorization-roleassignment",   # needs access at higher scopes than subscription
+    "https://github.com/Azure/terraform-azurerm-avm-ptn-alz",
+  ])
+  avm_res_mod_csv = file("${path.module}/Azure-Verified-Modules/docs/static/module-indexes/TerraformResourceModules.csv")
+  avm_pattern_mod_csv = file("${path.module}/Azure-Verified-Modules/docs/static/module-indexes/TerraformPatternModules.csv")
+  avm_res_mod_repos = [for i in csvdecode(local.avm_res_mod_csv) : i.RepoURL]
+  avm_pattern_mod_repos = [for i in csvdecode(local.avm_pattern_mod_csv) : i.RepoURL]
+  repos = [for r in concat([
    "https://github.com/Azure/terraform-azurerm-aks",
    "https://github.com/Azure/terraform-azurerm-compute",
    "https://github.com/Azure/terraform-azurerm-loadbalancer",
@ -33,7 +41,7 @@ locals {
    "https://github.com/Azure/terraform-azurerm-avm-res-storage-storageaccounts",
    "https://github.com/Azure/terraform-azurerm-avm-res-keyvault-vault",
    "https://github.com/WodansSon/terraform-azurerm-cdn-frontdoor",
-  ]
+  ], local.avm_pattern_mod_repos, local.avm_res_mod_repos) : r if !contains(local.bypass_set, r)]
  repos_fw = [
 #    "https://github.com/lonegunmanb/terraform-azurerm-aks",
  ]
				`@ -0,0 +1 @@`
				`Subproject commit ed2b0882551b5b25e19bc80b73f6713997e85183`