This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
export AWS_ROLE_ARN=arn:aws:iam::1234567890:role/RoleToAssume | |
export AWS_WEB_IDENTITY_TOKEN_FILE=/tmp/awscreds | |
export AWS_DEFAULT_REGION=<region> | |
export DEFAULT_PARALLEL_JOBS=4 | |
OUTPUT_TOKEN_REQUEST=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL") | |
echo "$OUTPUT_TOKEN_REQUEST" | jq -r '.value' > /tmp/awscreds | |
RET=1 | |
MAX_RETRIES=5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module "terraform-aws-s3-bucket" { | |
source = "github.com/terraform-aws-modules/terraform-aws-s3-bucket" | |
object_lock_enabled = false | |
bucket = "<BUCKET_NAME>" | |
} | |
These resources are listed in the module but not in the dependencies | |
(hence will be created in the next terraform apply): | |
# aws_s3_bucket_logging |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
terraform import module.terraform-aws-s3-bucket.aws_s3_bucket.main_bucket[0] BUCKET_NAME |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform | |
on: [push] | |
jobs: | |
terraform: | |
name: Apply Terraform | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
node { | |
stage("Clone repository") { | |
git url: "https://github.com/<username>/<repository>.git" | |
} | |
stage("Scan code with trivy") { | |
sh "trivy --exit-code 1 --severity CRITICAL <repository>" | |
} | |
stage("Run infracost") { | |
sh "infracost --no-color" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import ( | |
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3" | |
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/sns" | |
"github.com/pulumi/pulumi/sdk/v2/go/pulumi" | |
) | |
func main() { | |
pulumi.Run(func(ctx *pulumi.Context) error { | |
// Create an S3 bucket. | |
bucket, err := s3.NewBucket(ctx, "my-bucket", &s3.BucketArgs{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
region = "us-east-1" | |
} | |
# Create an EKS cluster | |
resource "aws_eks_cluster" "eks_cluster" { | |
name = "my-eks-cluster" | |
role_arn = aws_iam_role.eks_cluster_role.arn | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ "data": { "project": { "id": "gid://gitlab/Project/", "terraformStates": { "count": 1, "nodes": [ { "id": "gid://gitlab/Terraform::State/", "name": "", "lockedAt": null, "updatedAt": "2022-08-02T19:55:26Z", "deletedAt": null, "lockedByUser": null, "latestVersion": { "id": "gid://gitlab/Terraform::StateVersion/", "downloadPath": "/api/v4/projects//terraform/state//versions/0", "serial": 0, "updatedAt": "2022-08-02T19:55:26Z", "createdByUser": null, "job": null, "__typename": "TerraformStateVersion" }, "__typename": "TerraformState" } ], "pageInfo": { "hasNextPage": false, "hasPreviousPage": false, "startCursor": "", "endCursor": "", "__typename": "PageInfo" }, "__typename": "TerraformStateConnection" }, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST https://{{GITLAB-HOST}}/api/graphql { "operationName": "getStates", "variables": { "projectPath": "sefi/tf-demo", "first": 50, "after": null, "last": null, "before": null }, "query": "query getStates($projectPath: ID!, $first: Int, $last: Int, $before: String, $after: String) {\n project(fullPath: $projectPath) {\n id\n terraformStates(first: $first, last: $last, before: $before, after: $after) {\n count\n nodes {\n ...State\n __typename\n }\n pageInfo {\n ...PageInfo\n __typename\n }\n __typename\n }\n __typename\n }\n}\n\nfragment State on TerraformState {\n id\n name\n lockedAt\n updatedAt\n deletedAt\n lockedByUser {\n ...User\n __typename\n }\n latestVersion {\n ...StateVersion\n __typename\n }\n __typename\n}\n\nfragment User on User {\n id\n avatarUrl\n name\n username\n webUrl\n __typename\n}\n\nfragment StateVersion on TerraformStateVersion {\n id\n downloadPath\n serial\n updatedAt\n createdByUser {\n ...User\n __typename\n }\n job {\n id\n detailedStatus {\n id\n detailsPath\n group\n icon\n l |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def _handle_event(event_detail_type: str, event_detail: dict) -> None: | |
try: | |
handle_task(event_detail_type, event) | |
except ExecutionSyncError: # Raised if this is a "task_completed" event, and "task_started" hasn't arrive yet | |
if event.retry_count < MAX_RETRY_COUNT: | |
logger.info('Events are not in sync, sending this event to the retry queue ' | |
f'(retry_count={event.retry_count})') | |
event.retry_count += 1 | |
message = { | |
DETAIL_TYPE: event_detail_type, |
NewerOlder