stone-monkeys/continue_config.yml Secret

## continue_config.yml
version: 2.1

orbs:
  terraform: circleci/terraform@3.2.1
  aws-cli: circleci/aws-cli@3.1.3


parameters:
  run-orb-tests:
    type: boolean
    default: false
  global:
    type: boolean
    default: false
  namer-eks:
    type: boolean
    default: false
  namer-platforms:
    type: boolean
    default: false
  emea-eks:
    type: boolean
    default: false
  emea-platforms:
    type: boolean
    default: false
  japac-eks:
    type: boolean
    default: false
  japac-platforms:
    type: boolean
    default: false

tf_job_defaults: &tf_job_defaults
  context:
    - empty-context #to explicitly generate OIDC token
  pre-steps:
    - checkout
    - add_ssh_keys:
        fingerprints:
          - <finger-print>
    - aws-cli/install
    - aws-cli/assume-role-with-web-identity:
        role-arn: <role-arn>
        role-session-name: "cci-ceratf-deployment-<< pipeline.number >>"
    - run:
        name: Create AWS credentials file
        command: |
          mkdir -p ~/.aws && \
          source $BASH_ENV && \
          cat > ~/.aws/credentials \<<EOF
          [default]
          aws_access_key_id=${AWS_ACCESS_KEY_ID}
          aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}
          aws_session_token=${AWS_SESSION_TOKEN}
          EOF
    - run:
        name: Install Kubectl
        command: |
            curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
            chmod a+x kubectl
            mv kubectl /usr/local/bin
    - run:
        name: Install Modern TF
        command: |
            cd ~
            curl -LO "https://releases.hashicorp.com/terraform/1.7.0/terraform_1.7.0_linux_amd64.zip"
            unzip terraform_1.7.0*
            chmod a+x terraform
            mv terraform /usr/local/bin
jobs:
  global:
    executor: terraform/default
    steps:
      - checkout
      - run: mkdir workspace
      - terraform/fmt:
          path: ./global
      - terraform/validate:
          path: ./global
      - terraform/apply:
          path: ./global
      - persist_to_workspace:
          root: workspace
          paths:
            - ./

  namer-eks:
    executor: terraform/default
    steps:
      - checkout
      - attach_workspace:
          at: /workspace
      - terraform/fmt:
          path: ./namer-eks
      - terraform/validate:
          path: ./namer-eks
      - terraform/apply:
          path: ./namer-eks
      - persist_to_workspace:
          root: /workspace
          paths:
            - ./

  namer-platforms:
    executor: terraform/default
    steps:
      - checkout
      - attach_workspace:
          at: /workspace
      - terraform/fmt:
          path: ./namer-platforms
      - terraform/validate:
          path: ./namer-platforms
      - terraform/apply:
          path: ./namer-platforms
      - persist_to_workspace:
          root: /workspace
          paths:
            - ./

  emea-eks:
    executor: terraform/default
    steps:
      - checkout
      - attach_workspace:
          at: /workspace
      - terraform/fmt:
          path: ./emea-eks
      - terraform/validate:
          path: ./emea-eks
      - terraform/apply:
          path: ./emea-eks
      - persist_to_workspace:
          root: /workspace
          paths:
            - ./


  emea-platforms:
    executor: terraform/default
    steps:
      - checkout
      - attach_workspace:
          at: /workspace
      - terraform/fmt:
          path: ./emea-platforms
      - terraform/validate:
          path: ./emea-platforms
      - terraform/apply:
          path: ./emea-platforms
      - persist_to_workspace:
          root: /workspace
          paths:
            - ./

  japac-eks:
    executor: terraform/default
    steps:
      - checkout
      - attach_workspace:
          at: /workspace
      - terraform/fmt:
          path: ./japac-eks
      - terraform/validate:
          path: ./japac-eks
      - terraform/apply:
          path: ./japac-eks
      - persist_to_workspace:
          root: /workspace
          paths:
            - ./

  japac-platforms:
    executor: terraform/default
    steps:
      - checkout
      - attach_workspace:
          at: /workspace
      - terraform/fmt:
          path: ./japac-platforms
      - terraform/validate:
          path: ./japac-platforms
      - terraform/apply:
          path: ./japac-platforms
      - persist_to_workspace:
          root: /workspace
          paths:
            - ./

workflows:
  global-workflow:
    when: << pipeline.parameters.global >>
    jobs:
      - global:
          <<: *tf_job_defaults
      - namer-eks:
          requires:
            - global
          <<: *tf_job_defaults
      - namer-platforms:
          requires:
            - namer-eks
          <<: *tf_job_defaults
          context:
            - CERA-INIT-NAMER
      - emea-eks:
          requires:
            - global
          <<: *tf_job_defaults
      - emea-platforms:
          requires:
            - emea-eks
          <<: *tf_job_defaults
          context:
            - CERA-INIT-EMEA
      - japac-eks:
          requires:
            - global
          <<: *tf_job_defaults
      - japac-platforms:
          requires:
            - japac-eks
          <<: *tf_job_defaults
          context:
            - CERA-INIT-JAPAC

  eks_layer_namer:
    when:
      and:
        - not: << pipeline.parameters.global >>
        - equal: [ true, <<pipeline.parameters.namer-eks>> ]
    jobs:
      - namer-eks:
          <<: *tf_job_defaults
      - namer-platforms:
          requires:
            - namer-eks
          <<: *tf_job_defaults

  platform_layer_namer:
    when:
      and:
       - not: << pipeline.parameters.global >>
       - not: <<pipeline.parameters.namer-eks>>
       - equal: [ true, <<pipeline.parameters.namer-platforms>> ]
    jobs:
      - namer-platforms:
          <<: *tf_job_defaults
          context:
            - CERA-INIT-NAMER

  eks_layer_emea:
    when:
      and:
        - not: << pipeline.parameters.global >>
        - equal: [ true, <<pipeline.parameters.emea-eks>> ]
    jobs:
      - emea-eks:
          <<: *tf_job_defaults
      - emea-platforms:
          requires:
            - emea-eks
          <<: *tf_job_defaults

  platform_layer_emea:
    when:
      and:
       - not: << pipeline.parameters.global >>
       - not: <<pipeline.parameters.emea-eks>>
       - equal: [ true, <<pipeline.parameters.emea-platforms>> ]
    jobs:
      - emea-platforms:
          <<: *tf_job_defaults
          context:
            - CERA-INIT-EMEA

  eks_layer_japac:
    when:
      and:
        - not: << pipeline.parameters.global >>
        - equal: [ true, <<pipeline.parameters.japac-eks>> ]
    jobs:
      - japac-eks:
          <<: *tf_job_defaults
      - japac-platforms:
          requires:
            - japac-eks
          <<: *tf_job_defaults

  platform_layer_japac:
    when:
      and:
       - not: << pipeline.parameters.global >>
       - not: <<pipeline.parameters.japac-eks>>
       - equal: [ true, <<pipeline.parameters.japac-platforms>> ]
    jobs:
      - japac-platforms:
          <<: *tf_job_defaults
          context:
            - CERA-INIT-JAPAC

## setup_config.yml
version: 2.1

setup: << pipeline.parameters.run-setup-workflow >>

orbs:
  continuation: circleci/continuation@1.0.0
  path-filtering: circleci/path-filtering@0.1.7
  terraform: circleci/terraform@3.2.1

parameters:
  run-setup-workflow:
    type: boolean
    default: true

workflows:
  setup-workflow:
    jobs:
      - path-filtering/filter:
          base-revision: main
          config-path: .circleci/continue-config.yml
          mapping: |
            global/.* global true
            namer-eks/.* namer-eks true
            emea-eks/.* emea-eks true
            japac-eks/.* japac-eks true
            namer-platforms/.* namer-platforms true
            emea-platforms/.* emea-platforms true
            japac-platforms/.* japac-platforms true
	version: 2.1

	orbs:
	terraform: circleci/terraform@3.2.1
	aws-cli: circleci/aws-cli@3.1.3


	parameters:
	run-orb-tests:
	type: boolean
	default: false
	global:
	type: boolean
	default: false
	namer-eks:
	type: boolean
	default: false
	namer-platforms:
	type: boolean
	default: false
	emea-eks:
	type: boolean
	default: false
	emea-platforms:
	type: boolean
	default: false
	japac-eks:
	type: boolean
	default: false
	japac-platforms:
	type: boolean
	default: false

	tf_job_defaults: &tf_job_defaults
	context:
	- empty-context #to explicitly generate OIDC token
	pre-steps:
	- checkout
	- add_ssh_keys:
	fingerprints:
	- <finger-print>
	- aws-cli/install
	- aws-cli/assume-role-with-web-identity:
	role-arn: <role-arn>
	role-session-name: "cci-ceratf-deployment-<< pipeline.number >>"
	- run:
	name: Create AWS credentials file
	command: \|
	mkdir -p ~/.aws && \
	source $BASH_ENV && \
	cat > ~/.aws/credentials \<<EOF
	[default]
	aws_access_key_id=${AWS_ACCESS_KEY_ID}
	aws_secret_access_key=${AWS_SECRET_ACCESS_KEY}
	aws_session_token=${AWS_SESSION_TOKEN}
	EOF
	- run:
	name: Install Kubectl
	command: \|
	curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
	chmod a+x kubectl
	mv kubectl /usr/local/bin
	- run:
	name: Install Modern TF
	command: \|
	cd ~
	curl -LO "https://releases.hashicorp.com/terraform/1.7.0/terraform_1.7.0_linux_amd64.zip"
	unzip terraform_1.7.0*
	chmod a+x terraform
	mv terraform /usr/local/bin
	jobs:
	global:
	executor: terraform/default
	steps:
	- checkout
	- run: mkdir workspace
	- terraform/fmt:
	path: ./global
	- terraform/validate:
	path: ./global
	- terraform/apply:
	path: ./global
	- persist_to_workspace:
	root: workspace
	paths:
	- ./

	namer-eks:
	executor: terraform/default
	steps:
	- checkout
	- attach_workspace:
	at: /workspace
	- terraform/fmt:
	path: ./namer-eks
	- terraform/validate:
	path: ./namer-eks
	- terraform/apply:
	path: ./namer-eks
	- persist_to_workspace:
	root: /workspace
	paths:
	- ./

	namer-platforms:
	executor: terraform/default
	steps:
	- checkout
	- attach_workspace:
	at: /workspace
	- terraform/fmt:
	path: ./namer-platforms
	- terraform/validate:
	path: ./namer-platforms
	- terraform/apply:
	path: ./namer-platforms
	- persist_to_workspace:
	root: /workspace
	paths:
	- ./

	emea-eks:
	executor: terraform/default
	steps:
	- checkout
	- attach_workspace:
	at: /workspace
	- terraform/fmt:
	path: ./emea-eks
	- terraform/validate:
	path: ./emea-eks
	- terraform/apply:
	path: ./emea-eks
	- persist_to_workspace:
	root: /workspace
	paths:
	- ./


	emea-platforms:
	executor: terraform/default
	steps:
	- checkout
	- attach_workspace:
	at: /workspace
	- terraform/fmt:
	path: ./emea-platforms
	- terraform/validate:
	path: ./emea-platforms
	- terraform/apply:
	path: ./emea-platforms
	- persist_to_workspace:
	root: /workspace
	paths:
	- ./

	japac-eks:
	executor: terraform/default
	steps:
	- checkout
	- attach_workspace:
	at: /workspace
	- terraform/fmt:
	path: ./japac-eks
	- terraform/validate:
	path: ./japac-eks
	- terraform/apply:
	path: ./japac-eks
	- persist_to_workspace:
	root: /workspace
	paths:
	- ./

	japac-platforms:
	executor: terraform/default
	steps:
	- checkout
	- attach_workspace:
	at: /workspace
	- terraform/fmt:
	path: ./japac-platforms
	- terraform/validate:
	path: ./japac-platforms
	- terraform/apply:
	path: ./japac-platforms
	- persist_to_workspace:
	root: /workspace
	paths:
	- ./

	workflows:
	global-workflow:
	when: << pipeline.parameters.global >>
	jobs:
	- global:
	<<: *tf_job_defaults
	- namer-eks:
	requires:
	- global
	<<: *tf_job_defaults
	- namer-platforms:
	requires:
	- namer-eks
	<<: *tf_job_defaults
	context:
	- CERA-INIT-NAMER
	- emea-eks:
	requires:
	- global
	<<: *tf_job_defaults
	- emea-platforms:
	requires:
	- emea-eks
	<<: *tf_job_defaults
	context:
	- CERA-INIT-EMEA
	- japac-eks:
	requires:
	- global
	<<: *tf_job_defaults
	- japac-platforms:
	requires:
	- japac-eks
	<<: *tf_job_defaults
	context:
	- CERA-INIT-JAPAC

	eks_layer_namer:
	when:
	and:
	- not: << pipeline.parameters.global >>
	- equal: [ true, <<pipeline.parameters.namer-eks>> ]
	jobs:
	- namer-eks:
	<<: *tf_job_defaults
	- namer-platforms:
	requires:
	- namer-eks
	<<: *tf_job_defaults

	platform_layer_namer:
	when:
	and:
	- not: << pipeline.parameters.global >>
	- not: <<pipeline.parameters.namer-eks>>
	- equal: [ true, <<pipeline.parameters.namer-platforms>> ]
	jobs:
	- namer-platforms:
	<<: *tf_job_defaults
	context:
	- CERA-INIT-NAMER

	eks_layer_emea:
	when:
	and:
	- not: << pipeline.parameters.global >>
	- equal: [ true, <<pipeline.parameters.emea-eks>> ]
	jobs:
	- emea-eks:
	<<: *tf_job_defaults
	- emea-platforms:
	requires:
	- emea-eks
	<<: *tf_job_defaults

	platform_layer_emea:
	when:
	and:
	- not: << pipeline.parameters.global >>
	- not: <<pipeline.parameters.emea-eks>>
	- equal: [ true, <<pipeline.parameters.emea-platforms>> ]
	jobs:
	- emea-platforms:
	<<: *tf_job_defaults
	context:
	- CERA-INIT-EMEA

	eks_layer_japac:
	when:
	and:
	- not: << pipeline.parameters.global >>
	- equal: [ true, <<pipeline.parameters.japac-eks>> ]
	jobs:
	- japac-eks:
	<<: *tf_job_defaults
	- japac-platforms:
	requires:
	- japac-eks
	<<: *tf_job_defaults

	platform_layer_japac:
	when:
	and:
	- not: << pipeline.parameters.global >>
	- not: <<pipeline.parameters.japac-eks>>
	- equal: [ true, <<pipeline.parameters.japac-platforms>> ]
	jobs:
	- japac-platforms:
	<<: *tf_job_defaults
	context:
	- CERA-INIT-JAPAC
	version: 2.1

	setup: << pipeline.parameters.run-setup-workflow >>

	orbs:
	continuation: circleci/continuation@1.0.0
	path-filtering: circleci/path-filtering@0.1.7
	terraform: circleci/terraform@3.2.1

	parameters:
	run-setup-workflow:
	type: boolean
	default: true

	workflows:
	setup-workflow:
	jobs:
	- path-filtering/filter:
	base-revision: main
	config-path: .circleci/continue-config.yml
	mapping: \|
	global/.* global true
	namer-eks/.* namer-eks true
	emea-eks/.* emea-eks true
	japac-eks/.* japac-eks true
	namer-platforms/.* namer-platforms true
	emea-platforms/.* emea-platforms true
	japac-platforms/.* japac-platforms true