GorillaStack provides cost-optimization, backup and security superpowers for users to employ in their AWS environments. Customers drive configuration through the web application, API and more recently through a Terraform provider.
This action allows customers to keep the source of truth for their GorillaStack config in their repository, automatically validate templates on every push and apply them on a merge to master.
To maintain state in the .tfstate files generated by Terraform, we have provided a CloudFormation template to help users create an S3 bucket and a user with minimal privileges required to read/write to that bucket created.
Note Please do not modify the region or the stack name. When the action runs, it needs to look for a stack of that name in that region in order to get the generated bucket name from the CloudFormation outputs.
aws cloudformation deploy \
--template-file https://gorillastack-cloudformation-templates.s3.amazonaws.com/github-action-bucket-template.yml \
--stack-name github-actions-gorillastack-tfstate \
--capabilities CAPABILITY_NAMED_IAM \
--region us-east-1Click this button launch this stack in the AWS CloudFormation Console.
You will need to check the box to confirm the creation of IAM resources in the template.
There are 4 secrets that you will need to set in your GitHub repository to configure this action:
| Secret Name | Purpose |
|---|---|
| AWS_ACCESS_KEY_ID | AWS Creds required to access the created S3 bucket to store and retrieve tfstate |
| AWS_SECRET_ACCESS_KEY | AWS Creds required to access the created S3 bucket to store and retrieve tfstate |
| GORILLASTACK_API_KEY | GorillaStack API Key, scoped as read-write or read-only, tied to your user identity |
| GORILLASTACK_TEAM_ID | GorillaStack Team Id, sets context of which team/tenant you are targeting |
Within your GitHub repository, navigate to Settings > Secrets to set the secrets for this action.
A user was created as part of the CloudFormation Stack deployed above. You will need to create access keys for this user, that you will then set as secrets in your GitHub repository.
Do this either via AWS CLI:
aws iam create-access-key --user-name github-actions-gorillastack-tfstate-useror via AWS Console:
- Navigate to the IAM User configuration for the github-actions-gorillastack-tfstate-user
- Click on the "Create Access Key" button
- Copy the "Access Key Id" and "Secret Access Key" from the modal
If you have not used the GorillaStack API yet, please follow this documentation to generate a key and retrieve the Team Id.
Create workflow .yml files under .github/workflows, or integrate these steps into your own workflows.
Use these inputs to customise the action.
| Input Name | Default | Required? | Description |
|---|---|---|---|
| action | validate | Y | Can be validate or apply to either validate or apply the templates in the repo |
| stack_name | github-actions-gorillastack-tfstate | N | If you customised the name of the stack when deploying it, please specify that name for the stack in this input |
| aws_default_region | us-east-1 | N | If you deployed the stack in a region other than us-east-1, please specify it in this input |
| aws_access_key_id | N/A | Only for action=apply |
Set this to be ${{ secrets.AWS_ACCESS_KEY_ID }}. See purpose in section above |
| aws_secret_access_key | N/A | Only for action=apply |
Set this to be ${{ secrets.AWS_SECRET_ACCESS_KEY }}. See purpose in section above |
| gorillastack_api_key | N/A | Only for action=apply |
Set this to be ${{ secrets.GORILLASTACK_API_KEY }}. See purpose in section above |
| gorillastack_team_id | N/A | Only for action=apply |
Set this to be ${{ secrets.GORILLASTACK_TEAM_ID }}. See purpose in section above |
None.
on: [push]
jobs:
run:
name: Validate GorillaStack config templates
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@master
- name: Validate templates
uses: 'GorillaStack/github-action-apply-on-merge'on:
push:
branches:
- master
jobs:
run:
name: Apply GorillaStack config templates
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@master
- name: Apply templates
uses: 'GorillaStack/github-action-apply-on-merge'
with:
action: apply
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
gorillastack_api_key: ${{ secrets.GORILLASTACK_API_KEY }}
gorillastack_team_id: ${{ secrets.GORILLASTACK_TEAM_ID }}