Production release: 3.21.1 #366
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Terragrunt plan PRODUCTION" | |
on: | |
pull_request: | |
branches: | |
- main | |
paths: | |
- "infrastructure/environments.yml" | |
env: | |
AWS_REGION: ca-central-1 | |
CONFTEST_VERSION: 0.27.0 | |
TERRAFORM_VERSION: 1.9.2 | |
TERRAGRUNT_VERSION: 0.57.5 | |
TF_INPUT: false | |
TF_VAR_client_vpn_access_group_id: ${{ secrets.PRODUCTION_CLIENT_VPN_ACCESS_GROUP_ID }} | |
TF_VAR_client_vpn_saml_metadata: ${{ secrets.PRODUCTION_CLIENT_VPN_SAML_METADATA }} | |
TF_VAR_database_name: ${{ secrets.PRODUCTION_DATABASE_NAME }} | |
TF_VAR_database_username: ${{ secrets.PRODUCTION_DATABASE_USERNAME }} | |
TF_VAR_database_password: ${{ secrets.PRODUCTION_DATABASE_PASSWORD }} | |
TF_VAR_cloudfront_custom_header_name: ${{ secrets.PRODUCTION_CLOUDFRONT_CUSTOM_HEADER_NAME }} | |
TF_VAR_cloudfront_custom_header_value: ${{ secrets.PRODUCTION_CLOUDFRONT_CUSTOM_HEADER_VALUE }} | |
TF_VAR_list_manager_endpoint: ${{ secrets.PRODUCTION_LIST_MANAGER_ENDPOINT }} | |
TF_VAR_default_list_manager_api_key: ${{ secrets.PRODUCTION_DEFAULT_LIST_MANAGER_API_KEY }} | |
TF_VAR_default_notify_api_key: ${{ secrets.PRODUCTION_DEFAULT_NOTIFY_API_KEY }} | |
TF_VAR_encryption_key: ${{ secrets.PRODUCTION_ENCRYPTION_KEY }} | |
TF_VAR_s3_uploads_bucket: ${{ secrets.PRODUCTION_S3_UPLOADS_BUCKET }} | |
TF_VAR_s3_uploads_key: ${{ secrets.PRODUCTION_S3_UPLOADS_KEY }} | |
TF_VAR_s3_uploads_secret: ${{ secrets.PRODUCTION_S3_UPLOADS_SECRET }} | |
TF_VAR_c3_aws_access_key_id: ${{ secrets.PRODUCTION_C3_AWS_ACCESS_KEY_ID }} | |
TF_VAR_c3_aws_secret_access_key: ${{ secrets.PRODUCTION_C3_AWS_SECRET_ACCESS_KEY }} | |
TF_VAR_sentinel_customer_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} | |
TF_VAR_sentinel_shared_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} | |
TF_VAR_slack_webhook_url: ${{ secrets.PRODUCTION_SLACK_WEBHOOK_URL }} | |
TF_VAR_wordpress_auth_key: ${{ secrets.PRODUCTION_WORDPRESS_AUTH_KEY }} | |
TF_VAR_wordpress_secure_auth_key: ${{ secrets.PRODUCTION_WORDPRESS_SECURE_AUTH_KEY }} | |
TF_VAR_wordpress_logged_in_key: ${{ secrets.PRODUCTION_WORDPRESS_LOGGED_IN_KEY }} | |
TF_VAR_wordpress_nonce_key: ${{ secrets.PRODUCTION_WORDPRESS_NONCE_KEY }} | |
TF_VAR_wordpress_auth_salt: ${{ secrets.PRODUCTION_WORDPRESS_AUTH_SALT }} | |
TF_VAR_wordpress_secure_auth_salt: ${{ secrets.PRODUCTION_WORDPRESS_SECURE_AUTH_SALT }} | |
TF_VAR_wordpress_logged_in_salt: ${{ secrets.PRODUCTION_WORDPRESS_LOGGED_IN_SALT }} | |
TF_VAR_wordpress_nonce_salt: ${{ secrets.PRODUCTION_WORDPRESS_NONCE_SALT }} | |
TF_VAR_jwt_auth_secret_key: ${{ secrets.PRODUCTION_JWT_AUTH_SECRET_KEY }} | |
TF_VAR_wpml_site_key: ${{ secrets.PRODUCTION_WPML_SITE_KEY }} | |
TF_VAR_zendesk_api_url: ${{ secrets.ZENDESK_API_URL }} | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: write | |
jobs: | |
environments-manifest: | |
uses: cds-snc/gc-articles/.github/workflows/environments-manifest.yml@main | |
terragrunt-plan-production: | |
needs: environments-manifest | |
runs-on: ubuntu-latest | |
env: | |
TARGET_VERSION: ${{ needs.environments-manifest.outputs.PROD_INFRASTRUCTURE }} | |
PREVIOUS_VERSION: ${{ needs.environments-manifest.outputs.PREV_PROD_INFRASTRUCTURE }} | |
if: needs.environments-manifest.outputs.CONTAINER_DEPLOYMENT == 'false' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
ref: ${{ env.TARGET_VERSION }} | |
- name: Setup terraform tools | |
uses: cds-snc/terraform-tools-setup@v1 | |
- uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # v2.10.4 | |
id: filter | |
with: | |
ref: ${{ env.TARGET_VERSION }} | |
base: ${{ env.PREVIOUS_VERSION }} | |
filters: | | |
common: | |
- '.github/workflows/terragrunt-plan-production.yml' | |
- 'infrastructure/terragrunt/env/common/**' | |
- 'infrastructure/terragrunt/env/terragrunt.hcl' | |
- 'infrastructure/terragrunt/env/prod/env_vars.hcl' | |
alarms: | |
- 'infrastructure/terragrunt/aws/alarms/**' | |
- 'infrastructure/terragrunt/env/prod/alarms/**' | |
database: | |
- 'infrastructure/terragrunt/aws/database/**' | |
- 'infrastructure/terragrunt/env/prod/database/**' | |
ecr: | |
- 'infrastructure/terragrunt/aws/ecr/**' | |
- 'infrastructure/terragrunt/env/prod/ecr/**' | |
ecs: | |
- 'infrastructure/terragrunt/aws/ecs/**' | |
- 'infrastructure/terragrunt/env/prod/ecs/**' | |
hosted-zone: | |
- 'infrastructure/terragrunt/aws/hosted-zone/**' | |
- 'infrastructure/terragrunt/env/prod/hosted-zone/**' | |
load-balancer: | |
- 'infrastructure/terragrunt/aws/load-balancer/**' | |
- 'infrastructure/terragrunt/env/prod/load-balancer/**' | |
network: | |
- 'infrastructure/terragrunt/aws/network/**' | |
- 'infrastructure/terragrunt/env/prod/network/**' | |
storage: | |
- 'infrastructure/terragrunt/aws/storage/**' | |
- 'infrastructure/terragrunt/env/prod/storage/**' | |
- name: Configure AWS credentials using OIDC | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: arn:aws:iam::472286471787:role/gc-articles-plan | |
role-session-name: TFPlan | |
aws-region: ${{ env.AWS_REGION }} | |
# No dependencies | |
- name: Terragrunt plan network | |
if: ${{ steps.filter.outputs.network == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/network" | |
comment-delete: "true" | |
comment-title: "Production: network" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan hosted-zone | |
if: ${{ steps.filter.outputs.hosted-zone == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/hosted-zone" | |
comment-delete: "true" | |
comment-title: "Production: hosted-zone" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan ecr | |
if: ${{ steps.filter.outputs.ecr == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/ecr" | |
comment-delete: "true" | |
comment-title: "Production: ecr" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan storage | |
if: ${{ steps.filter.outputs.storage == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/storage" | |
comment-delete: "true" | |
comment-title: "Production: storage" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Network dependency | |
- name: Terragrunt plan database | |
if: ${{ steps.filter.outputs.database == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/database" | |
comment-delete: "true" | |
comment-title: "Production: database" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan load-balancer | |
if: ${{ steps.filter.outputs.load-balancer == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/load-balancer" | |
comment-delete: "true" | |
comment-title: "Production: load-balancer" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Load-balancer & database dependency | |
- name: Terragrunt plan ecs | |
if: ${{ steps.filter.outputs.ecs == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/ecs" | |
comment-delete: "true" | |
comment-title: "Production: ecs" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on everything | |
- name: Terragrunt plan alarms | |
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
with: | |
directory: "infrastructure/terragrunt/env/prod/alarms" | |
comment-delete: "true" | |
comment-title: "Production: alarms" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" |