-
Notifications
You must be signed in to change notification settings - Fork 3
128 lines (110 loc) · 5.37 KB
/
deploy-staging-container.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: "Terragrunt deploy STAGING container"
on:
push:
branches:
- main
paths:
- "infrastructure/environments.yml"
pull_request:
branches:
- main
paths:
- "infrastructure/environments.yml"
env:
AWS_REGION: ca-central-1
TERRAFORM_VERSION: 1.7.0
TERRAGRUNT_VERSION: 0.35.6
TF_INPUT: false
TF_VAR_database_name: ${{ secrets.STAGING_DATABASE_NAME }}
TF_VAR_database_username: ${{ secrets.STAGING_DATABASE_USERNAME }}
TF_VAR_database_password: ${{ secrets.STAGING_DATABASE_PASSWORD }}
TF_VAR_cloudfront_custom_header_name: ${{ secrets.STAGING_CLOUDFRONT_CUSTOM_HEADER_NAME }}
TF_VAR_cloudfront_custom_header_value: ${{ secrets.STAGING_CLOUDFRONT_CUSTOM_HEADER_VALUE }}
TF_VAR_list_manager_endpoint: ${{ secrets.STAGING_LIST_MANAGER_ENDPOINT }}
TF_VAR_default_list_manager_api_key: ${{ secrets.STAGING_DEFAULT_LIST_MANAGER_API_KEY }}
TF_VAR_default_notify_api_key: ${{ secrets.STAGING_DEFAULT_NOTIFY_API_KEY }}
TF_VAR_encryption_key: ${{ secrets.STAGING_ENCRYPTION_KEY }}
TF_VAR_s3_uploads_bucket: ${{ secrets.STAGING_S3_UPLOADS_BUCKET }}
TF_VAR_s3_uploads_key: ${{ secrets.STAGING_S3_UPLOADS_KEY }}
TF_VAR_s3_uploads_secret: ${{ secrets.STAGING_S3_UPLOADS_SECRET }}
TF_VAR_c3_aws_access_key_id: ${{ secrets.STAGING_C3_AWS_ACCESS_KEY_ID }}
TF_VAR_c3_aws_secret_access_key: ${{ secrets.STAGING_C3_AWS_SECRET_ACCESS_KEY }}
TF_VAR_sentinel_customer_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
TF_VAR_sentinel_shared_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
TF_VAR_slack_webhook_url: ${{ secrets.STAGING_SLACK_WEBHOOK_URL }}
TF_VAR_wordpress_auth_key: ${{ secrets.STAGING_WORDPRESS_AUTH_KEY }}
TF_VAR_wordpress_secure_auth_key: ${{ secrets.STAGING_WORDPRESS_SECURE_AUTH_KEY }}
TF_VAR_wordpress_logged_in_key: ${{ secrets.STAGING_WORDPRESS_LOGGED_IN_KEY }}
TF_VAR_wordpress_nonce_key: ${{ secrets.STAGING_WORDPRESS_NONCE_KEY }}
TF_VAR_wordpress_auth_salt: ${{ secrets.STAGING_WORDPRESS_AUTH_SALT }}
TF_VAR_wordpress_secure_auth_salt: ${{ secrets.STAGING_WORDPRESS_SECURE_AUTH_SALT }}
TF_VAR_wordpress_logged_in_salt: ${{ secrets.STAGING_WORDPRESS_LOGGED_IN_SALT }}
TF_VAR_wordpress_nonce_salt: ${{ secrets.STAGING_WORDPRESS_NONCE_SALT }}
TF_VAR_jwt_auth_secret_key: ${{ secrets.STAGING_JWT_AUTH_SECRET_KEY }}
TF_VAR_wpml_site_key: ${{ secrets.STAGING_WPML_SITE_KEY }}
TF_VAR_zendesk_api_url: ${{ secrets.ZENDESK_API_URL }}
permissions:
id-token: write
contents: read
pull-requests: write
jobs:
environments-manifest:
uses: cds-snc/gc-articles/.github/workflows/environments-manifest.yml@main
terragrunt-plan-staging:
needs: environments-manifest
runs-on: ubuntu-latest
if: |
github.ref != 'refs/heads/main' &&
github.event_name == 'pull_request' &&
needs.environments-manifest.outputs.CONTAINER_DEPLOYMENT == 'staging'
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup terraform tools
uses: cds-snc/terraform-tools-setup@v1
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::729164266357:role/gc-articles-plan
role-session-name: TFPlanECS
aws-region: ${{ env.AWS_REGION }}
- name: Terragrunt plan ecs
uses: cds-snc/terraform-plan@b84f6e89f3e7b5ecf648a2c036c043c73d82da59 # v3.1.0
with:
directory: "infrastructure/terragrunt/env/staging/ecs"
comment-delete: "true"
comment-title: "Staging: ecs"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-apply-staging:
needs: environments-manifest
runs-on: ubuntu-latest
if: |
github.ref == 'refs/heads/main' &&
github.event_name == 'push' &&
needs.environments-manifest.outputs.CONTAINER_DEPLOYMENT == 'staging'
env:
APACHE_VERSION: ${{ needs.environments-manifest.outputs.STAG_APACHE }}
WORDPRESS_VERSION: ${{ needs.environments-manifest.outputs.STAG_WORDPRESS }}
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Setup terraform tools
uses: cds-snc/terraform-tools-setup@v1
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::729164266357:role/gc-articles-apply
role-session-name: TFApplyECS
aws-region: ${{ env.AWS_REGION }}
- name: Terragrunt apply ecs
working-directory: infrastructure/terragrunt/env/staging/ecs
run: terragrunt apply --terragrunt-non-interactive -auto-approve
- name: Report deployment to Sentinel
if: always()
uses: cds-snc/sentinel-forward-data-action@main
with:
input_data: '{"product": "articles", "sha": "${{ github.sha }}", "version": "Apache ${{ env.APACHE_VERSION }}, Wordpress ${{ env.WORDPRESS_VERSION }}", "repository": "${{ github.repository }}", "environment": "staging", "status": "${{ job.status }}"}'
log_type: CDS_Product_Deployment_Data
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}