Deploy Domain Protect Production #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Domain Protect Production | |
on: | |
workflow_dispatch: | |
env: | |
TERRAFORM_VERSION: "1.7.3" | |
TF_VAR_org_primary_account: ${{ secrets.ORG_PRIMARY_ACCOUNT }} | |
TF_VAR_slack_webhook_urls: ${{ secrets.SLACK_WEBHOOK_URLS }} | |
TF_VAR_external_id: ${{ secrets.EXTERNAL_ID }} | |
TF_VAR_cf_api_key: ${{ secrets.CF_API_KEY }} | |
TF_VAR_hackerone_api_token: ${{ secrets.HACKERONE_API_TOKEN }} | |
TF_VAR_region: ${{ secrets.AWS_REGION }} | |
TF_CLI_ARGS_init: "-backend-config=\"bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}\" -backend-config=\"key=${{ secrets.TERRAFORM_STATE_KEY }}\" -backend-config=\"region=${{ secrets.TERRAFORM_STATE_REGION }}\"" | |
jobs: | |
terraform_plan_apply_prd: | |
name: Terraform plan & apply prd | |
environment: 'prd' | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./examples/prd | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
checks: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Terraform setup | |
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3 | |
with: | |
terraform_version: ${{ env.TERRAFORM_VERSION }} | |
- name: Terraform format | |
run: terraform fmt -check -recursive | |
- name: Set up Python | |
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5 | |
- name: Display Python version | |
run: python -c "import sys; print(sys.version)" | |
- name: Install virtualenv | |
run: pip install virtualenv | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4 | |
with: | |
role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN}} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: set Terraform prd workspace | |
run: | | |
terraform init | |
terraform workspace list > list.txt | |
if grep "prd" list.txt | |
then | |
terraform workspace select prd | |
else | |
echo "creating prd terraform workspace" | |
terraform workspace new prd | |
fi | |
- name: terraform plan prd | |
run: terraform plan -out tfplan | |
- name: terraform apply prd | |
run: terraform apply -auto-approve tfplan |