-
Notifications
You must be signed in to change notification settings - Fork 2
86 lines (73 loc) · 2.64 KB
/
dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: Deploy Domain Protect Development
on:
workflow_dispatch:
push:
paths:
- "**/*.py"
- "**/*.tf"
- "**/*.txt"
- ".github/workflows/dev.yml"
env:
TERRAFORM_VERSION: "1.7.3"
TF_VAR_org_primary_account: ${{ secrets.ORG_PRIMARY_ACCOUNT }}
TF_VAR_slack_webhook_urls: ${{ secrets.SLACK_WEBHOOK_URLS }}
TF_VAR_external_id: ${{ secrets.EXTERNAL_ID }}
TF_VAR_cf_api_key: ${{ secrets.CF_API_KEY }}
TF_VAR_hackerone_api_token: ${{ secrets.HACKERONE_API_TOKEN }}
TF_VAR_region: ${{ secrets.AWS_REGION }}
TF_CLI_ARGS_init: "-backend-config=\"bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}\" -backend-config=\"key=${{ secrets.TERRAFORM_STATE_KEY }}\" -backend-config=\"region=${{ secrets.TERRAFORM_STATE_REGION }}\""
jobs:
terraform_plan_apply_dev:
name: Terraform plan & apply dev
environment: 'dev'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./examples/dev
permissions:
id-token: write
contents: write
pull-requests: write
checks: write
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Terraform setup
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Terraform format
run: terraform fmt -check -recursive
- name: Set up Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install virtualenv
run: pip install virtualenv
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4
with:
role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN}}
aws-region: ${{ secrets.AWS_REGION }}
- name: set Terraform dev workspace
run: |
terraform init
terraform workspace list > list.txt
if grep "dev" list.txt
then
terraform workspace select dev
else
echo "creating dev terraform workspace"
terraform workspace new dev
fi
- name: terraform plan dev
run: terraform plan -out tfplan
- name: terraform apply dev
run: terraform apply -auto-approve tfplan
integration_tests_deployment_dev:
name: Integration Tests Deployment Development
uses: ./.github/workflows/integration_tests_deployment.yml
needs: terraform_plan_apply_dev
secrets: inherit
with:
Environment: 'dev'