Merge pull request #7343 from ministryofjustice/issue-13-b #1347
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: core-vpc-development-deployment | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'environments-networks/*-development.json' | |
| - '.github/workflows/core-vpc-development-deployment.yml' | |
| - 'terraform/environments/**/networking.auto.tfvars.json' | |
| - 'terraform/environments/**/subnet-share.tf' | |
| - '!terraform/environments/core-*/**' | |
| - 'terraform/environments/core-vpc/**' | |
| - 'terraform/modules/core-monitoring/**' | |
| - 'terraform/modules/dns-zone/**' | |
| - 'terraform/modules/dns-zone-extend/**' | |
| - 'terraform/modules/vpc-tgw-routing/**' | |
| - 'terraform/modules/vpc-nacls/**' | |
| - 'terraform/modules/ram-resource-share/**' | |
| - 'terraform/modules/core-vpc-tgw-routes/**' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'environments-networks/*-development.json' | |
| - '.github/workflows/core-vpc-development-deployment.yml' | |
| - 'terraform/environments/**/networking.auto.tfvars.json' | |
| - 'terraform/environments/**/subnet-share.tf' | |
| - '!terraform/environments/core-*/**' | |
| - 'terraform/environments/core-vpc/**' | |
| - 'terraform/modules/core-monitoring/**' | |
| - 'terraform/modules/dns-zone/**' | |
| - 'terraform/modules/dns-zone-extend/**' | |
| - 'terraform/modules/vpc-tgw-routing/**' | |
| - 'terraform/modules/vpc-nacls/**' | |
| - 'terraform/modules/ram-resource-share/**' | |
| - 'terraform/modules/core-vpc-tgw-routes/**' | |
| workflow_dispatch: | |
| env: | |
| TF_IN_AUTOMATION: true | |
| TF_ENV: "development" | |
| AWS_REGION: "eu-west-2" | |
| ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }} | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| core-vpc-development-deployment-plan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Set Account Number | |
| run: | | |
| ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) | |
| echo "::add-mask::$ACCOUNT_NUMBER" | |
| echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | |
| role-session-name: githubactionsrolesession | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 | |
| with: | |
| terraform_version: "~1" | |
| terraform_wrapper: false | |
| - name: Run core-vpc terraform plan | |
| run: | | |
| terraform --version | |
| # Test if this is a PR or PULL event | |
| #USE IF RUNNING IN GITHUB ACTIONS | |
| if [ ! -z ${{ github.event.pull_request.number }} ] | |
| then | |
| #USE IF USING ACT | |
| # if [ ! -z ${PULL_REQUEST_NUMBER} ] | |
| # then | |
| #CONFIGURE TERRAFORM AND WORKSPACE | |
| bash scripts/terraform-init.sh terraform/environments/core-vpc | |
| terraform -chdir="terraform/environments/core-vpc" workspace select "core-vpc-${TF_ENV}" | |
| #RUN TERRAFORM PLAN | |
| PLAN=`bash scripts/terraform-plan.sh terraform/environments/core-vpc | tee /dev/stderr | grep '^Plan: \|^No changes.'` | |
| PLAN="> TERRAFORM PLAN RESULT - core-vpc - ${TF_ENV} | |
| ${PLAN}" | |
| bash scripts/update-pr-comments.sh "${PLAN}" | |
| fi | |
| env: | |
| SECRET: ${{ secrets.GITHUB_TOKEN }} | |
| GITHUB_REPOSITORY: ${{ secrets.GITHUB_REPOSITORY }} | |
| PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | |
| core-vpc-development-deployment-apply: | |
| runs-on: ubuntu-latest | |
| if: github.event.ref == 'refs/heads/main' | |
| needs: [ core-vpc-development-deployment-plan ] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Set Account Number | |
| run: | | |
| ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) | |
| echo "::add-mask::$ACCOUNT_NUMBER" | |
| echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | |
| role-session-name: githubactionsrolesession | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 | |
| with: | |
| terraform_version: "~1" | |
| terraform_wrapper: false | |
| - name: Run Terraform apply in terraform/environments/core-vpc | |
| run: | | |
| terraform --version | |
| bash scripts/terraform-init.sh terraform/environments/core-vpc | |
| terraform -chdir="terraform/environments/core-vpc" workspace select "core-vpc-${TF_ENV}" | |
| bash scripts/terraform-apply.sh terraform/environments/core-vpc | |
| echo "Terraform apply finished" | |
| - name: Slack failure notification | |
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | |
| with: | |
| payload: | | |
| {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
| if: ${{ failure() }} | |
| member-account-ram-association: | |
| runs-on: [ ubuntu-latest ] | |
| if: github.event.ref == 'refs/heads/main' | |
| needs: [ core-vpc-development-deployment-apply ] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set Account Number | |
| run: | | |
| ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) | |
| echo "::add-mask::$ACCOUNT_NUMBER" | |
| echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | |
| role-session-name: githubactionsrolesession | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Run RAM association if needed | |
| run: bash scripts/get-applications-and-run-ram.sh ${TF_ENV} | |
| - name: Slack failure notification | |
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | |
| with: | |
| payload: | | |
| {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
| if: ${{ failure() }} |