Terraform apply dev10:v2.0.0-beta by @alismx #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform Apply | |
| run-name: Terraform apply ${{ inputs.workspace }}${{ inputs.id }}:${{ inputs.dibbs-ecr-viewer-version }} by @${{ github.actor }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| workspace: | |
| description: 'The workspace to terraform against' | |
| required: true | |
| type: choice | |
| options: | |
| - dev | |
| - prod | |
| id: | |
| description: 'Unique id for environment (optional, PR number, issue number etc.)' | |
| required: true | |
| type: string | |
| dibbs-ecr-viewer-version: | |
| description: 'dibbs-ecr-viewer version' | |
| required: true | |
| type: string | |
| default: "v2.0.0-beta" | |
| concurrency: | |
| group: ${{ inputs.workspace }}${{ inputs.id }}-terraform | |
| cancel-in-progress: false | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| workspace: ${{ inputs.workspace }} | |
| jobs: | |
| terraform: | |
| name: Run Terraform | |
| runs-on: ubuntu-latest | |
| if: ${{ inputs.workspace }} == 'dev' || ${{ inputs.workspace }} == 'prod' | |
| defaults: | |
| run: | |
| shell: bash | |
| # this may need to be updated if you change the directory you are working with | |
| # ./terraform/implementation/dev || ./terraform/implementation/prod for example | |
| # this practice is recommended to keep the terraform code organized while reducing the risk of conflicts | |
| working-directory: ./terraform/implementation/ecs | |
| steps: | |
| - name: Check Out Changes | |
| uses: actions/checkout@v4 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "1.9.8" | |
| - name: configure aws credentials | |
| if: ${{ env.workspace }} == 'prod' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| role-session-name: githubDeploymentWorkflow | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: configure aws credentials | |
| if: ${{ env.workspace }} == 'dev' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_DEV_ROLE_ARN }} | |
| role-session-name: githubDeploymentWorkflow | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.EC2_SSH }} | |
| - name: Terraform | |
| env: | |
| BUCKET: ${{ secrets.TFSTATE_BUCKET }} | |
| DYNAMODB_TABLE: ${{ secrets.TFSTATE_DYNAMODB_TABLE }} | |
| OWNER: ${{ vars.OWNER }} | |
| PROJECT: ${{ vars.PROJECT }} | |
| REGION: ${{ vars.AWS_REGION }} | |
| SSH_KEY_NAME: "GITHUB_ACTIONS" | |
| ROUTE53_HOSTED_ZONE_ID: ${{ secrets.ROUTE53_HOSTED_ZONE_ID }} | |
| WORKSPACE: ${{ env.workspace }}${{ inputs.id }} | |
| DIBBS_ECR_VIEWER_VERSION: ${{ inputs.dibbs-ecr-viewer-version }} | |
| shell: bash | |
| run: | | |
| echo "owner = \"$OWNER\"" >> $WORKSPACE.tfvars | |
| echo "project = \"$PROJECT\"" >> $WORKSPACE.tfvars | |
| echo "region = \"$REGION\"" >> $WORKSPACE.tfvars | |
| echo "ssh_key_name = \"$SSH_KEY_NAME\"" >> $WORKSPACE.tfvars | |
| echo "route53_hosted_zone_id = \"$ROUTE53_HOSTED_ZONE_ID\"" >> $WORKSPACE.tfvars | |
| echo "phdi_version = \"$DIBBS_ECR_VIEWER_VERSION\"" >> $WORKSPACE.tfvars | |
| terraform init \ | |
| -var-file="$WORKSPACE.tfvars" \ | |
| -backend-config "bucket=$BUCKET" \ | |
| -backend-config "dynamodb_table=$DYNAMODB_TABLE" \ | |
| -backend-config "region=$REGION" \ | |
| || (echo "terraform init failed, exiting..." && exit 1) | |
| terraform workspace new "$WORKSPACE" || terraform workspace select "$WORKSPACE" | |
| terraform apply -auto-approve -var-file="$WORKSPACE.tfvars" |