Skip to content
This repository has been archived by the owner on Dec 23, 2024. It is now read-only.

Merge pull request #27 from domain-protect/fix-prod-pipeline #115

Merge pull request #27 from domain-protect/fix-prod-pipeline

Merge pull request #27 from domain-protect/fix-prod-pipeline #115

Workflow file for this run

name: Deploy Domain Protect
on:
workflow_dispatch:
push:
branches:
- main
env:
DOMAIN_PROTECT_VERSION: "0.5.1"
TERRAFORM_VERSION: "1.4.6"
PYTHON_VERSION: "3.11"
TF_VAR_runtime: "python3.11"
TF_VAR_org_primary_account: ${{ secrets.ORG_PRIMARY_ACCOUNT }}
TF_VAR_slack_channels: ${{ secrets.SLACK_CHANNELS }}
TF_VAR_slack_channels_dev: ${{ secrets.SLACK_CHANNELS_DEV }}
TF_VAR_slack_webhook_urls: ${{ secrets.SLACK_WEBHOOK_URLS }}
TF_VAR_slack_webhook_urls_dev: ${{ secrets.SLACK_WEBHOOK_URLS_DEV }}
TF_VAR_slack_webhook_type: "app"
TF_VAR_external_id: ${{ secrets.EXTERNAL_ID }}
TF_VAR_cloudflare: true
TF_VAR_cf_api_key: ${{ secrets.CF_API_KEY }}
TF_VAR_rcu: 1
TF_VAR_wcu: 1
TF_VAR_ip_address: true
TF_VAR_ip_time_limit: "0.1"
TF_VAR_allowed_regions: "['eu-west-1', 'eu-west-2', 'us-east-1']"
TF_VAR_scan_schedule: "10 minutes"
TF_VAR_update_schedule: "10 minutes"
TF_VAR_ip_scan_schedule: "10 minutes"
TF_VAR_hackerone: "enabled"
TF_VAR_hackerone_api_token: ${{ secrets.HACKERONE_API_TOKEN }}
TF_VAR_region: ${{ secrets.AWS_REGION }}
TF_CLI_ARGS_init: "-backend-config=\"bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}\" -backend-config=\"key=${{ secrets.TERRAFORM_STATE_KEY }}\" -backend-config=\"region=${{ secrets.TERRAFORM_STATE_REGION }}\""
jobs:
terraform_plan_apply_dev:
name: Terraform plan & apply dev
environment: 'dev'
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
pull-requests: write
checks: write
steps:
- name: Terraform setup
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: checkout Domain Protect
uses: actions/checkout@v4
with:
repository: domain-protect/domain-protect
ref: refs/tags/${{ env.DOMAIN_PROTECT_VERSION }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install virtualenv
run: pip install virtualenv
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN}}
aws-region: ${{ secrets.AWS_REGION }}
- name: set Terraform dev workspace
run: |
terraform init
terraform workspace list > list.txt
if grep "dev" list.txt
then
terraform workspace select dev
else
echo "creating dev terraform workspace"
terraform workspace new dev
fi
- name: terraform plan dev
run: terraform plan -out tfplan
- name: terraform apply dev
run: terraform apply -auto-approve tfplan
terraform_plan_prd:
name: Terraform plan prd
environment: 'prd'
runs-on: ubuntu-latest
needs: terraform_plan_apply_dev
permissions:
id-token: write
contents: write
pull-requests: write
checks: write
steps:
- name: Terraform setup
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: checkout Domain Protect
uses: actions/checkout@v4
with:
repository: domain-protect/domain-protect
ref: refs/tags/${{ env.DOMAIN_PROTECT_VERSION }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN}}
aws-region: ${{ secrets.AWS_REGION }}
- name: set Terraform prd workspace
run: |
terraform init
terraform workspace list > list.txt
if grep "prd" list.txt
then
terraform workspace select prd
else
echo "creating prd terraform workspace"
terraform workspace new prd
fi
- name: create artifact folder
run: mkdir -p output/prd
- name: terraform plan prd
run: terraform plan -out=output/prd/tfplan
- name: Archive prd terraform plan
uses: actions/upload-artifact@v4
with:
name: terraform-plan-prd
path: output/prd/tfplan
terraform_apply_prd:
name: Terraform apply prd
environment: 'prd'
runs-on: ubuntu-latest
needs: terraform_plan_prd
permissions:
id-token: write
contents: write
pull-requests: write
checks: write
steps:
- name: Terraform setup
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: checkout Domain Protect
uses: actions/checkout@v4
with:
repository: domain-protect/domain-protect
ref: refs/tags/${{ env.DOMAIN_PROTECT_VERSION }}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Display Python version
run: python -c "import sys; print(sys.version)"
- name: Install virtualenv
run: pip install virtualenv
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE_ARN}}
aws-region: ${{ secrets.AWS_REGION }}
- name: set Terraform prd workspace
run: |
terraform init
terraform workspace select prd
- name: Download prd terraform plan
uses: actions/download-artifact@v4
with:
name: terraform-plan-prd
- name: terraform apply prd
run: terraform apply -auto-approve tfplan