Networking for New cdpt-ifs #1076
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: core-vpc-development-deployment | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'environments-networks/*-development.json' | |
- '.github/workflows/core-vpc-development-deployment.yml' | |
- 'terraform/environments/**/networking.auto.tfvars.json' | |
- 'terraform/environments/**/subnet-share.tf' | |
- '!terraform/environments/core-*/**' | |
- 'terraform/environments/core-vpc/**' | |
- 'terraform/modules/core-monitoring/**' | |
- 'terraform/modules/dns-zone/**' | |
- 'terraform/modules/dns-zone-extend/**' | |
- 'terraform/modules/vpc-tgw-routing/**' | |
- 'terraform/modules/vpc-nacls/**' | |
- 'terraform/modules/ram-resource-share/**' | |
- 'terraform/modules/core-vpc-tgw-routes/**' | |
pull_request: | |
branches: | |
- main | |
paths: | |
- 'environments-networks/*-development.json' | |
- '.github/workflows/core-vpc-development-deployment.yml' | |
- 'terraform/environments/**/networking.auto.tfvars.json' | |
- 'terraform/environments/**/subnet-share.tf' | |
- '!terraform/environments/core-*/**' | |
- 'terraform/environments/core-vpc/**' | |
- 'terraform/modules/core-monitoring/**' | |
- 'terraform/modules/dns-zone/**' | |
- 'terraform/modules/dns-zone-extend/**' | |
- 'terraform/modules/vpc-tgw-routing/**' | |
- 'terraform/modules/vpc-nacls/**' | |
- 'terraform/modules/ram-resource-share/**' | |
- 'terraform/modules/core-vpc-tgw-routes/**' | |
workflow_dispatch: | |
env: | |
TF_IN_AUTOMATION: true | |
TF_ENV: "development" | |
AWS_REGION: "eu-west-2" | |
ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }} | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
core-vpc-development-deployment-plan: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set Account Number | |
run: echo "ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 | |
with: | |
role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | |
role-session-name: githubactionsrolesession | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0 | |
with: | |
terraform_version: "~1" | |
terraform_wrapper: false | |
- name: Run core-vpc terraform plan | |
run: | | |
terraform --version | |
# Test if this is a PR or PULL event | |
#USE IF RUNNING IN GITHUB ACTIONS | |
if [ ! -z ${{ github.event.pull_request.number }} ] | |
then | |
#USE IF USING ACT | |
# if [ ! -z ${PULL_REQUEST_NUMBER} ] | |
# then | |
#CONFIGURE TERRAFORM AND WORKSPACE | |
bash scripts/terraform-init.sh terraform/environments/core-vpc | |
terraform -chdir="terraform/environments/core-vpc" workspace select "core-vpc-${TF_ENV}" | |
#RUN TERRAFORM PLAN | |
PLAN=`bash scripts/terraform-plan.sh terraform/environments/core-vpc "-target=module.vpc -target=module.vpc_tgw_routing -target=module.core-vpc-tgw-routes -target=module.dns-zone -target=module.dns_zone_extend -target=module.pagerduty_core_alerts" | tee /dev/stderr | grep '^Plan: \|^No changes.'` | |
PLAN="> TERRAFORM PLAN RESULT - core-vpc - ${TF_ENV} | |
${PLAN}" | |
bash scripts/update-pr-comments.sh "${PLAN}" | |
fi | |
env: | |
SECRET: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_REPOSITORY: ${{ secrets.GITHUB_REPOSITORY }} | |
PULL_REQUEST_NUMBER: ${{ github.event.pull_request.number }} | |
core-vpc-development-deployment-apply: | |
runs-on: ubuntu-latest | |
if: github.event.ref == 'refs/heads/main' | |
needs: [ core-vpc-development-deployment-plan ] | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set Account Number | |
run: echo "ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 | |
with: | |
role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | |
role-session-name: githubactionsrolesession | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0 | |
with: | |
terraform_version: "~1" | |
terraform_wrapper: false | |
- name: Run Terraform apply in terraform/environments/core-vpc | |
run: | | |
terraform --version | |
bash scripts/terraform-init.sh terraform/environments/core-vpc | |
terraform -chdir="terraform/environments/core-vpc" workspace select "core-vpc-${TF_ENV}" | |
bash scripts/terraform-apply.sh terraform/environments/core-vpc -target=module.vpc | |
echo "Target apply finished" | |
bash scripts/terraform-apply.sh terraform/environments/core-vpc | |
echo "Terraform apply finished" | |
- name: Slack failure notification | |
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 | |
with: | |
payload: | | |
{"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
if: ${{ failure() }} | |
member-account-ram-association: | |
runs-on: [ ubuntu-latest ] | |
if: github.event.ref == 'refs/heads/main' | |
needs: [ core-vpc-development-deployment-apply ] | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
fetch-depth: 0 | |
- name: Set Account Number | |
run: echo "ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 | |
with: | |
role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | |
role-session-name: githubactionsrolesession | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Run RAM association if needed | |
run: bash scripts/get-applications-and-run-ram.sh ${TF_ENV} | |
- name: Slack failure notification | |
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 | |
with: | |
payload: | | |
{"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
if: ${{ failure() }} |