From 4345ffb8a24895aea83e4c3e6830dc72e2850bda Mon Sep 17 00:00:00 2001 From: Sukesh Date: Tue, 26 Nov 2024 08:27:28 +0000 Subject: [PATCH 1/4] Update sprinkler workflow --- .github/workflows/bootstrap-sprinkler.yml | 70 ++++++++++++++++++----- 1 file changed, 56 insertions(+), 14 deletions(-) diff --git a/.github/workflows/bootstrap-sprinkler.yml b/.github/workflows/bootstrap-sprinkler.yml index 5a616e185..abbc486a5 100644 --- a/.github/workflows/bootstrap-sprinkler.yml +++ b/.github/workflows/bootstrap-sprinkler.yml @@ -55,10 +55,14 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Account Number run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - + - name: Get Backend AWS Account Number + run: | + BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$BACKEND_NUMBER" + echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -69,7 +73,9 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/secure-baselines + - name: Terraform Init + working-directory: "terraform/environments/bootstrap/secure-baselines" + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-plan.sh terraform/environments/bootstrap/secure-baselines single-sign-on-plan: @@ -79,9 +85,14 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Account Number run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV + - name: Get Backend AWS Account Number + run: | + BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$BACKEND_NUMBER" + echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -93,7 +104,9 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/single-sign-on + - name: Terraform Init + working-directory: "terraform/environments/bootstrap/single-sign-on" + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-plan.sh terraform/environments/bootstrap/single-sign-on member-bootstrap-plan: @@ -103,9 +116,14 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Account Number run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV + - name: Get Backend AWS Account Number + run: | + BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$BACKEND_NUMBER" + echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -117,7 +135,9 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/member-bootstrap + - name: Terraform Init + working-directory: "terraform/environments/bootstrap/member-bootstrap" + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-plan.sh terraform/environments/bootstrap/member-bootstrap delegate-access-apply: @@ -151,9 +171,15 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Account Number run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV + - name: Get Backend AWS Account Number + run: | + BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$BACKEND_NUMBER" + echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -164,7 +190,9 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/secure-baselines + - name: Terraform Init + working-directory: "terraform/environments/bootstrap/secure-baselines" + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/secure-baselines single-sign-on-apply: @@ -175,9 +203,14 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Account Number run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV + - name: Get Backend AWS Account Number + run: | + BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$BACKEND_NUMBER" + echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -188,7 +221,9 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/single-sign-on + - name: Terraform Init + working-directory: "terraform/environments/bootstrap/single-sign-on" + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/single-sign-on member-bootstrap-apply: @@ -199,9 +234,14 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Set Account Number run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV + - name: Get Backend AWS Account Number + run: | + BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$BACKEND_NUMBER" + echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -213,5 +253,7 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/member-bootstrap - - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/member-bootstrap + - name: Terraform Init + working-directory: "terraform/environments/bootstrap/member-bootstrap" + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/member-bootstrap \ No newline at end of file From 541ab2523f76d80441762aa755cb1751f7d0fe4e Mon Sep 17 00:00:00 2001 From: Sukesh Date: Tue, 26 Nov 2024 13:53:25 +0000 Subject: [PATCH 2/4] Test --- .github/workflows/bootstrap-sprinkler.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bootstrap-sprinkler.yml b/.github/workflows/bootstrap-sprinkler.yml index abbc486a5..66d0f6441 100644 --- a/.github/workflows/bootstrap-sprinkler.yml +++ b/.github/workflows/bootstrap-sprinkler.yml @@ -223,7 +223,9 @@ jobs: terraform_wrapper: false - name: Terraform Init working-directory: "terraform/environments/bootstrap/single-sign-on" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + run: terraform init -backend-config="bucket=modernisation-platform-terraform-state" \ + -backend-config="key=single-sign-on/terraform.tfstate" \ + -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/single-sign-on member-bootstrap-apply: From 33d30d756f13d732638060c87876f1d43c8ffc54 Mon Sep 17 00:00:00 2001 From: Sukesh Date: Tue, 26 Nov 2024 16:15:45 +0000 Subject: [PATCH 3/4] Test --- .github/workflows/bootstrap-sprinkler.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/bootstrap-sprinkler.yml b/.github/workflows/bootstrap-sprinkler.yml index 66d0f6441..abbc486a5 100644 --- a/.github/workflows/bootstrap-sprinkler.yml +++ b/.github/workflows/bootstrap-sprinkler.yml @@ -223,9 +223,7 @@ jobs: terraform_wrapper: false - name: Terraform Init working-directory: "terraform/environments/bootstrap/single-sign-on" - run: terraform init -backend-config="bucket=modernisation-platform-terraform-state" \ - -backend-config="key=single-sign-on/terraform.tfstate" \ - -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/single-sign-on member-bootstrap-apply: From 07c9baf977016c9997f8e563ca11a8fb039d44e6 Mon Sep 17 00:00:00 2001 From: Sukesh Date: Wed, 27 Nov 2024 08:46:29 +0000 Subject: [PATCH 4/4] Test --- .github/workflows/bootstrap-sprinkler.yml | 56 +++-------------------- 1 file changed, 7 insertions(+), 49 deletions(-) diff --git a/.github/workflows/bootstrap-sprinkler.yml b/.github/workflows/bootstrap-sprinkler.yml index abbc486a5..63a378c21 100644 --- a/.github/workflows/bootstrap-sprinkler.yml +++ b/.github/workflows/bootstrap-sprinkler.yml @@ -58,11 +58,7 @@ jobs: ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - name: Get Backend AWS Account Number - run: | - BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$BACKEND_NUMBER" - echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -73,9 +69,7 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - name: Terraform Init - working-directory: "terraform/environments/bootstrap/secure-baselines" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/secure-baselines - run: bash scripts/terraform-plan.sh terraform/environments/bootstrap/secure-baselines single-sign-on-plan: @@ -88,11 +82,6 @@ jobs: ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - name: Get Backend AWS Account Number - run: | - BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$BACKEND_NUMBER" - echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -104,9 +93,7 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - name: Terraform Init - working-directory: "terraform/environments/bootstrap/single-sign-on" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/single-sign-on - run: bash scripts/terraform-plan.sh terraform/environments/bootstrap/single-sign-on member-bootstrap-plan: @@ -119,11 +106,6 @@ jobs: ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - name: Get Backend AWS Account Number - run: | - BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$BACKEND_NUMBER" - echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -135,9 +117,7 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - name: Terraform Init - working-directory: "terraform/environments/bootstrap/member-bootstrap" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/member-bootstrap - run: bash scripts/terraform-plan.sh terraform/environments/bootstrap/member-bootstrap delegate-access-apply: @@ -174,12 +154,6 @@ jobs: ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - name: Get Backend AWS Account Number - run: | - BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$BACKEND_NUMBER" - echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -190,9 +164,7 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - name: Terraform Init - working-directory: "terraform/environments/bootstrap/secure-baselines" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/secure-baselines - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/secure-baselines single-sign-on-apply: @@ -206,11 +178,6 @@ jobs: ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - name: Get Backend AWS Account Number - run: | - BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$BACKEND_NUMBER" - echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -221,9 +188,7 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - name: Terraform Init - working-directory: "terraform/environments/bootstrap/single-sign-on" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/single-sign-on - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/single-sign-on member-bootstrap-apply: @@ -237,11 +202,6 @@ jobs: ACCOUNT_NUMBER=$(jq -r -e '.account_ids["sprinkler-development"]' <<< $ENVIRONMENT_MANAGEMENT) echo "::add-mask::$ACCOUNT_NUMBER" echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - name: Get Backend AWS Account Number - run: | - BACKEND_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$BACKEND_NUMBER" - echo "BACKEND_NUMBER=${BACKEND_NUMBER}" >> $GITHUB_ENV - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -253,7 +213,5 @@ jobs: with: terraform_version: "~1" terraform_wrapper: false - - name: Terraform Init - working-directory: "terraform/environments/bootstrap/member-bootstrap" - run: terraform init -backend-config=assume_role={role_arn=\"arn:aws:iam::${{env.BACKEND_NUMBER}}:role/modernisation-account-terraform-state-member-access\"} + - run: bash scripts/terraform-init.sh terraform/environments/bootstrap/member-bootstrap - run: bash scripts/terraform-apply.sh terraform/environments/bootstrap/member-bootstrap \ No newline at end of file