Support Platform CLI

.github/actions/setup-terraform/action.yml

@@ -1,12 +1,16 @@
-name: 'Set up Terraform'
-description: 'Set up Terraform with the version stored in the .terraform-version file'
+name: "Set up Terraform"
+description: "Set up Terraform with the version stored in the .terraform-version file"
+inputs:
+  version-file:
+    description: "File containing the terraform version to use."
+    default: ".terraform-version"
 runs:
   using: "composite"
   steps:
-    - name: Get .terraform-version
+    - name: Get Terraform version
       id: get-terraform-version
       run: |
-        terraform_version="$(cat .terraform-version)"
+        terraform_version="$(cat ${{ inputs.version-file }})"
         echo "Terraform version: ${terraform_version}"
         echo "terraform_version=${terraform_version}" >> "$GITHUB_OUTPUT"
       shell: bash

.github/workflows/README.md

@@ -8,13 +8,13 @@ The CI/CD for this project uses [reusable Github Actions workflows](https://docs
 
 Each app should have:
 
-- `ci-[app_name]`: must be created; should run linting and testing
-- `ci-[app_name]-vulnerability-scans`: calls `vulnerability-scans`
-  - Based on [ci-app-vulnerability-scans](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-app-vulnerability-scans.yml)
-- `ci-[app_name]-pr-environment-checks.yml`: calls `pr-environment-checks.yml` to create or update a pull request environment (see [pull request environments](/docs/infra/pull-request-environments.md))
-  - Based on [ci-app-pr-environment-checks.yml](/.github/workflows/ci-app-pr-environment-checks.yml)
-- `ci-[app_name]-pr-environment-destroy.yml`: calls `pr-environment-destroy.yml` to destroy the pull request environment (see [pull request environments](/docs/infra/pull-request-environments.md))
-  - Based on [ci-app-pr-environment-destroy.yml](https://github.com/navapbc/template-infra/blob/main/.github/workflows/ci-app-pr-environment-destroy.yml)
+- `ci-<APP_NAME>`: must be created; should run linting and testing
+- `ci-<APP_NAME>-vulnerability-scans`: calls `vulnerability-scans`
+  - Based on [ci-{{app_name}}-vulnerability-scans](https://github.com/navapbc/template-infra/blob/lorenyu%2Fplatform-cli/.github/workflows/ci-{{app_name}}-vulnerability-scans.yml.jinja)
+- `ci-<APP_NAME>-pr-environment-checks.yml`: calls `pr-environment-checks.yml` to create or update a pull request environment (see [pull request environments](/docs/infra/pull-request-environments.md))
+  - Based on [ci-{{app_name}}-pr-environment-checks.yml](https://github.com/navapbc/template-infra/blob/lorenyu%2Fplatform-cli/.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja)
+- `ci-<APP_NAME>-pr-environment-destroy.yml`: calls `pr-environment-destroy.yml` to destroy the pull request environment (see [pull request environments](/docs/infra/pull-request-environments.md))
+  - Based on [ci-{{app_name}}-pr-environment-destroy.yml](https://github.com/navapbc/template-infra/blob/lorenyu%2Fplatform-cli/.github/workflows/ci-{{app_name}}-pr-environment-destroy.yml.jinja)
 
 ### App-agnostic workflows
 
@@ -26,8 +26,8 @@ Each app should have:
 
 Each app should have:
 
-- `cd-[app_name]`: deploys an application
-  - Based on [`cd-app`](https://github.com/navapbc/template-infra/blob/main/.github/workflows/cd-app.yml)
+- `cd-<APP_NAME>`: deploys an application
+  - Based on [`cd-{{app_name}}`](https://github.com/navapbc/template-infra/blob/lorenyu%2Fplatform-cli/.github/workflows/cd-{{app_name}}.yml.jinja)
 
 The CD workflow uses these reusable workflows:
 
@@ -47,4 +47,4 @@ graph TD
 
 ## ⛑️ Helper workflows
 
-- [`check-ci-cd-auth`](./check-ci-cd-auth.yml): verifes that the project's Github repo is able to connect to AWS
+- [`check-ci-cd-auth`](./check-ci-cd-auth.yml): verifies that the project's Github repo is able to connect to AWS

.github/workflows/cd-{{app_name}}.yml.jinja

@@ -0,0 +1,54 @@
+name: Deploy {{ app_name }}
+# Need to set a default value for when the workflow is triggered from a git push
+# which bypasses the default configuration for inputs
+run-name: Deploy ${{'{{'}}inputs.version || 'main' {{'}}'}} to {{ app_name }} ${{'{{'}} inputs.environment || 'dev' {{'}}'}}
+
+on:
+  {% if app_has_dev_env_setup %}
+  push:
+    branches:
+      - "main"
+    paths:
+      - "{{ app_name }}/**"
+      - "bin/**"
+      - "infra/**"
+  {% else %}
+  # !! Once you've set up the dev environment and are ready to enable continuous
+  # deployment, run:
+  #
+  # nava-platform infra update --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # push:
+  #   branches:
+  #     - "main"
+  #   paths:
+  #     - "{{ app_name }}/**"
+  #     - "bin/**"
+  #     - "infra/**"
+  {% endif %}
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment to deploy to
+        required: true
+        default: "dev"
+        type: choice
+        options:
+          - dev
+          - staging
+          - prod
+      version:
+        required: true
+        default: "main"
+        description: Tag or branch or SHA to deploy
+
+jobs:
+  deploy:
+    name: Deploy
+    uses: ./.github/workflows/deploy.yml
+    with:
+      app_name: "{{ app_name }}"
+      environment: ${{'{{'}} inputs.environment || 'dev' {{'}}'}}
+      version: ${{'{{'}} inputs.version || 'main' {{'}}'}}

.github/workflows/ci-{{app_name}}-infra-service.yml.jinja

@@ -0,0 +1,71 @@
+name: CI Infra Service Checks - {{ app_name }}
+
+on:
+  {% if app_has_dev_env_setup %}
+  push:
+    branches:
+      - main
+    paths:
+      - infra/{{ app_name }}/service/**
+      - infra/modules/**
+      - infra/test/**
+      - .github/workflows/ci-{{ app_name }}-infra-service.yml
+  pull_request:
+    paths:
+      - infra/{{ app_name }}/service/**
+      - infra/modules/**
+      - infra/test/**
+      - .github/workflows/ci-{{ app_name }}-infra-service.yml
+  {% else %}
+  # !! Once you've set up the dev environment and are ready to enable automated
+  # infra tests, run:
+  #
+  # nava-platform infra update --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # push:
+  #   branches:
+  #     - main
+  #   paths:
+  #     - infra/{{ app_name }}/service/**
+  #     - infra/modules/**
+  #     - infra/test/**
+  #     - .github/workflows/ci-infra-service.yml
+  # pull_request:
+  #   paths:
+  #     - infra/{{ app_name }}/service/**
+  #     - infra/modules/**
+  #     - infra/test/**
+  #     - .github/workflows/ci-infra-service.yml
+  {% endif %}
+  workflow_dispatch:
+
+jobs:
+  infra-test-e2e:
+    name: Test service
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Terraform
+        uses: ./.github/actions/setup-terraform
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: ">=1.19.0"
+
+      - name: Configure AWS credentials
+        uses: ./.github/actions/configure-aws-credentials
+        with:
+          app_name: {{ app_name }}
+          # Run infra CI on dev environment
+          environment: dev
+
+      - name: Run Terratest
+        run: make infra-test-service APP_NAME={{ app_name }}

.github/workflows/ci-{{app_name}}-pr-environment-checks.yml.jinja

@@ -0,0 +1,33 @@
+name: CI {{ app_name }} PR Environment Checks
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        required: true
+        type: string
+      commit_hash:
+        required: true
+        type: string
+  {% if app_has_dev_env_setup %}
+  pull_request:
+  {% else %}
+  # !! Once you've set up the dev environment and are ready to enable PR
+  # environments, run:
+  #
+  # nava-platform infra update --data app_has_dev_env_setup=true .
+  #
+  # to enable these lines. They are here as comments for context.
+  #
+  # pull_request:
+  {% endif %}
+
+jobs:
+  update:
+    name: " " # GitHub UI is noisy when calling reusable workflows, so use whitespace for name to reduce noise
+    uses: ./.github/workflows/pr-environment-checks.yml
+    if: github.event_name == 'workflow_dispatch' || github.event.pull_request.state == 'open'
+    with:
+      app_name: "{{ app_name }}"
+      environment: "dev"
+      pr_number: ${{'{{'}} inputs.pr_number || github.event.number {{'}}'}}
+      commit_hash: ${{'{{'}} inputs.commit_hash || github.event.pull_request.head.sha {{'}}'}}