Skip to content
Deploy Terraform

Merge pull request #17074 from CDCgov/deployment/2025-01-14 #546

Sign in to view logs

Merge pull request #17074 from CDCgov/deployment/2025-01-14

Merge pull request #17074 from CDCgov/deployment/2025-01-14 #546

Workflow file for this run

.github/workflows/deploy_terraform.yml at 7e793f5
name: Deploy Terraform
on:
push:
branches:
- main
- production
paths:
- '**.tf'
env:
AZURE_CREDENTIALS: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}'
jobs:
pre_job:
name: Set Build Environment
concurrency:
group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }}
cancel-in-progress: true
runs-on: ubuntu-latest
outputs:
env_name: ${{ steps.build_vars.outputs.env_name }}
tf_change: ${{ steps.build_vars.outputs.has_terraform_change }}
steps:
- name: Check out changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Build vars
id: build_vars
uses: ./.github/actions/build-vars
confirm_changes:
name: Check Terraform Stats - ${{ needs.pre_job.outputs.env_name }}
if: ${{ needs.pre_job.outputs.tf_change == 'true' }}
concurrency:
group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }}
cancel-in-progress: true
needs:
- pre_job
environment: ${{ needs.pre_job.outputs.env_name }}
runs-on: ubuntu-latest
outputs:
change_count: ${{ steps.stats1.outputs.change-count }}
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
tf-auth: true
- name: Collect Terraform stats
uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2
## DevSecOps - Aquia (Replace) - uses: ./.github/actions/terraform-stats
id: stats1
with:
terraform-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }}
terraform-version: 1.7.4
add-args: "-refresh=false"
approve_deploy:
name: Approve Deploy - ${{ needs.pre_job.outputs.env_name }}
concurrency:
group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }}
cancel-in-progress: true
needs:
- pre_job
- confirm_changes
if: needs.confirm_changes.outputs.change_count > '0'
runs-on: ubuntu-latest
environment: ${{ needs.pre_job.outputs.env_name }}_terraform
steps:
- name: Echo change count
run: echo ${{ needs.confirm_changes.outputs.change_count }}
run_deploy:
name: Run Deploy - ${{ needs.pre_job.outputs.env_name }}
concurrency:
group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }}
cancel-in-progress: true
needs:
- pre_job
- approve_deploy
if: needs.confirm_changes.outputs.change_count > '0'
runs-on: ubuntu-latest
environment: ${{ needs.pre_job.outputs.env_name }}
defaults:
run:
working-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }}
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
uses: ./.github/actions/vpn-azure
with:
env-name: ${{ needs.pre_job.outputs.env_name }}
tls-key: ${{ secrets.TLS_KEY }}
ca-cert: ${{ secrets.CA_CRT}}
user-crt: ${{ secrets.USER_CRT }}
user-key: ${{ secrets.USER_KEY }}
sp-creds: ${{ env.AZURE_CREDENTIALS }}
tf-auth: true
- name: Use specific version of Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd
with:
terraform_version: 1.7.4
terraform_wrapper: false
- name: Run Terraform
run: |
terraform init -input=false
terraform validate
terraform fmt -recursive
terraform plan -out ${{ needs.pre_job.outputs.env_name }}-tf.plan
terraform apply -input=false -no-color -lock-timeout=600s -auto-approve ${{ needs.pre_job.outputs.env_name }}-tf.plan