generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 290
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added reusable pipeline for core accounts
- Loading branch information
1 parent
f4c0fc3
commit d3aa63d
Showing
1 changed file
with
122 additions
and
0 deletions.
There are no files selected for viewing
122 changes: 122 additions & 0 deletions
122
.github/workflows/reusable_terraform_plan_apply_core.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| name: terraform plan apply for core accounts | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| aws_region: | ||
| required: false | ||
| type: string | ||
| default: "eu-west-2" | ||
| terraform_version: | ||
| type: string | ||
| required: false | ||
| description: "The terraform version to use" | ||
| default: "~1" | ||
| env_path: | ||
| description: 'Path to the environment directory' | ||
| required: false | ||
| type: string | ||
| default: "terraform/environments" | ||
| account_name: | ||
| description: 'AWS account or environment name' | ||
| required: true | ||
| type: string | ||
| environment: | ||
| type: string | ||
| required: true | ||
| description: "Name of the environment, e.g. development" | ||
|
|
||
| secrets: | ||
| modernisation_platform_environments: | ||
| required: true | ||
| SLACK_WEBHOOK_URL: | ||
| required: true | ||
|
|
||
| env: | ||
| WORKING_DIRECTORY: "${{ inputs.env_path }}/${{ inputs.account_name }}" | ||
| WORKSPACE_NAME: "${{ inputs.account_name }}-${{ inputs.environment }}" | ||
| ENVIRONMENT_MANAGEMENT: "${{ secrets.modernisation_platform_environments }}" | ||
| TF_IN_AUTOMATION: true | ||
|
|
||
| jobs: | ||
| plan-and-apply: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
|
|
||
| - name: Check if test directory exists | ||
| if: github.event.ref != 'refs/heads/main' | ||
| id: check_test_directory | ||
| run: | | ||
| if [ -d "${WORKING_DIRECTORY}/test" ]; then | ||
| echo "skip_terratest=true" >> $GITHUB_OUTPUT | ||
| fi | ||
| - name: Setup Go | ||
| if: ${{ steps.check_test_directory.outputs.skip_terratest == 'true' }} | ||
| uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 | ||
| with: | ||
| go-version: 1.21 | ||
| cache-dependency-path: "${WORKING_DIRECTORY}/test/go.sum" | ||
|
|
||
| - name: Set Account Number | ||
| run: echo "ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT)" >> $GITHUB_ENV | ||
|
|
||
| - name: configure aws credentials | ||
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | ||
| with: | ||
| role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions" | ||
| role-session-name: githubactionsrolesession | ||
| aws-region: ${{ inputs.aws_region }} | ||
|
|
||
| - name: Setup Terraform | ||
| uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 | ||
| with: | ||
| terraform_version: "${{ inputs.terraform_version }}" | ||
| terraform_wrapper: false | ||
|
|
||
| - name: Initialize Terraform | ||
| run: | | ||
| bash scripts/terraform-init.sh ${WORKING_DIRECTORY} | ||
| - name: Terraform Workspace Select | ||
| run: | | ||
| terraform -chdir="${WORKING_DIRECTORY}" workspace select ${WORKSPACE_NAME} | ||
| - name: Run Terratest | ||
| if: ${{ steps.check_test_directory.outputs.skip_terratest == 'true' }} | ||
| run: | | ||
| pushd ${WORKING_DIRECTORY}/test | ||
| go mod tidy | ||
| TEST=`go test | ${{ github.workspace }}/scripts/redact-output.sh | tee /dev/stderr | tail -n 1` | ||
| popd | ||
| TEST="> TERRATEST RESULT - ${{ inputs.account_name }} | ||
| ${TEST}" | ||
| pwd | ||
| ls | ||
| bash scripts/update-pr-comments.sh "${TEST}" | ||
| - name: Run Terraform Plan | ||
| if: github.event.ref != 'refs/heads/main' | ||
| run: | | ||
| echo "workspace path: ${{ github.workspace }}" | ||
| PLAN=`bash scripts/terraform-plan.sh ${WORKING_DIRECTORY} | tee /dev/stderr | grep '^Plan: \|^No changes.'` | ||
| PLAN="> TERRAFORM PLAN RESULT - ${{ inputs.account_name }} | ||
| ${PLAN}" | ||
| pwd | ||
| bash scripts/update-pr-comments.sh "${PLAN}" | ||
| - name: Run Terraform apply | ||
| if: github.event.ref == 'refs/heads/main' | ||
| run: | | ||
| bash scripts/terraform-apply.sh ${WORKING_DIRECTORY} | ||
| - name: Slack failure notification | ||
| if: ${{ failure() && github.ref == 'refs/heads/main' }} | ||
| uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 | ||
| with: | ||
| payload: | | ||
| {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK |