Skip to content

feat: deploy IAM Identity Center to management account #85

feat: deploy IAM Identity Center to management account

feat: deploy IAM Identity Center to management account #85

Workflow file for this run

name: Infrastructure
on:
pull_request:
branches:
- main
push:
branches:
- main
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Install Dependencies
uses: ./.github/actions/setup-terragrunt
- name: Check Formatting
working-directory: ${{ steps.extract-information.outputs.account }}
run: |
terragrunt hclfmt --teragrunt-check
prepare:
runs-on: ubuntu-latest
outputs:
accounts: ${{ steps.generate-matrixes.outputs.accounts }}
management_accounts: ${{ steps.generate-matrixes.outputs.management_accounts }}
governance_accounts: ${{ steps.generate-matrixes.outputs.governance_accounts }}
workload_accounts: ${{ steps.generate-matrixes.outputs.workload_accounts }}
sandbox_accounts: ${{ steps.generate-matrixes.outputs.sandbox_accounts }}
steps:
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
token: ${{ secrets.INFRASTRUCTURE_PRIVATE_PAT }}
submodules: 'true'
- name: Extract Info
id: extract-information
uses: ./.github/actions/extract-account-info
with:
accounts-file: ./_private/accounts.json
- name: Generate Matrixes
id: generate-matrixes
env:
ACCOUNTS: ${{ steps.extract-information.outputs.accounts }}
MANAGEMENT_ACCOUNTS: ${{ steps.extract-information.outputs.management-accounts }}
GOVERNANCE_ACCOUNTS: ${{ steps.extract-information.outputs.governance-accounts }}
WORKLOAD_ACCOUNTS: ${{ steps.extract-information.outputs.workload-accounts }}
SANDBOX_ACCOUNTS: ${{ steps.extract-information.outputs.sandbox-accounts }}
run: |
# Create a string that looks like this: management_accounts=["account1", "account2"]
ACCOUNTS_STRING=$(echo $ACCOUNTS | jq -Rc 'split(" ")')
MANAGEMENT_ACCOUNTS_STRING=$(echo $MANAGEMENT_ACCOUNTS | jq -Rc 'split(" ")')
GOVERNANCE_ACCOUNTS_STRING=$(echo $GOVERNANCE_ACCOUNTS | jq -Rc 'split(" ")')
WORKLOAD_ACCOUNTS_STRING=$(echo $WORKLOAD_ACCOUNTS | jq -Rc 'split(" ")')
SANDBOX_ACCOUNTS_STRING=$(echo $SANDBOX_ACCOUNTS | jq -Rc 'split(" ")')
echo "accounts=$ACCOUNTS_STRING" >> $GITHUB_OUTPUT
echo "management_accounts=$MANAGEMENT_ACCOUNTS_STRING" >> $GITHUB_OUTPUT
echo "governance_accounts=$GOVERNANCE_ACCOUNTS_STRING" >> $GITHUB_OUTPUT
echo "workload_accounts=$WORKLOAD_ACCOUNTS_STRING" >> $GITHUB_OUTPUT
echo "sandbox_accounts=$SANDBOX_ACCOUNTS_STRING" >> $GITHUB_OUTPUT
plan:
uses: ./.github/workflows/_plan.yml
secrets: inherit
needs: prepare
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
account: ${{ fromJson(needs.prepare.outputs.accounts) }}
with:
accounts-file: ./_private/accounts.json
account: ${{ matrix.account }}
deploy-management:
uses: ./.github/workflows/_deploy.yml
if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main'
secrets: inherit
needs: [prepare, plan]
permissions:
id-token: write
contents: read
strategy:
matrix:
account: ${{ fromJson(needs.prepare.outputs.management_accounts) }}
with:
accounts-file: ./_private/accounts.json
account: ${{ matrix.account }}
deploy-governance:
uses: ./.github/workflows/_deploy.yml
if: github.event_name != 'pull_request'
secrets: inherit
needs: [prepare, plan, deploy-management]
permissions:
id-token: write
contents: read
strategy:
matrix:
account: ${{ fromJson(needs.prepare.outputs.governance_accounts) }}
with:
accounts-file: ./_private/accounts.json
account: ${{ matrix.account }}
# deploy-workload:
# uses: ./.github/workflows/_deploy.yml
# if: github.event_name != 'pull_request'
# secrets: inherit
# needs: [prepare, plan, deploy-management, deploy-governance]
# permissions:
# id-token: write
# contents: read
# strategy:
# matrix:
# account: ${{ fromJson(needs.prepare.outputs.workload_accounts) }}
# with:
# accounts-file: ./_private/accounts.json
# account: ${{ matrix.account }}
# deploy-sandbox:
# uses: ./.github/workflows/_deploy.yml
# if: github.event_name != 'pull_request'
# secrets: inherit
# needs: [prepare, plan, deploy-management, deploy-governance]
# permissions:
# id-token: write
# contents: read
# strategy:
# matrix:
# account: ${{ fromJson(needs.prepare.outputs.sandbox_accounts) }}
# with:
# accounts-file: ./_private/accounts.json
# account: ${{ matrix.account }}