diff --git a/.github/workflows/cleanup_acr_images.yml b/.github/workflows/cleanup_acr_images.yml deleted file mode 100644 index affc17dd615..00000000000 --- a/.github/workflows/cleanup_acr_images.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: Deploy Terraform - -on: - push: - branches: - - main - - production - paths: - - '**.tf' - -env: - AZURE_CREDENTIALS: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","subscriptionId":"${{ secrets.AZURE_SUBSCRIPTION_ID }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}' - -jobs: - pre_job: - name: Set Build Environment - concurrency: - group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }} - cancel-in-progress: true - runs-on: ubuntu-latest - outputs: - env_name: ${{ steps.build_vars.outputs.env_name }} - tf_change: ${{ steps.build_vars.outputs.has_terraform_change }} - steps: - - name: Check out changes - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 - - name: Build vars - id: build_vars - uses: ./.github/actions/build-vars - - confirm_changes: - name: Check Terraform Stats - ${{ needs.pre_job.outputs.env_name }} - if: ${{ needs.pre_job.outputs.tf_change == 'true' }} - concurrency: - group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }} - cancel-in-progress: true - needs: - - pre_job - environment: ${{ needs.pre_job.outputs.env_name }} - runs-on: ubuntu-latest - outputs: - change_count: ${{ steps.stats1.outputs.change-count }} - steps: - - name: Check Out Changes - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 - - name: Connect to VPN and login to Azure - uses: ./.github/actions/vpn-azure - with: - env-name: ${{ needs.pre_job.outputs.env_name }} - tls-key: ${{ secrets.TLS_KEY }} - ca-cert: ${{ secrets.CA_CRT}} - user-crt: ${{ secrets.USER_CRT }} - user-key: ${{ secrets.USER_KEY }} - sp-creds: ${{ env.AZURE_CREDENTIALS }} - tf-auth: true - - name: Collect Terraform stats - uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2 - id: stats1 - with: - terraform-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }} - terraform-version: 1.7.4 - add-args: "-refresh=false" - - name: Run Terraform Plan - run: | - terraform init -input=false - terraform validate - terraform fmt -recursive - terraform plan -out=tf.plan - - name: Run Terraform Apply - run: | - terraform apply -input=false -no-color -lock-timeout=600s -auto-approve tf.plan - - approve_deploy: - name: Approve Deploy - ${{ needs.pre_job.outputs.env_name }} - concurrency: - group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }} - cancel-in-progress: true - needs: - - pre_job - - confirm_changes - if: needs.confirm_changes.outputs.change_count > '0' - runs-on: ubuntu-latest - environment: ${{ needs.pre_job.outputs.env_name }}_terraform - steps: - - name: Echo change count - run: echo ${{ needs.confirm_changes.outputs.change_count }} - - run_deploy: - name: Run Deploy - ${{ needs.pre_job.outputs.env_name }} - concurrency: - group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }} - cancel-in-progress: true - needs: - - pre_job - - approve_deploy - if: needs.confirm_changes.outputs.change_count > '0' - runs-on: ubuntu-latest - environment: ${{ needs.pre_job.outputs.env_name }} - defaults: - run: - working-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }} - steps: - - name: Check Out Changes - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 - - name: Connect to VPN and login to Azure - uses: ./.github/actions/vpn-azure - with: - env-name: ${{ needs.pre_job.outputs.env_name }} - tls-key: ${{ secrets.TLS_KEY }} - ca-cert: ${{ secrets.CA_CRT}} - user-crt: ${{ secrets.USER_CRT }} - user-key: ${{ secrets.USER_KEY }} - sp-creds: ${{ env.AZURE_CREDENTIALS }} - tf-auth: true - - name: Use specific version of Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd - with: - terraform_version: 1.7.4 - terraform_wrapper: false - - name: Run Terraform - run: | - terraform init -input=false - terraform validate - terraform fmt -recursive - terraform plan -out ${{ needs.pre_job.outputs.env_name }}-tf.plan - terraform apply -input=false -no-color -lock-timeout=600s -auto-approve ${{ needs.pre_job.outputs.env_name }}-tf.plan diff --git a/.github/workflows/deploy_terraform.yml b/.github/workflows/deploy_terraform.yml index 940155cb8af..8e40b0415ba 100644 --- a/.github/workflows/deploy_terraform.yml +++ b/.github/workflows/deploy_terraform.yml @@ -54,39 +54,48 @@ jobs: sp-creds: ${{ env.AZURE_CREDENTIALS }} tf-auth: true - name: Collect Terraform stats - uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2 + uses: ./.github/actions/terraform-stats id: stats1 with: terraform-directory: operations/app/terraform/vars/${{ needs.pre_job.outputs.env_name }} terraform-version: 1.7.4 add-args: "-refresh=false" - - - name: Run Terraform Plan - run: | - terraform init -input=false - terraform validate - terraform fmt -recursive - terraform plan -out=tf.plan - - name: Run Terraform Apply - if: success() # This ensures apply only runs if plan was successful - run: | - terraform apply -input=false -no-color -lock-timeout=600s -auto-approve tf.plan - - approve_deploy: - name: Approve Deploy - ${{ needs.pre_job.outputs.env_name }} - concurrency: - group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }} - cancel-in-progress: true - needs: - - pre_job - - confirm_changes - if: needs.confirm_changes.outputs.change_count > '0' - runs-on: ubuntu-latest - environment: ${{ needs.pre_job.outputs.env_name }}_terraform - steps: - - name: Echo change count - run: echo ${{ needs.confirm_changes.outputs.change_count }} + - name: Terraform Format + # fails on formatting issues, fix locally with `tf fmt -recursive` and push again if this step fails + run: terraform fmt -check -recursive + + - name: "Terraform init" + run: terraform init -input=false + + - name: "Terraform validate" + run: terraform validate + + - name: Terraform Plan + run: | + terraform plan -out=tf.plan -input=false -no-color -lock-timeout=600s + + - name: Comment Plan on PR + uses: blinqas/tf-plan-pr-comment@v1 + with: + output_file: ${{ github.workspace }}/plan_output.txt + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + approve_deploy: + name: Approve Deploy - ${{ needs.pre_job.outputs.env_name }} + concurrency: + group: ${{ github.workflow }}-${{ needs.pre_job.outputs.env_name }} + cancel-in-progress: true + needs: + - pre_job + - confirm_changes + if: needs.confirm_changes.outputs.change_count > '0' + runs-on: ubuntu-latest + environment: ${{ needs.pre_job.outputs.env_name }}_terraform + steps: + - name: Echo change count + run: echo ${{ needs.confirm_changes.outputs.change_count }} run_deploy: name: Run Deploy - ${{ needs.pre_job.outputs.env_name }}