upgrade RDS instances on production (#1481) #980
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Merge to main (Staging)" | |
| on: | |
| # This will be used to dispatch this workflow from the manifest repo when environment variables change | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - ".env" | |
| - "aws/**" | |
| - "env/staging/**" | |
| - ".github/workflows/merge_to_main_staging.yml" | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| AWS_REGION: ca-central-1 | |
| TF_VAR_new_relic_api_key: ${{ secrets.STAGING_NEW_RELIC_API_KEY }} | |
| TF_VAR_new_relic_account_id: ${{ secrets.STAGING_NEW_RELIC_ACCOUNT_ID }} | |
| TF_VAR_new_relic_slack_webhook_url: ${{ secrets.STAGING_NEW_RELIC_SLACK_WEBHOOK_URL }} | |
| TF_VAR_base_domain: ${{secrets.STAGING_BASE_DOMAIN}} | |
| TF_VAR_alt_base_domain: ${{secrets.STAGING_ALT_BASE_DOMAIN}} | |
| TF_VAR_dbtools_password: ${{ secrets.STAGING_DBTOOLS_PASSWORD }} | |
| TF_VAR_heartbeat_api_key: ${{ secrets.STAGING_HEARTBEAT_API_KEY }} | |
| TF_VAR_heartbeat_sms_number: ${{ secrets.STAGING_HEARTBEAT_SMS_NUMBER }} | |
| TF_VAR_rds_cluster_password: ${{ secrets.STAGING_RDS_CLUSTER_PASSWORD }} | |
| TF_VAR_app_db_user_password: ${{ secrets.STAGING_APP_DB_USER_PASSWORD }} | |
| TF_VAR_quicksight_db_user_password: ${{ secrets.STAGING_QUICKSIGHT_DB_USER_PASSWORD }} | |
| TF_VAR_cloudwatch_slack_webhook_warning_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }} | |
| TF_VAR_cloudwatch_slack_webhook_critical_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }} | |
| TF_VAR_cloudwatch_slack_webhook_general_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }} | |
| TF_VAR_notify_o11y_google_oauth_client_id: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_ID_STAGING }} | |
| TF_VAR_notify_o11y_google_oauth_client_secret: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_SECRET_STAGING }} | |
| TF_VAR_sentinel_customer_id: ${{ secrets.SENTINEL_CUSTOMER_ID }} | |
| TF_VAR_sentinel_shared_key: ${{ secrets.SENTINEL_SHARED_KEY }} | |
| TF_VAR_slack_channel_warning_topic: "notification-staging-ops" | |
| TF_VAR_slack_channel_critical_topic: "notification-staging-ops" | |
| TF_VAR_slack_channel_general_topic: "notification-staging-ops" | |
| TF_VAR_sqlalchemy_database_reader_uri: ${{ secrets.STAGING_SQLALCHEMY_DATABASE_READER_URI }} | |
| TF_VAR_system_status_admin_url: "https://staging.notification.cdssandbox.xyz" | |
| TF_VAR_system_status_api_url: "https://api.staging.notification.cdssandbox.xyz" | |
| TF_VAR_system_status_bucket_name: "notification-canada-ca-staging-system-status" | |
| TF_VAR_cloudwatch_opsgenie_alarm_webhook: "" | |
| TF_VAR_new_relic_license_key: ${{ secrets.STAGING_NEW_RELIC_LICENSE_KEY }} | |
| TF_VAR_perf_test_phone_number: ${{ secrets.PERF_TEST_PHONE_NUMBER }} | |
| TF_VAR_perf_test_email: ${{ secrets.PERF_TEST_EMAIL }} | |
| TF_VAR_perf_test_domain: ${{ secrets.PERF_TEST_DOMAIN }} | |
| TF_VAR_perf_test_auth_header: ${{ secrets.PERF_TEST_AUTH_HEADER }} | |
| TF_VAR_waf_secret: ${{secrets.STAGING_WAF_SECRET}} | |
| # Prevents repeated creation of the Slack lambdas if already existing. | |
| # See: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/84 | |
| TF_RECREATE_MISSING_LAMBDA_PACKAGE: false | |
| TF_VAR_client_vpn_access_group_id: ${{ secrets.STAGING_CLIENT_VPN_ACCESS_GROUP_ID }} | |
| TF_VAR_client_vpn_saml_metadata: ${{ secrets.STAGING_CLIENT_VPN_SAML_METADATA }} | |
| TF_VAR_client_vpn_self_service_saml_metadata: ${{ secrets.STAGING_CLIENT_VPN_SELF_SERVICE_SAML_METADATA }} | |
| TF_VAR_pr_bot_installation_id: ${{ secrets.NOTIFY_PR_BOT_INSTALLATION_ID_MANIFESTS }} | |
| TF_VAR_pr_bot_app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }} | |
| TF_VAR_pr_bot_private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }} | |
| TF_VAR_budget_sre_bot_webhook: ${{ secrets.STAGING_BUDGET_SRE_BOT_WEBHOOK }} | |
| TF_VAR_enable_sentinel_forwarding: true | |
| permissions: | |
| id-token: write | |
| contents: write | |
| pull-requests: write | |
| jobs: | |
| terragrunt-apply-common: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply common | |
| run: | | |
| cd env/staging/common | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-ecr: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply ECR | |
| run: | | |
| cd env/staging/ecr | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-ses_receiving_emails: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply ses_receiving_emails | |
| run: | | |
| cd env/staging/ses_receiving_emails | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-dns: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ses_receiving_emails] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply dns | |
| run: | | |
| cd env/staging/dns | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-ses_validation_dns_entries: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-dns] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply ses_validation_dns_entries | |
| run: | | |
| cd env/staging/ses_validation_dns_entries | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-cloudfront: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply cloudfront | |
| run: | | |
| cd env/staging/cloudfront | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-eks: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-dns,terragrunt-apply-cloudfront] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply eks | |
| run: | | |
| cd env/staging/eks | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-elasticache: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply elasticache | |
| run: | | |
| cd env/staging/elasticache | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-rds: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply rds | |
| run: | | |
| cd env/staging/rds | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-lambda-api: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply lambda-api | |
| run: | | |
| cd env/staging/lambda-api | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-lambda-admin-pr: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-elasticache,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply lambda-admin-pr | |
| run: | | |
| cd env/staging/lambda-admin-pr | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-performance-test: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply performance-test | |
| run: | | |
| cd env/staging/performance-test | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-heartbeat: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply heartbeat | |
| run: | | |
| cd env/staging/heartbeat | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-database-tools: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply database-tools | |
| run: | | |
| cd env/staging/database-tools | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-quicksight: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply quicksight | |
| run: | | |
| cd env/staging/quicksight | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-lambda-google-cidr: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply lambda-google-cidr | |
| run: | | |
| cd env/staging/lambda-google-cidr | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-ses_to_sqs_email_callbacks: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply ses_to_sqs_email_callbacks | |
| run: | | |
| cd env/staging/ses_to_sqs_email_callbacks | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-sns_to_sqs_sms_callbacks: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply sns_to_sqs_sms_callbacks | |
| run: | | |
| cd env/staging/sns_to_sqs_sms_callbacks | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-pinpoint_to_sqs_sms_callbacks: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply pinpoint_to_sqs_sms_callbacks | |
| run: | | |
| cd env/staging/pinpoint_to_sqs_sms_callbacks | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-system_status: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-rds,terragrunt-apply-eks] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply system_status | |
| run: | | |
| cd env/staging/system_status | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-system_status_static_site: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| needs: [terragrunt-apply-common,terragrunt-apply-system_status] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply aws/system_status_static_site | |
| run: | | |
| cd env/staging/system_status_static_site | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| terragrunt-apply-newrelic: | |
| if: | | |
| always() && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| needs: [terragrunt-apply-common] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: setup-terraform | |
| uses: ./.github/actions/setup-terraform | |
| with: | |
| role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply | |
| role_session_name: NotifyTerraformApply | |
| - name: Terragrunt apply aws/newrelic | |
| run: | | |
| cd env/staging/newrelic | |
| terragrunt apply --terragrunt-non-interactive -auto-approve | |
| bump-version-and-push-tag: | |
| if: | | |
| always() && | |
| github.event_name != 'workflow_dispatch' && | |
| !contains(needs.*.result, 'failure') && | |
| !contains(needs.*.result, 'cancelled') | |
| runs-on: ubuntu-latest | |
| needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-dns,terragrunt-apply-ses_validation_dns_entries,terragrunt-apply-cloudfront,terragrunt-apply-eks,terragrunt-apply-elasticache,terragrunt-apply-rds,terragrunt-apply-lambda-api,terragrunt-apply-lambda-admin-pr,terragrunt-apply-performance-test,terragrunt-apply-heartbeat,terragrunt-apply-database-tools,terragrunt-apply-quicksight,terragrunt-apply-lambda-google-cidr,terragrunt-apply-ses_to_sqs_email_callbacks,terragrunt-apply-sns_to_sqs_sms_callbacks,terragrunt-apply-pinpoint_to_sqs_sms_callbacks,terragrunt-apply-system_status,terragrunt-apply-ses_receiving_emails,terragrunt-apply-system_status_static_site,terragrunt-apply-newrelic] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| - name: bump-version-and-push-tag | |
| uses: mathieudutour/github-tag-action@bcb832838e1612ff92089d914bccc0fd39458223 # v4.6 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| release_branches: main |