Skip to content

Read All Values from TFVars #32

Read All Values from TFVars

Read All Values from TFVars #32

name: "Terragrunt plan DEV"
env:
ENVIRONMENT: dev
ACCOUNT_ID: "800095993820"
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
on:
workflow_dispatch:
pull_request:
paths:
- ".env"
- "aws/**"
- "env/$ENVIRONMENT/**"
- "env/terragrunt.hcl"
- ".github/workflows/terragrunt_plan_$ENVIRONMENT.yml"
permissions:
id-token: write # This is required for requesting the OIDC JWT
contents: write # This is required for actions/checkout
pull-requests: write
jobs:
terragrunt-filter:
runs-on: ubuntu-latest
outputs:
common: ${{ steps.filter.outputs.common }}
ecr: ${{ steps.filter.outputs.ecr }}
ses_receiving_emails: ${{ steps.filter.outputs.ses_receiving_emails }}
ses_to_sqs_email_callbacks: ${{ steps.filter.outputs.ses_to_sqs_email_callbacks }}
sns_to_sqs_sms_callbacks: ${{ steps.filter.outputs.sns_to_sqs_sms_callbacks }}
pinpoint_to_sqs_sms_callbacks: ${{ steps.filter.outputs.pinpoint_to_sqs_sms_callbacks }}
dns: ${{ steps.filter.outputs.dns }}
ses_validation_dns_entries: ${{ steps.filter.outputs.ses_validation_dns_entries }}
eks: ${{ steps.filter.outputs.eks }}
rds: ${{ steps.filter.outputs.rds }}
lambda-api: ${{ steps.filter.outputs.lambda-api }}
heartbeat: ${{ steps.filter.outputs.heartbeat }}
database-tools: ${{ steps.filter.outputs.database-tools }}
quicksight: ${{ steps.filter.outputs.quicksight }}
lambda-google-cidr: ${{ steps.filter.outputs.lambda-google-cidr }}
system_status: ${{ steps.filter.outputs.system_status }}
system_status_static_site: ${{ steps.filter.outputs.system_status_static_site }}
newrelic: ${{ steps.filter.outputs.newrelic }}
steps:
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
filters: |
common:
- '.github/workflows/terragrunt-plan-${{env.ENVIRONMENT}}.yml'
- 'aws/common/**'
- 'env/${{env.ENVIRONMENT}}/common/**'
- 'env/terragrunt.hcl'
dns:
- 'aws/dns/**'
- 'env/${{env.ENVIRONMENT}}/dns/**'
ses_validation_dns_entries:
- 'aws/ses_validation_dns_entries/**'
- 'env/${{env.ENVIRONMENT}}/ses_validation_dns_entries/**'
ecr:
- 'aws/ecr/**'
- 'env/${{env.ENVIRONMENT}}/ecr/**'
eks:
- 'aws/eks/**'
- 'env/${{env.ENVIRONMENT}}/eks/**'
elasticache:
- 'aws/elasticache/**'
- 'env/${{env.ENVIRONMENT}}/elasticache/**'
rds:
- 'aws/rds/**'
- 'env/${{env.ENVIRONMENT}}/rds/**'
cloudfront:
- 'aws/cloudfront/**'
- 'env/${{env.ENVIRONMENT}}/cloudfront/**'
lambda-api:
- 'aws/lambda-api/**'
- 'env/${{env.ENVIRONMENT}}/lambda-api/**'
lambda-admin-pr:
- 'aws/lambda-admin-pr/**'
- 'env/${{env.ENVIRONMENT}}/lambda-admin-pr/**'
performance-test:
- 'aws/performance-test/**'
- 'env/${{env.ENVIRONMENT}}/performance-test/**'
heartbeat:
- 'aws/heartbeat/**'
- 'env/${{env.ENVIRONMENT}}/heartbeat/**'
database-tools:
- 'aws/database-tools/**'
- 'env/${{env.ENVIRONMENT}}/database-tools/**'
system_status:
- 'aws/system_status/**'
- 'env/${{env.ENVIRONMENT}}/system_status/**'
system_status_static_site:
- 'aws/system_status_static_site/**'
- 'env/${{env.ENVIRONMENT}}/system_status_static_site/**'
quicksight:
- 'aws/quicksight/**'
- 'env/${{env.ENVIRONMENT}}/quicksight/**'
lambda-google-cidr:
- 'aws/lambda-google-cidr/**'
- 'env/${{env.ENVIRONMENT}}/lambda-google-cidr/**'
ses_receiving_emails:
- 'aws/ses_receiving_emails/**'
- 'env/${{env.ENVIRONMENT}}/ses_receiving_emails/**'
ses_to_sqs_email_callbacks:
- 'aws/ses_to_sqs_email_callbacks/**'
- 'env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks/**'
sns_to_sqs_sms_callbacks:
- 'aws/sns_to_sqs_sms_callbacks/**'
- 'env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks/**'
pinpoint_to_sqs_sms_callbacks:
- 'aws/pinpoint_to_sqs_sms_callbacks/**'
- 'env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks/**'
newrelic:
- 'aws/newrelic/**'
- 'env/${{env.ENVIRONMENT}}/newrelic/**'
terragrunt-plan-common:
if: |
needs.terragrunt-filter.outputs.common == 'true'
runs-on: ubuntu-latest
needs: terragrunt-filter
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
- name: Retrieve TFVars
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{ env.ENVIRONMENT }}.tfvars
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{ env.ENVIRONMENT }}.tfvars
- name: Terragrunt plan common
uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
with:
directory: "env/${{env.ENVIRONMENT}}/common"
comment-delete: "true"
comment-title: "${{env.ENVIRONMENT}}: common"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-all:
runs-on: ubuntu-latest
needs: terragrunt-filter
strategy:
matrix:
module: [
"ecr",
"ses_receiving_emails",
"ses_to_sqs_email_callbacks",
"sns_to_sqs_sms_callbacks",
"pinpoint_to_sqs_sms_callbacks",
"dns",
"ses_validation_dns_entries",
"eks",
"rds",
"lambda-api",
"heartbeat",
"database-tools",
"quicksight",
"lambda-google-cidr"
]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
- name: Retrieve TFVars
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{ env.ENVIRONMENT }}.tfvars
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{ env.ENVIRONMENT }}.tfvars
- name: Terragrunt plan ${{ matrix.module }}
if: |
always() &&
needs.terragrunt-filter.outputs.${{ matrix.module }} == 'true' &&
needs.terragrunt-filter.outputs.common == 'true' &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
with:
directory: "env/${{ env.ENVIRONMENT }}/${{ matrix.module }}"
comment-delete: "true"
comment-title: "${{ env.ENVIRONMENT }}: ${{ matrix.module }}"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"