Skip to content

Read All Values from TFVars #4850

Read All Values from TFVars

Read All Values from TFVars #4850

name: "Terragrunt plan STAGING"
on:
workflow_dispatch:
pull_request:
paths:
- ".env"
- "aws/**"
- "env/staging/**"
- "env/terragrunt.hcl"
- ".github/workflows/terragrunt_plan_staging.yml"
permissions:
id-token: write # This is required for requesting the OIDC JWT
contents: write # This is required for actions/checkout
pull-requests: write
env:
TARGET_ENV_PATH: staging
AWS_REGION: ca-central-1
TF_VAR_new_relic_api_key: ${{ secrets.STAGING_NEW_RELIC_API_KEY }}
TF_VAR_new_relic_account_id: ${{ secrets.STAGING_NEW_RELIC_ACCOUNT_ID }}
TF_VAR_new_relic_slack_webhook_url: ${{ secrets.STAGING_NEW_RELIC_SLACK_WEBHOOK_URL }}
TF_VAR_base_domain: ${{secrets.STAGING_BASE_DOMAIN}}
TF_VAR_alt_base_domain: ${{secrets.STAGING_ALT_BASE_DOMAIN}}
TF_VAR_dbtools_password: ${{ secrets.STAGING_DBTOOLS_PASSWORD }}
TF_VAR_heartbeat_api_key: ${{ secrets.STAGING_HEARTBEAT_API_KEY }}
TF_VAR_heartbeat_sms_number: ${{ secrets.STAGING_HEARTBEAT_SMS_NUMBER }}
TF_VAR_rds_cluster_password: ${{ secrets.STAGING_RDS_CLUSTER_PASSWORD }}
TF_VAR_app_db_user_password: ${{ secrets.STAGING_APP_DB_USER_PASSWORD }}
TF_VAR_quicksight_db_user_password: ${{ secrets.STAGING_QUICKSIGHT_DB_USER_PASSWORD }}
TF_VAR_cloudwatch_opsgenie_alarm_webhook: ""
TF_VAR_cloudwatch_slack_webhook_warning_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }}
TF_VAR_cloudwatch_slack_webhook_critical_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }}
TF_VAR_cloudwatch_slack_webhook_general_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }}
TF_VAR_notify_o11y_google_oauth_client_id: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_ID_STAGING }}
TF_VAR_notify_o11y_google_oauth_client_secret: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_SECRET_STAGING }}
TF_VAR_sentinel_customer_id: ${{ secrets.SENTINEL_CUSTOMER_ID }}
TF_VAR_sentinel_shared_key: ${{ secrets.SENTINEL_SHARED_KEY }}
TF_VAR_slack_channel_warning_topic: "notification-staging-ops"
TF_VAR_slack_channel_critical_topic: "notification-staging-ops"
TF_VAR_slack_channel_general_topic: "notification-staging-ops"
TF_VAR_sqlalchemy_database_reader_uri: ${{ secrets.STAGING_SQLALCHEMY_DATABASE_READER_URI }}
TF_VAR_system_status_admin_url: "https://staging.notification.cdssandbox.xyz"
TF_VAR_system_status_api_url: "https://api.staging.notification.cdssandbox.xyz"
TF_VAR_system_status_bucket_name: "notification-canada-ca-staging-system-status"
TF_VAR_new_relic_license_key: ${{ secrets.STAGING_NEW_RELIC_LICENSE_KEY }}
TF_VAR_waf_secret: ${{secrets.STAGING_WAF_SECRET}}
# Prevents repeated creation of the Slack lambdas if already existing.
# See: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/84
TF_RECREATE_MISSING_LAMBDA_PACKAGE: false
TF_VAR_perf_test_phone_number: ${{ secrets.PERF_TEST_PHONE_NUMBER }}
TF_VAR_perf_test_email: ${{ secrets.PERF_TEST_EMAIL }}
TF_VAR_perf_test_domain: ${{ secrets.PERF_TEST_DOMAIN }}
TF_VAR_perf_test_auth_header: ${{ secrets.PERF_TEST_AUTH_HEADER }}
TF_VAR_client_vpn_access_group_id: ${{ secrets.STAGING_CLIENT_VPN_ACCESS_GROUP_ID }}
TF_VAR_client_vpn_saml_metadata: ${{ secrets.STAGING_CLIENT_VPN_SAML_METADATA }}
TF_VAR_client_vpn_self_service_saml_metadata: ${{ secrets.STAGING_CLIENT_VPN_SELF_SERVICE_SAML_METADATA }}
TF_VAR_pr_bot_installation_id: ${{ secrets.NOTIFY_PR_BOT_INSTALLATION_ID_MANIFESTS }}
TF_VAR_pr_bot_app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }}
TF_VAR_pr_bot_private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }}
TF_VAR_budget_sre_bot_webhook: ${{ secrets.STAGING_BUDGET_SRE_BOT_WEBHOOK }}
TF_VAR_enable_sentinel_forwarding: true
TF_VAR_aws_xray_sdk_enabled: true
jobs:
terragrunt-filter:
runs-on: ubuntu-latest
outputs:
common: ${{ steps.filter.outputs.common }}
ecr: ${{ steps.filter.outputs.ecr }}
ses_receiving_emails: ${{ steps.filter.outputs.ses_receiving_emails }}
ses_to_sqs_email_callbacks: ${{ steps.filter.outputs.ses_to_sqs_email_callbacks }}
sns_to_sqs_sms_callbacks: ${{ steps.filter.outputs.sns_to_sqs_sms_callbacks }}
pinpoint_to_sqs_sms_callbacks: ${{ steps.filter.outputs.pinpoint_to_sqs_sms_callbacks }}
dns: ${{ steps.filter.outputs.dns }}
ses_validation_dns_entries: ${{ steps.filter.outputs.ses_validation_dns_entries }}
eks: ${{ steps.filter.outputs.eks }}
rds: ${{ steps.filter.outputs.rds }}
lambda-api: ${{ steps.filter.outputs.lambda-api }}
heartbeat: ${{ steps.filter.outputs.heartbeat }}
database-tools: ${{ steps.filter.outputs.database-tools }}
quicksight: ${{ steps.filter.outputs.quicksight }}
lambda-google-cidr: ${{ steps.filter.outputs.lambda-google-cidr }}
system_status: ${{ steps.filter.outputs.system_status }}
system_status_static_site: ${{ steps.filter.outputs.system_status_static_site }}
newrelic: ${{ steps.filter.outputs.newrelic }}
steps:
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
filters: |
common:
- '.github/workflows/terragrunt-plan-staging.yml'
- 'aws/common/**'
- 'env/staging/common/**'
- 'env/terragrunt.hcl'
- 'env/staging/env_vars.hcl'
dns:
- 'aws/dns/**'
- 'env/staging/dns/**'
ses_validation_dns_entries:
- 'aws/ses_validation_dns_entries/**'
- 'env/staging/ses_validation_dns_entries/**'
ecr:
- 'aws/ecr/**'
- 'env/staging/ecr/**'
eks:
- 'aws/eks/**'
- 'env/staging/eks/**'
elasticache:
- 'aws/elasticache/**'
- 'env/staging/elasticache/**'
rds:
- 'aws/rds/**'
- 'env/staging/rds/**'
cloudfront:
- 'aws/cloudfront/**'
- 'env/staging/cloudfront/**'
lambda-api:
- 'aws/lambda-api/**'
- 'env/staging/lambda-api/**'
lambda-admin-pr:
- 'aws/lambda-admin-pr/**'
- 'env/staging/lambda-admin-pr/**'
performance-test:
- 'aws/performance-test/**'
- 'env/staging/performance-test/**'
heartbeat:
- 'aws/heartbeat/**'
- 'env/staging/heartbeat/**'
database-tools:
- 'aws/database-tools/**'
- 'env/staging/database-tools/**'
system_status:
- 'aws/system_status/**'
- 'env/staging/system_status/**'
system_status_static_site:
- 'aws/system_status_static_site/**'
- 'env/staging/system_status_static_site/**'
quicksight:
- 'aws/quicksight/**'
- 'env/staging/quicksight/**'
lambda-google-cidr:
- 'aws/lambda-google-cidr/**'
- 'env/staging/lambda-google-cidr/**'
ses_receiving_emails:
- 'aws/ses_receiving_emails/**'
- 'env/staging/ses_receiving_emails/**'
ses_to_sqs_email_callbacks:
- 'aws/ses_to_sqs_email_callbacks/**'
- 'env/staging/ses_to_sqs_email_callbacks/**'
sns_to_sqs_sms_callbacks:
- 'aws/sns_to_sqs_sms_callbacks/**'
- 'env/staging/sns_to_sqs_sms_callbacks/**'
pinpoint_to_sqs_sms_callbacks:
- 'aws/pinpoint_to_sqs_sms_callbacks/**'
- 'env/staging/pinpoint_to_sqs_sms_callbacks/**'
newrelic:
- 'aws/newrelic/**'
- 'env/staging/newrelic/**'
terragrunt-plan-common:
if: |
needs.terragrunt-filter.outputs.common == 'true'
runs-on: ubuntu-latest
needs: terragrunt-filter
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan common
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/common"
comment-delete: "true"
comment-title: "Staging: common"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-ecr:
if: |
always() &&
needs.terragrunt-filter.outputs.ecr == 'true' &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: terragrunt-filter
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ECR
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/ecr"
comment-delete: "true"
comment-title: "Staging: ecr"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-ses_receiving_emails:
if: |
always() &&
(needs.terragrunt-filter.outputs.ses_receiving_emails == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ses_receiving_emails
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/ses_receiving_emails"
comment-delete: "true"
comment-title: "Staging: ses_receiving_emails"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-dns:
if: |
always() &&
(needs.terragrunt-filter.outputs.dns == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ses_receiving_emails]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan dns
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/dns"
comment-delete: "true"
comment-title: "Staging: dns"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-ses_validation_dns_entries:
if: |
always() &&
needs.terragrunt-filter.outputs.ses_validation_dns_entries == 'true' &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-dns]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ses_validation_dns_entries
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/ses_validation_dns_entries"
comment-delete: "true"
comment-title: "Staging: ses_validation_dns_entries"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-cloudfront:
if: |
always() &&
(needs.terragrunt-filter.outputs.cloudfront == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan cloudfront
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/cloudfront"
comment-delete: "true"
comment-title: "Staging: cloudfront"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-eks:
if: |
always() &&
(needs.terragrunt-filter.outputs.eks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-dns,terragrunt-plan-cloudfront]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan eks
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/eks"
comment-delete: "true"
comment-title: "Staging: eks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-elasticache:
if: |
always() &&
(needs.terragrunt-filter.outputs.elasticache == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan elasticache
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/elasticache"
comment-delete: "true"
comment-title: "Staging: elasticache"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-rds:
if: |
always() &&
(needs.terragrunt-filter.outputs.rds == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan rds
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/rds"
comment-delete: "true"
comment-title: "Staging: rds"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-lambda-api:
if: |
always() &&
(needs.terragrunt-filter.outputs.lambda-api == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-ecr,terragrunt-plan-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan lambda-api
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/lambda-api"
comment-delete: "true"
comment-title: "Staging: lambda-api"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-lambda-admin-pr:
if: |
always() &&
(needs.terragrunt-filter.outputs.lambda-admin-pr == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-elasticache,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan lambda-admin-pr
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/lambda-admin-pr"
comment-delete: "true"
comment-title: "Staging: lambda-admin-pr"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-performance-test:
if: |
always() &&
(needs.terragrunt-filter.outputs.performance-test == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan performance-test
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/performance-test"
comment-delete: "true"
comment-title: "Staging: performance-test"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-heartbeat:
if: |
always() &&
(needs.terragrunt-filter.outputs.heartbeat == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan heartbeat
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/heartbeat"
comment-delete: "true"
comment-title: "Staging: heartbeat"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-database-tools:
if: |
always() &&
(needs.terragrunt-filter.outputs.database-tools == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan database-tools
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/database-tools"
comment-delete: "true"
comment-title: "Staging: database-tools"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-quicksight:
if: |
always() &&
(needs.terragrunt-filter.outputs.quicksight == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan quicksight
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/quicksight"
comment-delete: "true"
comment-title: "Staging: quicksight"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-lambda-google-cidr:
if: |
always() &&
(needs.terragrunt-filter.outputs.lambda-google-cidr == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan lambda-google-cidr
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/lambda-google-cidr"
comment-delete: "true"
comment-title: "Staging: lambda-google-cidr"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-ses_to_sqs_email_callbacks:
if: |
always() &&
(needs.terragrunt-filter.outputs.ses_to_sqs_email_callbacks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ses_to_sqs_email_callbacks
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/ses_to_sqs_email_callbacks"
comment-delete: "true"
comment-title: "Staging: ses_to_sqs_email_callbacks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-sns_to_sqs_sms_callbacks:
if: |
always() &&
(needs.terragrunt-filter.outputs.sns_to_sqs_sms_callbacks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan sns_to_sqs_sms_callbacks
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/sns_to_sqs_sms_callbacks"
comment-delete: "true"
comment-title: "Staging: sns_to_sqs_sms_callbacks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-pinpoint_to_sqs_sms_callbacks:
if: |
always() &&
(needs.terragrunt-filter.outputs.pinpoint_to_sqs_sms_callbacks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan pinpoint_to_sqs_sms_callbacks
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
with:
directory: "env/staging/pinpoint_to_sqs_sms_callbacks"
comment-delete: "true"
comment-title: "Staging: pinpoint_to_sqs_sms_callbacks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-system_status:
if: |
always() &&
(needs.terragrunt-filter.outputs.system_status == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr,terragrunt-plan-rds,terragrunt-plan-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan system_status
uses: cds-snc/terraform-plan@v3
with:
directory: "env/staging/system_status"
comment-delete: "true"
comment-title: "Staging: system_status"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
terragrunt-plan-system_status_static_site:
if: |
always() &&
(needs.terragrunt-filter.outputs.system_status_static_site == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: terragrunt-filter
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan aws/system_status_static_site
uses: cds-snc/terraform-plan@v3
with:
directory: "env/staging/system_status_static_site"
comment-delete: "true"
comment-title: "Staging: system_status_static_site"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
skip-conftest: "true"
terragrunt-plan-newrelic:
if: |
always() &&
(needs.terragrunt-filter.outputs.newrelic == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: terragrunt-filter
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan aws/newrelic
uses: cds-snc/terraform-plan@v3
with:
directory: "env/staging/newrelic"
comment-delete: "true"
comment-title: "Staging: newrelic"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
skip-conftest: "true"