Skip to content

Read All Values from TFVars #64

Read All Values from TFVars

Read All Values from TFVars #64

name: "Terragrunt plan DEV"
env:
ENVIRONMENT: dev
ACCOUNT_ID: ${{ secrets.DEV_ACCOUNT_ID }}
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
on:
workflow_dispatch:
pull_request:
paths:
- ".env"
- "aws/**"
- "env/$ENVIRONMENT/**"
- "env/terragrunt.hcl"
- ".github/workflows/terragrunt_plan_$ENVIRONMENT.yml"
permissions:
id-token: write # This is required for requesting the OIDC JWT
contents: write # This is required for actions/checkout
pull-requests: write
jobs:
terragrunt-filter:
runs-on: ubuntu-latest
outputs:
common: ${{ steps.filter.outputs.common }}
ecr: ${{ steps.filter.outputs.ecr }}
ses_receiving_emails: ${{ steps.filter.outputs.ses_receiving_emails }}
ses_to_sqs_email_callbacks: ${{ steps.filter.outputs.ses_to_sqs_email_callbacks }}
sns_to_sqs_sms_callbacks: ${{ steps.filter.outputs.sns_to_sqs_sms_callbacks }}
pinpoint_to_sqs_sms_callbacks: ${{ steps.filter.outputs.pinpoint_to_sqs_sms_callbacks }}
dns: ${{ steps.filter.outputs.dns }}
ses_validation_dns_entries: ${{ steps.filter.outputs.ses_validation_dns_entries }}
eks: ${{ steps.filter.outputs.eks }}
rds: ${{ steps.filter.outputs.rds }}
lambda-api: ${{ steps.filter.outputs.lambda-api }}
heartbeat: ${{ steps.filter.outputs.heartbeat }}
database-tools: ${{ steps.filter.outputs.database-tools }}
quicksight: ${{ steps.filter.outputs.quicksight }}
lambda-google-cidr: ${{ steps.filter.outputs.lambda-google-cidr }}
system_status: ${{ steps.filter.outputs.system_status }}
system_status_static_site: ${{ steps.filter.outputs.system_status_static_site }}
newrelic: ${{ steps.filter.outputs.newrelic }}
steps:
- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: filter
with:
filters: |
common:
- '.github/workflows/terragrunt-plan-${{env.ENVIRONMENT}}.yml'
- 'aws/common/**'
- 'env/${{env.ENVIRONMENT}}/common/**'
- 'env/terragrunt.hcl'
dns:
- 'aws/dns/**'
- 'env/${{env.ENVIRONMENT}}/dns/**'
ses_validation_dns_entries:
- 'aws/ses_validation_dns_entries/**'
- 'env/${{env.ENVIRONMENT}}/ses_validation_dns_entries/**'
ecr:
- 'aws/ecr/**'
- 'env/${{env.ENVIRONMENT}}/ecr/**'
eks:
- 'aws/eks/**'
- 'env/${{env.ENVIRONMENT}}/eks/**'
elasticache:
- 'aws/elasticache/**'
- 'env/${{env.ENVIRONMENT}}/elasticache/**'
rds:
- 'aws/rds/**'
- 'env/${{env.ENVIRONMENT}}/rds/**'
cloudfront:
- 'aws/cloudfront/**'
- 'env/${{env.ENVIRONMENT}}/cloudfront/**'
lambda-api:
- 'aws/lambda-api/**'
- 'env/${{env.ENVIRONMENT}}/lambda-api/**'
lambda-admin-pr:
- 'aws/lambda-admin-pr/**'
- 'env/${{env.ENVIRONMENT}}/lambda-admin-pr/**'
performance-test:
- 'aws/performance-test/**'
- 'env/${{env.ENVIRONMENT}}/performance-test/**'
heartbeat:
- 'aws/heartbeat/**'
- 'env/${{env.ENVIRONMENT}}/heartbeat/**'
database-tools:
- 'aws/database-tools/**'
- 'env/${{env.ENVIRONMENT}}/database-tools/**'
system_status:
- 'aws/system_status/**'
- 'env/${{env.ENVIRONMENT}}/system_status/**'
system_status_static_site:
- 'aws/system_status_static_site/**'
- 'env/${{env.ENVIRONMENT}}/system_status_static_site/**'
quicksight:
- 'aws/quicksight/**'
- 'env/${{env.ENVIRONMENT}}/quicksight/**'
lambda-google-cidr:
- 'aws/lambda-google-cidr/**'
- 'env/${{env.ENVIRONMENT}}/lambda-google-cidr/**'
ses_receiving_emails:
- 'aws/ses_receiving_emails/**'
- 'env/${{env.ENVIRONMENT}}/ses_receiving_emails/**'
ses_to_sqs_email_callbacks:
- 'aws/ses_to_sqs_email_callbacks/**'
- 'env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks/**'
sns_to_sqs_sms_callbacks:
- 'aws/sns_to_sqs_sms_callbacks/**'
- 'env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks/**'
pinpoint_to_sqs_sms_callbacks:
- 'aws/pinpoint_to_sqs_sms_callbacks/**'
- 'env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks/**'
newrelic:
- 'aws/newrelic/**'
- 'env/${{env.ENVIRONMENT}}/newrelic/**'
terragrunt-plan-common:
if: |
needs.terragrunt-filter.outputs.common == 'true'
runs-on: ubuntu-latest
needs: terragrunt-filter
env:
COMPONENT: common
steps:
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
- name: Retrieve TFVars
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ${{env.COMPONENT}}
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
cd env/${{env.ENVIRONMENT}}/${{env.COMPONENT}}
terragrunt plan --terragrunt-non-interactive
terragrunt-plan-ecr:
if: |
always() &&
needs.terragrunt-filter.outputs.ecr == 'true' &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: terragrunt-filter
env:
COMPONENT: ecr
steps:
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
- name: Retrieve TFVars
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ${{env.COMPONENT}}
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
cd env/${{env.ENVIRONMENT}}/${{env.COMPONENT}}
terragrunt plan --terragrunt-non-interactive
terragrunt-plan-ses_receiving_emails:
if: |
always() &&
(needs.terragrunt-filter.outputs.ses_receiving_emails == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: terragrunt-filter
env:
COMPONENT: ses_receiving_emails
steps:
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
- name: Retrieve TFVars
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
role_session_name: NotifyTerraformPlan
- name: Terragrunt plan ${{env.COMPONENT}}
run: |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
cd env/${{env.ENVIRONMENT}}/${{env.COMPONENT}}
terragrunt plan --terragrunt-non-interactive
# terragrunt-plan-dns:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.dns == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ses_receiving_emails]
# env:
# COMPONENT: dns
# steps:
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Terragrunt plan ${{env.COMPONENT}}
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
# cd env/${{env.ENVIRONMENT}}/${{env.COMPONENT}}
# terragrunt plan --terragrunt-non-interactive
# terragrunt-plan-ses_validation_dns_entries:
# if: |
# always() &&
# needs.terragrunt-filter.outputs.ses_validation_dns_entries == 'true' &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-dns]
# env:
# COMPONENT: ses_validation_dns_entries
# steps:
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Terragrunt plan ${{env.COMPONENT}}
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
# cd env/${{env.ENVIRONMENT}}/${{env.COMPONENT}}
# terragrunt plan --terragrunt-non-interactive
# terragrunt-plan-cloudfront:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.cloudfront == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common]
# env:
# COMPONENT: cloudfront
# steps:
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Terragrunt plan ${{env.COMPONENT}}
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > /var/tmp/${{env.ENVIRONMENT}}.tfvars
# cd env/${{env.ENVIRONMENT}}/${{env.COMPONENT}}
# terragrunt plan --terragrunt-non-interactive
# terragrunt-plan-eks:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.eks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-dns,terragrunt-plan-cloudfront]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/eks/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan eks
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/eks"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: eks"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-elasticache:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.elasticache == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/elasticache/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan elasticache
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/elasticache"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: elasticache"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-rds:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.rds == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/rds/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan rds
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/rds"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: rds"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-lambda-api:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.lambda-api == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-ecr,terragrunt-plan-rds]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/lambda-api/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan lambda-api
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/lambda-api"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: lambda-api"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-lambda-admin-pr:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.lambda-admin-pr == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-elasticache,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/lambda-admin-pr/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan lambda-admin-pr
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/lambda-admin-pr"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: lambda-admin-pr"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-performance-test:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.performance-test == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/performance-test/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan performance-test
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/performance-test"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: performance-test"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-heartbeat:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.heartbeat == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/heartbeat/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan heartbeat
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/heartbeat"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: heartbeat"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-database-tools:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.database-tools == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-rds]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/database-tools/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan database-tools
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/database-tools"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: database-tools"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-quicksight:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.quicksight == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-rds]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/quicksight/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan quicksight
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/quicksight"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: quicksight"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-lambda-google-cidr:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.lambda-google-cidr == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-eks,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/lambda-google-cidr/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan lambda-google-cidr
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/lambda-google-cidr"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: lambda-google-cidr"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-ses_to_sqs_email_callbacks:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.ses_to_sqs_email_callbacks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan ses_to_sqs_email_callbacks
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: ses_to_sqs_email_callbacks"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-sns_to_sqs_sms_callbacks:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.sns_to_sqs_sms_callbacks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan sns_to_sqs_sms_callbacks
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: sns_to_sqs_sms_callbacks"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-pinpoint_to_sqs_sms_callbacks:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.pinpoint_to_sqs_sms_callbacks == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan pinpoint_to_sqs_sms_callbacks
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: pinpoint_to_sqs_sms_callbacks"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-system_status:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.system_status == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-filter,terragrunt-plan-common,terragrunt-plan-ecr,terragrunt-plan-rds,terragrunt-plan-eks]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/system_status/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan system_status
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/system_status"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: system_status"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# terragrunt-plan-system_status_static_site:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.system_status_static_site == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: terragrunt-filter
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/system_status_static_site/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan aws/system_status_static_site
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/system_status_static_site"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: system_status_static_site"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# skip-conftest: "true"
# terragrunt-plan-newrelic:
# if: |
# always() &&
# (needs.terragrunt-filter.outputs.newrelic == 'true' || needs.terragrunt-filter.outputs.common == 'true') &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: terragrunt-filter
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
# role_session_name: NotifyTerraformPlan
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# - name: Retrieve TFVars
# run: |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > env/${{env.ENVIRONMENT}}/newrelic/${{env.ENVIRONMENT}}.tfvars
# - name: Terragrunt plan aws/newrelic
# uses: cds-snc/terraform-plan@2aa797a64e4a37d05fcee5a62195f4c2bde5a0ba
# with:
# directory: "env/${{env.ENVIRONMENT}}/newrelic"
# comment-delete: "true"
# comment-title: "${{env.ENVIRONMENT}}: newrelic"
# github-token: "${{ secrets.GITHUB_TOKEN }}"
# terragrunt: "true"
# skip-conftest: "true"