Skip to content

Create Dev Environment #129

Create Dev Environment

Create Dev Environment #129

name: "Create Dev Environment"
on:
workflow_dispatch:
schedule:
# 17:00 UTC = 22:00 EST
- cron: "0 17 * * 0"
defaults:
run:
shell: bash
env:
ACCOUNT_ID: ${{ secrets.DEV_ACCOUNT_ID }}
AWS_REGION: ca-central-1
ENVIRONMENT: dev
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }}
WORKFLOW: true
permissions:
id-token: write
contents: write
pull-requests: write
jobs:
terragrunt-apply-common:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformDevApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply COMMON
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 600
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/common
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ecr:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Configure credentials to Notify Private ECR using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply
role-session-name: NotifyApiGitHubActions
aws-region: "ca-central-1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformDevApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ECR
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/ecr
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ecr-us-east:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Configure credentials to Notify Private ECR using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply
role-session-name: NotifyApiGitHubActions
aws-region: "us-east-1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformDevApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ECR US East
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/ecr-us-east
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ses_receiving_emails:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ses_receiving_emails
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/ses_receiving_emails
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-dns:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ses_receiving_emails]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply dns
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/dns
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ses_validation_dns_entries:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-dns]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ses_validation_dns_entries
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/ses_validation_dns_entries
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-cloudfront:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply cloudfront
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/cloudfront
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-eks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-dns,terragrunt-apply-cloudfront]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply eks
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 6000
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/eks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-elasticache:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply elasticache
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 3000
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/elasticache
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-rds:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply rds
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 6000
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/rds
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-lambda-api:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply lambda-api
run: |
cd env/${{env.ENVIRONMENT}}/lambda-api
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-lambda-admin-pr:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-elasticache,terragrunt-apply-ecr,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply lambda-admin-pr
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/lambda-admin-pr
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-performance-test:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply performance-test
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/performance-test
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-heartbeat:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply heartbeat
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/heartbeat
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-database-tools:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: Configure credentials to Notify Private ECR using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply
role-session-name: NotifyApiGitHubActions
aws-region: "ca-central-1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: terragrunt apply database-tools
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/database-tools
terragrunt apply --terragrunt-non-interactive -auto-approve
# terragrunt-apply-quicksight:
# if: |
# always() &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# runs-on: ubuntu-latest
# needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds]
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
# role_session_name: NotifyTerraformApply
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# sudo mkdir -p aws
# cd aws
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
# - name: terragrunt apply quicksight
# run: |
# cd env/${{env.ENVIRONMENT}}/quicksight
# terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-lambda-google-cidr:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply lambda-google-cidr
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/lambda-google-cidr
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ses_to_sqs_email_callbacks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ses_to_sqs_email_callbacks
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-sns_to_sqs_sms_callbacks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply sns_to_sqs_sms_callbacks
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-pinpoint_to_sqs_sms_callbacks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply pinpoint_to_sqs_sms_callbacks
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-system_status:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east,terragrunt-apply-rds,terragrunt-apply-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply system_status
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/system_status
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-system_status_static_site:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-common,terragrunt-apply-system_status]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply system_status_static_site
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/system_status_static_site
terragrunt apply --terragrunt-non-interactive -auto-approve
# terragrunt-apply-newrelic:
# if: |
# always() &&
# !contains(needs.*.result, 'failure') &&
# !contains(needs.*.result, 'cancelled')
# needs: [terragrunt-apply-common]
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# - name: setup-terraform
# uses: ./.github/actions/setup-terraform
# with:
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
# role_session_name: NotifyTerraformApply
# - name: Install 1Pass CLI
# run: |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
# sudo dpkg -i 1pass.deb
# sudo mkdir -p aws
# cd aws
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
# - name: terragrunt apply newrelic
# run: |
# cd env/${{env.ENVIRONMENT}}/newrelic
# terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-manifest_secrets:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-common, terragrunt-apply-eks, terragrunt-apply-rds, terragrunt-apply-elasticache, terragrunt-apply-ecr, terragrunt-apply-ecr-us-east, terragrunt-apply-lambda-admin-pr, terragrunt-apply-performance-test, terragrunt-apply-heartbeat, terragrunt-apply-database-tools, terragrunt-apply-lambda-google-cidr, terragrunt-apply-ses_to_sqs_email_callbacks, terragrunt-apply-sns_to_sqs_sms_callbacks, terragrunt-apply-pinpoint_to_sqs_sms_callbacks, terragrunt-apply-system_status, terragrunt-apply-system_status_static_site]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply manifest_secrets
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0
with:
timeout_seconds: 1200
max_attempts: 3
retry_on: error
command: |
cd env/${{env.ENVIRONMENT}}/manifest_secrets
terragrunt apply --terragrunt-non-interactive -auto-approve
deploy-application:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-eks, terragrunt-apply-rds]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Setup helmfile
uses: mamezou-tech/setup-helmfile@03233e1cd9b19b2ba320e431f7bcc0618db4248d # v2.0.0
with:
install-kubectl: yes
install-helm: yes
helmfile-version: "v0.151.0"
- name: Install sponge
run: |
sudo apt update
sudo apt-get install -y moreutils
- name: Install OpenVPN
run: |
sudo apt update
sudo apt install -y openvpn openvpn-systemd-resolved
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
- name: Retrieve VPN Config
run: |
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
cd ../env/${{env.ENVIRONMENT}}/eks
ENDPOINT_ID=$(terragrunt output --raw gha_vpn_id)
CERT=$(terragrunt output --raw gha_vpn_certificate)
KEY=$(terragrunt output --raw gha_vpn_key)
aws ec2 export-client-vpn-client-configuration --client-vpn-endpoint-id $ENDPOINT_ID --output text > /var/tmp/${{env.ENVIRONMENT}}.ovpn
echo "<cert>
$CERT
</cert>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn
echo "<key>
$KEY
</key>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn
- name: Connect to VPN
uses: "kota65535/github-openvpn-connect-action@cd2ed8a90cc7b060dc4e001143e811b5f7ea0af5" # v3.1.0
with:
config_file: /var/tmp/${{env.ENVIRONMENT}}.ovpn
echo_config: false
- name: Configure kubeconfig
run: |
aws eks update-kubeconfig --name notification-canada-ca-dev-eks-cluster
kubectl config rename-context arn:aws:eks:ca-central-1:${{env.ACCOUNT_ID}}:cluster/notification-canada-ca-dev-eks-cluster dev
- name: terragrunt apply k8s-fix
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
cd ../env/${{env.ENVIRONMENT}}/${{env.ENVIRONMENT}}_only_kubernetes_fix
export TF_VAR_role_name=$(aws iam list-roles | jq -r '.Roles[] | select(.RoleName|match("AWSReservedSSO_AWSAdministratorAccess_*")) | .RoleName')
terragrunt apply --terragrunt-non-interactive -auto-approve
- name: Apply Manifests
continue-on-error: true
run: |
git clone https://github.com/cds-snc/notification-manifests.git /var/tmp/notification-manifests
cd /var/tmp/notification-manifests
cd /var/tmp/notification-manifests/helmfile
source getContext.sh
helmfile -e dev -l step=0 apply
sleep 5
helmfile -e dev -l step=1 apply
sleep 5
helmfile -e dev -l step=2 apply
sleep 5
helmfile -e dev -l step=3 apply
sleep 5
helmfile -e dev -l step=4 apply
sleep 5
cd ..
make decrypt-dev
cd env/${{env.ENVIRONMENT}}
export ADMIN_TARGET_GROUP_ARN=$(echo $ADMIN_TARGET_GROUP_ARN | sed 's/\//\\\//g')
export API_TARGET_GROUP_ARN=$(echo $API_TARGET_GROUP_ARN | sed 's/\//\\\//g')
export DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN=$(echo $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN | sed 's/\//\\\//g')
export DOCUMENTATION_TARGET_GROUP_ARN=$(echo $DOCUMENTATION_TARGET_GROUP_ARN | sed 's/\//\\\//g')
sed "s/targetGroupARN.*/targetGroupARN: $ADMIN_TARGET_GROUP_ARN/" admin-target-group.yaml | sponge admin-target-group.yaml
sed "s/targetGroupARN.*/targetGroupARN: $API_TARGET_GROUP_ARN/" api-target-group.yaml | sponge api-target-group.yaml
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN/" document-download-api-target-group.yaml | sponge document-download-api-target-group.yaml
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENTATION_TARGET_GROUP_ARN/" documentation-target-group.yaml | sponge documentation-target-group.yaml
kubectl apply -k . 2>&1
- name: Apply Manifests Take 2
continue-on-error: true
run: |
cd /var/tmp/notification-manifests/helmfile
source getContext.sh
cd ..
make decrypt-dev
cd env/${{env.ENVIRONMENT}}
export ADMIN_TARGET_GROUP_ARN=$(echo $ADMIN_TARGET_GROUP_ARN | sed 's/\//\\\//g')
export API_TARGET_GROUP_ARN=$(echo $API_TARGET_GROUP_ARN | sed 's/\//\\\//g')
export DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN=$(echo $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN | sed 's/\//\\\//g')
export DOCUMENTATION_TARGET_GROUP_ARN=$(echo $DOCUMENTATION_TARGET_GROUP_ARN | sed 's/\//\\\//g')
sed "s/targetGroupARN.*/targetGroupARN: $ADMIN_TARGET_GROUP_ARN/" admin-target-group.yaml | sponge admin-target-group.yaml
sed "s/targetGroupARN.*/targetGroupARN: $API_TARGET_GROUP_ARN/" api-target-group.yaml | sponge api-target-group.yaml
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN/" document-download-api-target-group.yaml | sponge document-download-api-target-group.yaml
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENTATION_TARGET_GROUP_ARN/" documentation-target-group.yaml | sponge documentation-target-group.yaml
sleep 30
kubectl apply -k .