Create Dev Environment #129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Create Dev Environment" | |
on: | |
workflow_dispatch: | |
schedule: | |
# 17:00 UTC = 22:00 EST | |
- cron: "0 17 * * 0" | |
defaults: | |
run: | |
shell: bash | |
env: | |
ACCOUNT_ID: ${{ secrets.DEV_ACCOUNT_ID }} | |
AWS_REGION: ca-central-1 | |
ENVIRONMENT: dev | |
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }} | |
WORKFLOW: true | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
jobs: | |
terragrunt-apply-common: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformDevApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply COMMON | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 600 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/common | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ecr: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Configure credentials to Notify Private ECR using OIDC | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply | |
role-session-name: NotifyApiGitHubActions | |
aws-region: "ca-central-1" | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformDevApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ECR | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/ecr | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ecr-us-east: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Configure credentials to Notify Private ECR using OIDC | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply | |
role-session-name: NotifyApiGitHubActions | |
aws-region: "us-east-1" | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformDevApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ECR US East | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/ecr-us-east | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ses_receiving_emails: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ses_receiving_emails | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/ses_receiving_emails | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-dns: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ses_receiving_emails] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply dns | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/dns | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ses_validation_dns_entries: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-dns] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ses_validation_dns_entries | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/ses_validation_dns_entries | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-cloudfront: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply cloudfront | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/cloudfront | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-eks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-dns,terragrunt-apply-cloudfront] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply eks | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 6000 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/eks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-elasticache: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply elasticache | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 3000 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/elasticache | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-rds: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply rds | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 6000 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/rds | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-lambda-api: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply lambda-api | |
run: | | |
cd env/${{env.ENVIRONMENT}}/lambda-api | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-lambda-admin-pr: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-elasticache,terragrunt-apply-ecr,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply lambda-admin-pr | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/lambda-admin-pr | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-performance-test: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply performance-test | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/performance-test | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-heartbeat: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply heartbeat | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/heartbeat | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-database-tools: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: Configure credentials to Notify Private ECR using OIDC | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply | |
role-session-name: NotifyApiGitHubActions | |
aws-region: "ca-central-1" | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: terragrunt apply database-tools | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/database-tools | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
# terragrunt-apply-quicksight: | |
# if: | | |
# always() && | |
# !contains(needs.*.result, 'failure') && | |
# !contains(needs.*.result, 'cancelled') | |
# runs-on: ubuntu-latest | |
# needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
# - name: setup-terraform | |
# uses: ./.github/actions/setup-terraform | |
# with: | |
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
# role_session_name: NotifyTerraformApply | |
# - name: Install 1Pass CLI | |
# run: | | |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
# sudo dpkg -i 1pass.deb | |
# sudo mkdir -p aws | |
# cd aws | |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
# - name: terragrunt apply quicksight | |
# run: | | |
# cd env/${{env.ENVIRONMENT}}/quicksight | |
# terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-lambda-google-cidr: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply lambda-google-cidr | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/lambda-google-cidr | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ses_to_sqs_email_callbacks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ses_to_sqs_email_callbacks | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-sns_to_sqs_sms_callbacks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply sns_to_sqs_sms_callbacks | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-pinpoint_to_sqs_sms_callbacks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply pinpoint_to_sqs_sms_callbacks | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-system_status: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr-us-east,terragrunt-apply-rds,terragrunt-apply-eks] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply system_status | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/system_status | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-system_status_static_site: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-common,terragrunt-apply-system_status] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply system_status_static_site | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/system_status_static_site | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
# terragrunt-apply-newrelic: | |
# if: | | |
# always() && | |
# !contains(needs.*.result, 'failure') && | |
# !contains(needs.*.result, 'cancelled') | |
# needs: [terragrunt-apply-common] | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
# - name: setup-terraform | |
# uses: ./.github/actions/setup-terraform | |
# with: | |
# role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
# role_session_name: NotifyTerraformApply | |
# - name: Install 1Pass CLI | |
# run: | | |
# curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
# sudo dpkg -i 1pass.deb | |
# sudo mkdir -p aws | |
# cd aws | |
# op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
# - name: terragrunt apply newrelic | |
# run: | | |
# cd env/${{env.ENVIRONMENT}}/newrelic | |
# terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-manifest_secrets: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-common, terragrunt-apply-eks, terragrunt-apply-rds, terragrunt-apply-elasticache, terragrunt-apply-ecr, terragrunt-apply-ecr-us-east, terragrunt-apply-lambda-admin-pr, terragrunt-apply-performance-test, terragrunt-apply-heartbeat, terragrunt-apply-database-tools, terragrunt-apply-lambda-google-cidr, terragrunt-apply-ses_to_sqs_email_callbacks, terragrunt-apply-sns_to_sqs_sms_callbacks, terragrunt-apply-pinpoint_to_sqs_sms_callbacks, terragrunt-apply-system_status, terragrunt-apply-system_status_static_site] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply manifest_secrets | |
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # V3.0 | |
with: | |
timeout_seconds: 1200 | |
max_attempts: 3 | |
retry_on: error | |
command: | | |
cd env/${{env.ENVIRONMENT}}/manifest_secrets | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
deploy-application: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-eks, terragrunt-apply-rds] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Setup helmfile | |
uses: mamezou-tech/setup-helmfile@03233e1cd9b19b2ba320e431f7bcc0618db4248d # v2.0.0 | |
with: | |
install-kubectl: yes | |
install-helm: yes | |
helmfile-version: "v0.151.0" | |
- name: Install sponge | |
run: | | |
sudo apt update | |
sudo apt-get install -y moreutils | |
- name: Install OpenVPN | |
run: | | |
sudo apt update | |
sudo apt install -y openvpn openvpn-systemd-resolved | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
- name: Retrieve VPN Config | |
run: | | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
cd ../env/${{env.ENVIRONMENT}}/eks | |
ENDPOINT_ID=$(terragrunt output --raw gha_vpn_id) | |
CERT=$(terragrunt output --raw gha_vpn_certificate) | |
KEY=$(terragrunt output --raw gha_vpn_key) | |
aws ec2 export-client-vpn-client-configuration --client-vpn-endpoint-id $ENDPOINT_ID --output text > /var/tmp/${{env.ENVIRONMENT}}.ovpn | |
echo "<cert> | |
$CERT | |
</cert>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn | |
echo "<key> | |
$KEY | |
</key>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn | |
- name: Connect to VPN | |
uses: "kota65535/github-openvpn-connect-action@cd2ed8a90cc7b060dc4e001143e811b5f7ea0af5" # v3.1.0 | |
with: | |
config_file: /var/tmp/${{env.ENVIRONMENT}}.ovpn | |
echo_config: false | |
- name: Configure kubeconfig | |
run: | | |
aws eks update-kubeconfig --name notification-canada-ca-dev-eks-cluster | |
kubectl config rename-context arn:aws:eks:ca-central-1:${{env.ACCOUNT_ID}}:cluster/notification-canada-ca-dev-eks-cluster dev | |
- name: terragrunt apply k8s-fix | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
cd ../env/${{env.ENVIRONMENT}}/${{env.ENVIRONMENT}}_only_kubernetes_fix | |
export TF_VAR_role_name=$(aws iam list-roles | jq -r '.Roles[] | select(.RoleName|match("AWSReservedSSO_AWSAdministratorAccess_*")) | .RoleName') | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
- name: Apply Manifests | |
continue-on-error: true | |
run: | | |
git clone https://github.com/cds-snc/notification-manifests.git /var/tmp/notification-manifests | |
cd /var/tmp/notification-manifests | |
cd /var/tmp/notification-manifests/helmfile | |
source getContext.sh | |
helmfile -e dev -l step=0 apply | |
sleep 5 | |
helmfile -e dev -l step=1 apply | |
sleep 5 | |
helmfile -e dev -l step=2 apply | |
sleep 5 | |
helmfile -e dev -l step=3 apply | |
sleep 5 | |
helmfile -e dev -l step=4 apply | |
sleep 5 | |
cd .. | |
make decrypt-dev | |
cd env/${{env.ENVIRONMENT}} | |
export ADMIN_TARGET_GROUP_ARN=$(echo $ADMIN_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
export API_TARGET_GROUP_ARN=$(echo $API_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
export DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN=$(echo $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
export DOCUMENTATION_TARGET_GROUP_ARN=$(echo $DOCUMENTATION_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
sed "s/targetGroupARN.*/targetGroupARN: $ADMIN_TARGET_GROUP_ARN/" admin-target-group.yaml | sponge admin-target-group.yaml | |
sed "s/targetGroupARN.*/targetGroupARN: $API_TARGET_GROUP_ARN/" api-target-group.yaml | sponge api-target-group.yaml | |
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN/" document-download-api-target-group.yaml | sponge document-download-api-target-group.yaml | |
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENTATION_TARGET_GROUP_ARN/" documentation-target-group.yaml | sponge documentation-target-group.yaml | |
kubectl apply -k . 2>&1 | |
- name: Apply Manifests Take 2 | |
continue-on-error: true | |
run: | | |
cd /var/tmp/notification-manifests/helmfile | |
source getContext.sh | |
cd .. | |
make decrypt-dev | |
cd env/${{env.ENVIRONMENT}} | |
export ADMIN_TARGET_GROUP_ARN=$(echo $ADMIN_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
export API_TARGET_GROUP_ARN=$(echo $API_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
export DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN=$(echo $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
export DOCUMENTATION_TARGET_GROUP_ARN=$(echo $DOCUMENTATION_TARGET_GROUP_ARN | sed 's/\//\\\//g') | |
sed "s/targetGroupARN.*/targetGroupARN: $ADMIN_TARGET_GROUP_ARN/" admin-target-group.yaml | sponge admin-target-group.yaml | |
sed "s/targetGroupARN.*/targetGroupARN: $API_TARGET_GROUP_ARN/" api-target-group.yaml | sponge api-target-group.yaml | |
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENT_DOWNLOAD_API_TARGET_GROUP_ARN/" document-download-api-target-group.yaml | sponge document-download-api-target-group.yaml | |
sed "s/targetGroupARN.*/targetGroupARN: $DOCUMENTATION_TARGET_GROUP_ARN/" documentation-target-group.yaml | sponge documentation-target-group.yaml | |
sleep 30 | |
kubectl apply -k . |