Skip to content

Add a budget alert for when we use a lot of cloudwatch data scanning … #1128

Add a budget alert for when we use a lot of cloudwatch data scanning …

Add a budget alert for when we use a lot of cloudwatch data scanning … #1128

name: "Merge to main (Staging)"
on:
# This will be used to dispatch this workflow from the manifest repo when environment variables change
workflow_dispatch:
push:
branches:
- main
paths:
- ".env"
- "aws/**"
- "env/staging/**"
- "env/staging_config.tfvars"
- ".github/workflows/merge_to_main_staging.yml"
defaults:
run:
shell: bash
env:
ACCOUNT_ID: ${{ secrets.STAGING_AWS_ACCOUNT_ID }}
AWS_REGION: ca-central-1
ENVIRONMENT: staging
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }}
WORKFLOW: true
permissions:
id-token: write
contents: write
pull-requests: write
jobs:
terragrunt-apply-common:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformDevApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply COMMON
run: |
cd env/${{env.ENVIRONMENT}}/common
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ecr:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Configure credentials to Notify Private ECR using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role-session-name: NotifyApiGitHubActions
aws-region: "ca-central-1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformDevApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ECR
run: |
cd env/${{env.ENVIRONMENT}}/ecr
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ecr-us-east:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: Configure credentials to Notify Private ECR using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role-session-name: NotifyApiGitHubActions
aws-region: "us-east-1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformDevApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ECR
run: |
cd env/${{env.ENVIRONMENT}}/ecr-us-east
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ses_receiving_emails:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-ecr-us-east]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ses_receiving_emails
run: |
cd env/${{env.ENVIRONMENT}}/ses_receiving_emails
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-dns:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ses_receiving_emails]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply dns
run: |
cd env/${{env.ENVIRONMENT}}/dns
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ses_validation_dns_entries:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-dns]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ses_validation_dns_entries
run: |
cd env/${{env.ENVIRONMENT}}/ses_validation_dns_entries
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-cloudfront:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply cloudfront
run: |
cd env/${{env.ENVIRONMENT}}/cloudfront
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-eks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-dns,terragrunt-apply-cloudfront]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply eks
run: |
cd env/${{env.ENVIRONMENT}}/eks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-elasticache:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply elasticache
run: |
cd env/${{env.ENVIRONMENT}}/elasticache
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-rds:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply rds
run: |
cd env/${{env.ENVIRONMENT}}/rds
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-lambda-api:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply lambda-api
run: |
cd env/${{env.ENVIRONMENT}}/lambda-api
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-lambda-admin-pr:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-elasticache,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply lambda-admin-pr
run: |
cd env/${{env.ENVIRONMENT}}/lambda-admin-pr
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-performance-test:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply performance-test
run: |
cd env/${{env.ENVIRONMENT}}/performance-test
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-heartbeat:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply heartbeat
run: |
cd env/${{env.ENVIRONMENT}}/heartbeat
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-database-tools:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply database-tools
run: |
cd env/${{env.ENVIRONMENT}}/database-tools
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-quicksight:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply quicksight
run: |
cd env/${{env.ENVIRONMENT}}/quicksight
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-lambda-google-cidr:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply lambda-google-cidr
run: |
cd env/${{env.ENVIRONMENT}}/lambda-google-cidr
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-ses_to_sqs_email_callbacks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply ses_to_sqs_email_callbacks
run: |
cd env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-sns_to_sqs_sms_callbacks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply sns_to_sqs_sms_callbacks
run: |
cd env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-pinpoint_to_sqs_sms_callbacks:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply pinpoint_to_sqs_sms_callbacks
run: |
cd env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-system_status:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-rds,terragrunt-apply-eks]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply system_status
run: |
cd env/${{env.ENVIRONMENT}}/system_status
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-system_status_static_site:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-common,terragrunt-apply-system_status]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply system_status_static_site
run: |
cd env/${{env.ENVIRONMENT}}/system_status_static_site
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-newrelic:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-common]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply newrelic
run: |
cd env/${{env.ENVIRONMENT}}/newrelic
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-manifest_secrets:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-rds, terragrunt-apply-elasticache, terragrunt-apply-eks, terragrunt-apply-ecr, terragrunt-apply-lambda-api, terragrunt-apply-lambda-admin-pr, terragrunt-apply-performance-test, terragrunt-apply-heartbeat, terragrunt-apply-database-tools, terragrunt-apply-quicksight, terragrunt-apply-lambda-google-cidr, terragrunt-apply-ses_to_sqs_email_callbacks, terragrunt-apply-sns_to_sqs_sms_callbacks, terragrunt-apply-pinpoint_to_sqs_sms_callbacks, terragrunt-apply-system_status, terragrunt-apply-system_status_static_site, terragrunt-apply-newrelic]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply manifest_secrets
run: |
cd env/${{env.ENVIRONMENT}}/manifest_secrets
terragrunt apply --terragrunt-non-interactive -auto-approve
terragrunt-apply-github:
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
needs: [terragrunt-apply-rds, terragrunt-apply-elasticache, terragrunt-apply-eks, terragrunt-apply-ecr, terragrunt-apply-lambda-api, terragrunt-apply-lambda-admin-pr, terragrunt-apply-performance-test, terragrunt-apply-heartbeat, terragrunt-apply-database-tools, terragrunt-apply-quicksight, terragrunt-apply-lambda-google-cidr, terragrunt-apply-ses_to_sqs_email_callbacks, terragrunt-apply-sns_to_sqs_sms_callbacks, terragrunt-apply-pinpoint_to_sqs_sms_callbacks, terragrunt-apply-system_status, terragrunt-apply-system_status_static_site, terragrunt-apply-newrelic]
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: setup-terraform
uses: ./.github/actions/setup-terraform
with:
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply
role_session_name: NotifyTerraformApply
- name: Install 1Pass CLI
run: |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
sudo dpkg -i 1pass.deb
sudo mkdir -p aws
cd aws
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
- name: terragrunt apply github
run: |
cd env/${{env.ENVIRONMENT}}/github
terragrunt apply --terragrunt-non-interactive -auto-approve
bump-version-and-push-tag:
if: |
always() &&
github.event_name != 'workflow_dispatch' &&
!contains(needs.*.result, 'failure') &&
!contains(needs.*.result, 'cancelled')
runs-on: ubuntu-latest
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-dns,terragrunt-apply-ses_validation_dns_entries,terragrunt-apply-cloudfront,terragrunt-apply-eks,terragrunt-apply-elasticache,terragrunt-apply-rds,terragrunt-apply-lambda-api,terragrunt-apply-heartbeat,terragrunt-apply-database-tools,terragrunt-apply-quicksight,terragrunt-apply-lambda-google-cidr,terragrunt-apply-ses_to_sqs_email_callbacks,terragrunt-apply-sns_to_sqs_sms_callbacks,terragrunt-apply-pinpoint_to_sqs_sms_callbacks,terragrunt-apply-system_status,terragrunt-apply-ses_receiving_emails,terragrunt-apply-system_status_static_site,terragrunt-apply-newrelic,terragrunt-apply-manifest_secrets]
steps:
- name: Checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
- name: bump-version-and-push-tag
uses: mathieudutour/github-tag-action@bcb832838e1612ff92089d914bccc0fd39458223 # v4.6
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
release_branches: main