Add a budget alert for when we use a lot of cloudwatch data scanning … #1128
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Merge to main (Staging)" | |
on: | |
# This will be used to dispatch this workflow from the manifest repo when environment variables change | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths: | |
- ".env" | |
- "aws/**" | |
- "env/staging/**" | |
- "env/staging_config.tfvars" | |
- ".github/workflows/merge_to_main_staging.yml" | |
defaults: | |
run: | |
shell: bash | |
env: | |
ACCOUNT_ID: ${{ secrets.STAGING_AWS_ACCOUNT_ID }} | |
AWS_REGION: ca-central-1 | |
ENVIRONMENT: staging | |
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }} | |
WORKFLOW: true | |
permissions: | |
id-token: write | |
contents: write | |
pull-requests: write | |
jobs: | |
terragrunt-apply-common: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformDevApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply COMMON | |
run: | | |
cd env/${{env.ENVIRONMENT}}/common | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ecr: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Configure credentials to Notify Private ECR using OIDC | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role-session-name: NotifyApiGitHubActions | |
aws-region: "ca-central-1" | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformDevApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ECR | |
run: | | |
cd env/${{env.ENVIRONMENT}}/ecr | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ecr-us-east: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: Configure credentials to Notify Private ECR using OIDC | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role-session-name: NotifyApiGitHubActions | |
aws-region: "us-east-1" | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformDevApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ECR | |
run: | | |
cd env/${{env.ENVIRONMENT}}/ecr-us-east | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ses_receiving_emails: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-ecr-us-east] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ses_receiving_emails | |
run: | | |
cd env/${{env.ENVIRONMENT}}/ses_receiving_emails | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-dns: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ses_receiving_emails] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply dns | |
run: | | |
cd env/${{env.ENVIRONMENT}}/dns | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ses_validation_dns_entries: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-dns] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ses_validation_dns_entries | |
run: | | |
cd env/${{env.ENVIRONMENT}}/ses_validation_dns_entries | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-cloudfront: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply cloudfront | |
run: | | |
cd env/${{env.ENVIRONMENT}}/cloudfront | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-eks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-dns,terragrunt-apply-cloudfront] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply eks | |
run: | | |
cd env/${{env.ENVIRONMENT}}/eks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-elasticache: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply elasticache | |
run: | | |
cd env/${{env.ENVIRONMENT}}/elasticache | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-rds: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply rds | |
run: | | |
cd env/${{env.ENVIRONMENT}}/rds | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-lambda-api: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr,terragrunt-apply-rds] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply lambda-api | |
run: | | |
cd env/${{env.ENVIRONMENT}}/lambda-api | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-lambda-admin-pr: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-elasticache,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply lambda-admin-pr | |
run: | | |
cd env/${{env.ENVIRONMENT}}/lambda-admin-pr | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-performance-test: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply performance-test | |
run: | | |
cd env/${{env.ENVIRONMENT}}/performance-test | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-heartbeat: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply heartbeat | |
run: | | |
cd env/${{env.ENVIRONMENT}}/heartbeat | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-database-tools: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply database-tools | |
run: | | |
cd env/${{env.ENVIRONMENT}}/database-tools | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-quicksight: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-rds] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply quicksight | |
run: | | |
cd env/${{env.ENVIRONMENT}}/quicksight | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-lambda-google-cidr: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-eks,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply lambda-google-cidr | |
run: | | |
cd env/${{env.ENVIRONMENT}}/lambda-google-cidr | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-ses_to_sqs_email_callbacks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply ses_to_sqs_email_callbacks | |
run: | | |
cd env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-sns_to_sqs_sms_callbacks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply sns_to_sqs_sms_callbacks | |
run: | | |
cd env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-pinpoint_to_sqs_sms_callbacks: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply pinpoint_to_sqs_sms_callbacks | |
run: | | |
cd env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-system_status: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-rds,terragrunt-apply-eks] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply system_status | |
run: | | |
cd env/${{env.ENVIRONMENT}}/system_status | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-system_status_static_site: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-common,terragrunt-apply-system_status] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply system_status_static_site | |
run: | | |
cd env/${{env.ENVIRONMENT}}/system_status_static_site | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-newrelic: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-common] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply newrelic | |
run: | | |
cd env/${{env.ENVIRONMENT}}/newrelic | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-manifest_secrets: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-rds, terragrunt-apply-elasticache, terragrunt-apply-eks, terragrunt-apply-ecr, terragrunt-apply-lambda-api, terragrunt-apply-lambda-admin-pr, terragrunt-apply-performance-test, terragrunt-apply-heartbeat, terragrunt-apply-database-tools, terragrunt-apply-quicksight, terragrunt-apply-lambda-google-cidr, terragrunt-apply-ses_to_sqs_email_callbacks, terragrunt-apply-sns_to_sqs_sms_callbacks, terragrunt-apply-pinpoint_to_sqs_sms_callbacks, terragrunt-apply-system_status, terragrunt-apply-system_status_static_site, terragrunt-apply-newrelic] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply manifest_secrets | |
run: | | |
cd env/${{env.ENVIRONMENT}}/manifest_secrets | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
terragrunt-apply-github: | |
if: | | |
always() && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
needs: [terragrunt-apply-rds, terragrunt-apply-elasticache, terragrunt-apply-eks, terragrunt-apply-ecr, terragrunt-apply-lambda-api, terragrunt-apply-lambda-admin-pr, terragrunt-apply-performance-test, terragrunt-apply-heartbeat, terragrunt-apply-database-tools, terragrunt-apply-quicksight, terragrunt-apply-lambda-google-cidr, terragrunt-apply-ses_to_sqs_email_callbacks, terragrunt-apply-sns_to_sqs_sms_callbacks, terragrunt-apply-pinpoint_to_sqs_sms_callbacks, terragrunt-apply-system_status, terragrunt-apply-system_status_static_site, terragrunt-apply-newrelic] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: setup-terraform | |
uses: ./.github/actions/setup-terraform | |
with: | |
role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply | |
role_session_name: NotifyTerraformApply | |
- name: Install 1Pass CLI | |
run: | | |
curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb | |
sudo dpkg -i 1pass.deb | |
sudo mkdir -p aws | |
cd aws | |
op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars | |
- name: terragrunt apply github | |
run: | | |
cd env/${{env.ENVIRONMENT}}/github | |
terragrunt apply --terragrunt-non-interactive -auto-approve | |
bump-version-and-push-tag: | |
if: | | |
always() && | |
github.event_name != 'workflow_dispatch' && | |
!contains(needs.*.result, 'failure') && | |
!contains(needs.*.result, 'cancelled') | |
runs-on: ubuntu-latest | |
needs: [terragrunt-apply-common,terragrunt-apply-ecr,terragrunt-apply-dns,terragrunt-apply-ses_validation_dns_entries,terragrunt-apply-cloudfront,terragrunt-apply-eks,terragrunt-apply-elasticache,terragrunt-apply-rds,terragrunt-apply-lambda-api,terragrunt-apply-heartbeat,terragrunt-apply-database-tools,terragrunt-apply-quicksight,terragrunt-apply-lambda-google-cidr,terragrunt-apply-ses_to_sqs_email_callbacks,terragrunt-apply-sns_to_sqs_sms_callbacks,terragrunt-apply-pinpoint_to_sqs_sms_callbacks,terragrunt-apply-system_status,terragrunt-apply-ses_receiving_emails,terragrunt-apply-system_status_static_site,terragrunt-apply-newrelic,terragrunt-apply-manifest_secrets] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
- name: bump-version-and-push-tag | |
uses: mathieudutour/github-tag-action@bcb832838e1612ff92089d914bccc0fd39458223 # v4.6 | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
release_branches: main |