Release 2.6.34 #311

Workflow file for this run

.github/workflows/terragrunt_plan_production.yml at b8e63c8

	name: "Terragrunt plan PRODUCTION"

	on:
	pull_request:
	paths:
	- ".github/workflows/infrastructure_version.txt"

	env:
	TARGET_ENV_PATH: production
	AWS_ACCESS_KEY_ID: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: ca-central-1
	TERRAFORM_VERSION: 0.14.4
	TERRAGRUNT_VERSION: 0.35.13
	TF_VAR_base_domain: ${{secrets.PRODUCTION_BASE_DOMAIN}}
	TF_VAR_alt_base_domain: ${{secrets.PRODUCTION_ALT_BASE_DOMAIN}}
	TF_VAR_dbtools_password: ${{ secrets.PRODUCTION_DBTOOLS_PASSWORD }}
	TF_VAR_heartbeat_api_key: ${{ secrets.PRODUCTION_HEARTBEAT_API_KEY }}
	TF_VAR_heartbeat_sms_number: ${{ secrets.PRODUCTION_HEARTBEAT_SMS_NUMBER }}
	TF_VAR_rds_cluster_password: ${{ secrets.PRODUCTION_RDS_CLUSTER_PASSWORD }}
	TF_VAR_app_db_user_password: ${{ secrets.PRODUCTION_APP_DB_USER_PASSWORD }}
	TF_VAR_quicksight_db_user_password: ${{ secrets.PRODUCTION_QUICKSIGHT_DB_USER_PASSWORD }}
	TF_VAR_cloudwatch_opsgenie_alarm_webhook: ${{ secrets.PRODUCTION_CLOUDWATCH_OPSGENIE_ALARM_WEBHOOK }}
	TF_VAR_cloudwatch_slack_webhook_warning_topic: ${{ secrets.PRODUCTION_CLOUDWATCH_SLACK_WEBHOOK }}
	TF_VAR_cloudwatch_slack_webhook_critical_topic: ${{ secrets.PRODUCTION_CLOUDWATCH_SLACK_WEBHOOK }}
	TF_VAR_cloudwatch_slack_webhook_general_topic: ${{ secrets.PRODUCTION_CLOUDWATCH_SLACK_WEBHOOK }}
	TF_VAR_notify_o11y_google_oauth_client_id: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_ID }}
	TF_VAR_notify_o11y_google_oauth_client_secret: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_SECRET }}
	TF_VAR_sentinel_customer_id: ${{ secrets.SENTINEL_CUSTOMER_ID }}
	TF_VAR_sentinel_shared_key: ${{ secrets.SENTINEL_SHARED_KEY }}
	TF_VAR_slack_channel_warning_topic: notification-ops
	TF_VAR_slack_channel_critical_topic: notification-ops
	TF_VAR_slack_channel_general_topic: notification-ops
	TF_VAR_sqlalchemy_database_reader_uri: ${{ secrets.PRODUCTION_SQLALCHEMY_DATABASE_READER_URI }}
	TF_VAR_system_status_admin_url: "https://notification.canada.ca"
	TF_VAR_system_status_api_url: "https://api.notification.canada.ca"
	TF_VAR_system_status_bucket_name: "notification-canada-ca-production-system-status"
	TF_VAR_new_relic_license_key: ${{ secrets.PRODUCTION_NEW_RELIC_LICENSE_KEY }}
	TF_VAR_waf_secret: ${{secrets.PRODUCTION_WAF_SECRET}}
	TF_VAR_route_53_zone_arn: /hostedzone/Z07701011ICTZVSX5P68J
	# Prevents repeated creation of the Slack lambdas if already existing.
	# See: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/84
	TF_RECREATE_MISSING_LAMBDA_PACKAGE: false
	TF_VAR_client_vpn_access_group_id: ${{ secrets.PRODUCTION_CLIENT_VPN_ACCESS_GROUP_ID }}
	TF_VAR_client_vpn_saml_metadata: ${{ secrets.PRODUCTION_CLIENT_VPN_SAML_METADATA }}
	TF_VAR_client_vpn_self_service_saml_metadata: ${{ secrets.PRODUCTION_CLIENT_VPN_SELF_SERVICE_SAML_METADATA }}
	TF_VAR_pr_bot_installation_id: ${{ secrets.NOTIFY_PR_BOT_INSTALLATION_ID_MANIFESTS }}
	TF_VAR_pr_bot_app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }}
	TF_VAR_pr_bot_private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }}
	TF_VAR_budget_sre_bot_webhook: ${{ secrets.PRODUCTION_BUDGET_SRE_BOT_WEBHOOK }}

	jobs:
	terragrunt-plan-production:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Set environment variables
	uses: ./.github/actions/setvars
	with:
	envVarFile: ./.env

	- name: Setup Terraform tools
	uses: cds-snc/terraform-tools-setup@v1
	env: # In case you want to override default versions
	CONFTEST_VERSION: 0.30.0
	TERRAFORM_VERSION: 1.6.2
	TERRAGRUNT_VERSION: 0.44.4
	TF_SUMMARIZE_VERSION: 0.2.3

	- name: Set INFRASTRUCTURE_VERSION
	run: \|
	INFRASTRUCTURE_VERSION=`cat ./.github/workflows/infrastructure_version.txt`
	echo "INFRASTRUCTURE_VERSION=$INFRASTRUCTURE_VERSION" >> $GITHUB_ENV

	- name: Terragrunt plan common
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/common"
	comment-delete: "true"
	comment-title: "Production: common"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan ECR
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/ecr"
	comment-delete: "true"
	comment-title: "Production: ECR"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan ses_receiving_emails
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/ses_receiving_emails"
	comment-delete: "true"
	comment-title: "Production: ses_receiving_emails"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan ses_to_sqs_email_callbacks
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/ses_to_sqs_email_callbacks"
	comment-delete: "true"
	comment-title: "Production: ses_to_sqs_email_callbacks"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan sns_to_sqs_sms_callbacks
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/sns_to_sqs_sms_callbacks"
	comment-delete: "true"
	comment-title: "Production: sns_to_sqs_sms_callbacks"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan dns
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/dns"
	comment-delete: "true"
	comment-title: "Production: dns"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan ses_validation_dns_entries
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/ses_validation_dns_entries"
	comment-delete: "true"
	comment-title: "Production: ses_validation_dns_entries"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan eks
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/eks"
	comment-delete: "true"
	comment-title: "Production: eks"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan elasticache
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/elasticache"
	comment-delete: "true"
	comment-title: "Production: elasticache"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan rds
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/rds"
	comment-delete: "true"
	comment-title: "Production: rds"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan cloudfront
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/cloudfront"
	comment-delete: "true"
	comment-title: "Production: cloudfront"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan lambda-api
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/lambda-api"
	comment-delete: "true"
	comment-title: "Production: lambda-api"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan heartbeat
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/heartbeat"
	comment-delete: "true"
	comment-title: "Production: heartbeat"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan database-tools
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/database-tools"
	comment-delete: "true"
	comment-title: "Production: database-tools"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan quicksight
	uses: cds-snc/terraform-plan@v3
	with:
	directory: "env/production/quicksight"
	comment-delete: "true"
	comment-title: "Production: quicksight"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan lambda-google-cidr
	uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # v3.0.6
	with:
	directory: "env/production/lambda-google-cidr"
	comment-delete: "true"
	comment-title: "Production: lambda-google-cidr"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"

	- name: Terragrunt plan system_status
	uses: cds-snc/terraform-plan@v3
	with:
	directory: "env/production/system_status"
	comment-delete: "true"
	comment-title: "Production: system_status"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"
	skip-conftest: "true"

	- name: Terragrunt plan system_status_static_site
	uses: cds-snc/terraform-plan@v3
	with:
	directory: "env/production/system_status_static_site"
	comment-delete: "true"
	comment-title: "Production: system_status_static_site"
	github-token: "${{ secrets.GITHUB_TOKEN }}"
	terragrunt: "true"
	skip-conftest: "true"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release 2.6.34 #311

Workflow file

Release 2.6.34 #311

Jobs

Run details

Workflow file for this run