.github/workflows/terragrunt_create_dev_environment.yml


name: "Create Dev Environment"

on:
  workflow_dispatch:

defaults:
  run:
    shell: bash

env:
  AWS_REGION: ca-central-1
  OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
  WORKFLOW: true

permissions:
  id-token: write
  contents: write
  pull-requests: write

jobs:
  
  terragrunt-apply-common:
    runs-on: ubuntu-latest  

    steps:
      - name: Checkout
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - uses: ./.github/actions/setup-terraform
        with:
          role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply
          role_session_name: NotifyTerraformDevAppply

      - name: Install 1Pass CLI
        run: |
          curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
          sudo dpkg -i 1pass.deb          

      - name: terragrunt apply common
        run: |
          op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - Dev"/notesPlain > /var/tmp/dev.tfvars
          cd env/dev/common
          terragrunt apply --var-file /var/tmp/dev.tfvars --terragrunt-non-interactive -auto-approve

  terragrunt-apply-ecr:
    if: |
      always() &&
      !contains(needs.*.result, 'failure') &&
      !contains(needs.*.result, 'cancelled')
    runs-on: ubuntu-latest  
    
    steps:
      - name: Checkout
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

      - name: Configure credentials to CDS public ECR using OIDC
        uses: aws-actions/configure-aws-credentials@master
        with:
          role-to-assume: arn:aws:iam::800095993820:role/notification-api-apply
          role-session-name: NotifyApiGitHubActions
          aws-region: "us-east-1"        

      - name: Install ECR Credential Helper
        run: |
          sudo apt update && sudo apt install -y amazon-ecr-credential-helper

      - name: Login to Amazon ECR
        id: login-ecr
        run: |
          # Get the ECR login password and use it to log in to the ECR registry
          result=$(aws ecr get-login-password --region ca-central-1 | docker --config ${GITHUB_WORKSPACE}/${GITHUB_RUN_ID} login --username AWS --password-stdin 800095993820.dkr.ecr.ca-central-1.amazonaws.com)
          # Print the login result for debugging
          echo "Login Result: $result" 
          echo $AWS_PROFILE       
          
      - name: setup-terraform
        uses: ./.github/actions/setup-terraform
        with:
          role_to_assume: arn:aws:iam::800095993820:role/notification-terraform-apply
          role_session_name: NotifyTerraformDevAppply        

      - name: Install 1Pass CLI
        run: |
          curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb
          sudo dpkg -i 1pass.deb          

      - name: terragrunt apply ECR
        run: |
          cd /var/tmp/notification-admin/ 
          docker build -t 800095993820.dkr.ecr.ca-central-1.amazonaws.com/admin:bootstrap -f /var/tmp/notification-admin/ci/Dockerfile.lambda .
          docker push 800095993820.dkr.ecr.ca-central-1.amazonaws.com/admin:bootstrap