diff --git a/.github/workflows/merge_to_main_staging.yml b/.github/workflows/merge_to_main_staging.yml index 2bb33cef9..5c2841043 100644 --- a/.github/workflows/merge_to_main_staging.yml +++ b/.github/workflows/merge_to_main_staging.yml @@ -17,51 +17,11 @@ defaults: shell: bash env: + ACCOUNT_ID: ${{ secrets.STAGING_ACCOUNT_ID }} AWS_REGION: ca-central-1 - TF_VAR_new_relic_api_key: ${{ secrets.STAGING_NEW_RELIC_API_KEY }} - TF_VAR_new_relic_account_id: ${{ secrets.STAGING_NEW_RELIC_ACCOUNT_ID }} - TF_VAR_new_relic_slack_webhook_url: ${{ secrets.STAGING_NEW_RELIC_SLACK_WEBHOOK_URL }} - TF_VAR_base_domain: ${{secrets.STAGING_BASE_DOMAIN}} - TF_VAR_alt_base_domain: ${{secrets.STAGING_ALT_BASE_DOMAIN}} - TF_VAR_dbtools_password: ${{ secrets.STAGING_DBTOOLS_PASSWORD }} - TF_VAR_heartbeat_api_key: ${{ secrets.STAGING_HEARTBEAT_API_KEY }} - TF_VAR_heartbeat_sms_number: ${{ secrets.STAGING_HEARTBEAT_SMS_NUMBER }} - TF_VAR_rds_cluster_password: ${{ secrets.STAGING_RDS_CLUSTER_PASSWORD }} - TF_VAR_app_db_user_password: ${{ secrets.STAGING_APP_DB_USER_PASSWORD }} - TF_VAR_quicksight_db_user_password: ${{ secrets.STAGING_QUICKSIGHT_DB_USER_PASSWORD }} - TF_VAR_cloudwatch_slack_webhook_warning_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }} - TF_VAR_cloudwatch_slack_webhook_critical_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }} - TF_VAR_cloudwatch_slack_webhook_general_topic: ${{ secrets.STAGING_CLOUDWATCH_SLACK_WEBHOOK }} - TF_VAR_notify_o11y_google_oauth_client_id: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_ID_STAGING }} - TF_VAR_notify_o11y_google_oauth_client_secret: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_SECRET_STAGING }} - TF_VAR_sentinel_customer_id: ${{ secrets.SENTINEL_CUSTOMER_ID }} - TF_VAR_sentinel_shared_key: ${{ secrets.SENTINEL_SHARED_KEY }} - TF_VAR_slack_channel_warning_topic: "notification-staging-ops" - TF_VAR_slack_channel_critical_topic: "notification-staging-ops" - TF_VAR_slack_channel_general_topic: "notification-staging-ops" - TF_VAR_sqlalchemy_database_reader_uri: ${{ secrets.STAGING_SQLALCHEMY_DATABASE_READER_URI }} - TF_VAR_system_status_admin_url: "https://staging.notification.cdssandbox.xyz" - TF_VAR_system_status_api_url: "https://api.staging.notification.cdssandbox.xyz" - TF_VAR_system_status_bucket_name: "notification-canada-ca-staging-system-status" - TF_VAR_cloudwatch_opsgenie_alarm_webhook: "" - TF_VAR_new_relic_license_key: ${{ secrets.STAGING_NEW_RELIC_LICENSE_KEY }} - TF_VAR_perf_test_phone_number: ${{ secrets.PERF_TEST_PHONE_NUMBER }} - TF_VAR_perf_test_email: ${{ secrets.PERF_TEST_EMAIL }} - TF_VAR_perf_test_domain: ${{ secrets.PERF_TEST_DOMAIN }} - TF_VAR_perf_test_auth_header: ${{ secrets.PERF_TEST_AUTH_HEADER }} - TF_VAR_waf_secret: ${{secrets.STAGING_WAF_SECRET}} - # Prevents repeated creation of the Slack lambdas if already existing. - # See: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/84 - TF_RECREATE_MISSING_LAMBDA_PACKAGE: false - TF_VAR_client_vpn_access_group_id: ${{ secrets.STAGING_CLIENT_VPN_ACCESS_GROUP_ID }} - TF_VAR_client_vpn_saml_metadata: ${{ secrets.STAGING_CLIENT_VPN_SAML_METADATA }} - TF_VAR_client_vpn_self_service_saml_metadata: ${{ secrets.STAGING_CLIENT_VPN_SELF_SERVICE_SAML_METADATA }} - TF_VAR_pr_bot_installation_id: ${{ secrets.NOTIFY_PR_BOT_INSTALLATION_ID_MANIFESTS }} - TF_VAR_pr_bot_app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }} - TF_VAR_pr_bot_private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }} - TF_VAR_budget_sre_bot_webhook: ${{ secrets.STAGING_BUDGET_SRE_BOT_WEBHOOK }} - TF_VAR_enable_sentinel_forwarding: true - TF_VAR_aws_xray_sdk_enabled: true + ENVIRONMENT: staging + OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} + WORKFLOW: true permissions: id-token: write @@ -79,12 +39,20 @@ jobs: - uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply - role_session_name: NotifyTerraformApply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply + role_session_name: NotifyTerraformDevApply - - name: Terragrunt apply common + - name: Install 1Pass CLI run: | - cd env/staging/common + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply COMMON + run: | + cd env/${{env.ENVIRONMENT}}/common terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-ecr: @@ -97,16 +65,42 @@ jobs: steps: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - + + - name: Configure credentials to Notify Private ECR using OIDC + uses: aws-actions/configure-aws-credentials@master + with: + role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply + role-session-name: NotifyApiGitHubActions + aws-region: "ca-central-1" + + - name: Configure credentials to Notify Private ECR using OIDC + uses: aws-actions/configure-aws-credentials@master + with: + role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply + role-session-name: NotifyApiGitHubActions + aws-region: "us-east-1" + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply - role_session_name: NotifyTerraformApply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply + role_session_name: NotifyTerraformDevApply + + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars - - name: Terragrunt apply ECR + - name: terragrunt apply ECR run: | - cd env/staging/ecr + cd env/${{env.ENVIRONMENT}}/ecr terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-ses_receiving_emails: @@ -124,12 +118,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply ses_receiving_emails + - name: Install 1Pass CLI run: | - cd env/staging/ses_receiving_emails + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply ses_receiving_emails + run: | + cd env/${{env.ENVIRONMENT}}/ses_receiving_emails terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-dns: @@ -147,12 +149,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply dns + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply dns run: | - cd env/staging/dns + cd env/${{env.ENVIRONMENT}}/dns terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-ses_validation_dns_entries: @@ -170,12 +180,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply ses_validation_dns_entries + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply ses_validation_dns_entries run: | - cd env/staging/ses_validation_dns_entries + cd env/${{env.ENVIRONMENT}}/ses_validation_dns_entries terragrunt apply --terragrunt-non-interactive -auto-approve @@ -194,13 +212,21 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply cloudfront + - name: Install 1Pass CLI run: | - cd env/staging/cloudfront - terragrunt apply --terragrunt-non-interactive -auto-approve + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply cloudfront + run: | + cd env/${{env.ENVIRONMENT}}/cloudfront + terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-eks: if: | @@ -213,16 +239,24 @@ jobs: steps: - name: Checkout uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 - + - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply eks + - name: Install 1Pass CLI run: | - cd env/staging/eks + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply eks + run: | + cd env/${{env.ENVIRONMENT}}/eks terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-elasticache: @@ -240,12 +274,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply elasticache + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply elasticache run: | - cd env/staging/elasticache + cd env/${{env.ENVIRONMENT}}/elasticache terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-rds: @@ -263,12 +305,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply rds + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply rds run: | - cd env/staging/rds + cd env/${{env.ENVIRONMENT}}/rds terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-lambda-api: @@ -286,12 +336,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply lambda-api + - name: Install 1Pass CLI run: | - cd env/staging/lambda-api + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply lambda-api + run: | + cd env/${{env.ENVIRONMENT}}/lambda-api terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-lambda-admin-pr: @@ -309,12 +367,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply lambda-admin-pr + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply lambda-admin-pr run: | - cd env/staging/lambda-admin-pr + cd env/${{env.ENVIRONMENT}}/lambda-admin-pr terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-performance-test: @@ -332,12 +398,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply performance-test + - name: Install 1Pass CLI run: | - cd env/staging/performance-test + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply performance-test + run: | + cd env/${{env.ENVIRONMENT}}/performance-test terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-heartbeat: @@ -355,12 +429,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply heartbeat + - name: Install 1Pass CLI run: | - cd env/staging/heartbeat + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply heartbeat + run: | + cd env/${{env.ENVIRONMENT}}/heartbeat terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-database-tools: @@ -378,12 +460,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply database-tools + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply database-tools run: | - cd env/staging/database-tools + cd env/${{env.ENVIRONMENT}}/database-tools terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-quicksight: @@ -401,12 +491,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply quicksight + - name: Install 1Pass CLI run: | - cd env/staging/quicksight + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply quicksight + run: | + cd env/${{env.ENVIRONMENT}}/quicksight terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-lambda-google-cidr: @@ -424,12 +522,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply lambda-google-cidr + - name: Install 1Pass CLI run: | - cd env/staging/lambda-google-cidr + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply lambda-google-cidr + run: | + cd env/${{env.ENVIRONMENT}}/lambda-google-cidr terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-ses_to_sqs_email_callbacks: @@ -447,12 +553,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply ses_to_sqs_email_callbacks + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply ses_to_sqs_email_callbacks run: | - cd env/staging/ses_to_sqs_email_callbacks + cd env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-sns_to_sqs_sms_callbacks: @@ -470,12 +584,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply sns_to_sqs_sms_callbacks + - name: Install 1Pass CLI run: | - cd env/staging/sns_to_sqs_sms_callbacks + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply sns_to_sqs_sms_callbacks + run: | + cd env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-pinpoint_to_sqs_sms_callbacks: @@ -493,12 +615,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply pinpoint_to_sqs_sms_callbacks + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply pinpoint_to_sqs_sms_callbacks run: | - cd env/staging/pinpoint_to_sqs_sms_callbacks + cd env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-system_status: @@ -516,12 +646,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply system_status + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply system_status run: | - cd env/staging/system_status + cd env/${{env.ENVIRONMENT}}/system_status terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-system_status_static_site: @@ -539,12 +677,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply - - name: Terragrunt apply aws/system_status_static_site + - name: Install 1Pass CLI run: | - cd env/staging/system_status_static_site + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars + + - name: terragrunt apply system_status_static_site + run: | + cd env/${{env.ENVIRONMENT}}/system_status_static_site terragrunt apply --terragrunt-non-interactive -auto-approve terragrunt-apply-newrelic: @@ -562,12 +708,20 @@ jobs: - name: setup-terraform uses: ./.github/actions/setup-terraform with: - role_to_assume: arn:aws:iam::239043911459:role/notification-terraform-apply + role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply role_session_name: NotifyTerraformApply + + - name: Install 1Pass CLI + run: | + curl -o 1pass.deb https://downloads.1password.com/linux/debian/amd64/stable/1password-cli-amd64-latest.deb + sudo dpkg -i 1pass.deb + sudo mkdir -p aws + cd aws + op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TFVars - ${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars - - name: Terragrunt apply aws/newrelic + - name: terragrunt apply newrelic run: | - cd env/staging/newrelic + cd env/${{env.ENVIRONMENT}}/newrelic terragrunt apply --terragrunt-non-interactive -auto-approve bump-version-and-push-tag: @@ -586,4 +740,4 @@ jobs: uses: mathieudutour/github-tag-action@bcb832838e1612ff92089d914bccc0fd39458223 # v4.6 with: github_token: ${{ secrets.GITHUB_TOKEN }} - release_branches: main \ No newline at end of file + release_branches: main diff --git a/.github/workflows/terragrunt_create_dev_environment.yml b/.github/workflows/terragrunt_create_dev_environment.yml index e9e2284e9..570a5d702 100644 --- a/.github/workflows/terragrunt_create_dev_environment.yml +++ b/.github/workflows/terragrunt_create_dev_environment.yml @@ -32,7 +32,7 @@ jobs: - uses: ./.github/actions/setup-terraform with: role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply - role_session_name: NotifyTerraformDevAppply + role_session_name: NotifyTerraformDevApply - name: Install 1Pass CLI run: | @@ -80,7 +80,7 @@ jobs: uses: ./.github/actions/setup-terraform with: role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-apply - role_session_name: NotifyTerraformDevAppply + role_session_name: NotifyTerraformDevApply - name: Install 1Pass CLI run: |