Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update account creation terraform to use native locking #9028

Merged
merged 23 commits into from
Jan 23, 2025
Merged

Update account creation terraform to use native locking #9028

merged 23 commits into from
Jan 23, 2025

Conversation

dms1981
Copy link
Contributor

@dms1981 dms1981 commented Jan 21, 2025
edited
Loading

A reference to the issue / Description of it

#8345

How does this PR fix the problem?

Removes use of DynamoDB and specifies use of native lockfile for S3 state locking.

There were a number of other changes alongside this, mostly to the S3 bucket policy for modernisation-platform-terraform-state, but viewing the upstream PR will reveal those.

Future PRs will expand the permissions of roles that make use of statefiles in this bucket so that they can, in turn, use native state locking when being run through GitHub Actinos.

How has this been tested?

Tested with local plans and through CI pipelines

Deployment Plan / Instructions

Deploy through CI

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-preproduction
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-test
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-development
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-security-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-shared-services-production
No changes. Your infrastructure matches the configuration.

dms1981 and others added 14 commits January 23, 2025 12:02
@dms1981
Added bucket statement to allow GitHub Actions to delete tflock files
f7cc926
@sobostion @dms1981
add hosting-migrations team to their environments
08c5593
@richgreen-moj @dms1981
Additional reviewers for yjaf
7a784fe
@lwilts @dms1981
(EDIT: signed)
8d61ecb 
Create CI/CD role for Oracle CDC replacement repo
@dependabot @dms1981
Bump bridgecrewio/checkov-action from 12.2944.0 to 12.2945.0
c2155ef 
Bumps [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) from 12.2944.0 to 12.2945.0.
- [Release notes](https://github.com/bridgecrewio/checkov-action/releases)
- [Commits](bridgecrewio/checkov-action@7e385e0...602aad1)

---
updated-dependencies:
- dependency-name: bridgecrewio/checkov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @dms1981
Bump github/codeql-action from 3.28.1 to 3.28.2
037ac5a 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.1 to 3.28.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b6a472f...d68b2d4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@richgreen-moj @dms1981
Enable R53 DNS Firewall in ALERT mode using r53_dns_firewall module
a8d506b
@richgreen-moj @dms1981
Added README to module and adjust comments
b83acf9
@richgreen-moj @dms1981
remove custom domain input as not currently being used
ac9706b
@ep-93 @dms1981
Legacy YJAF docs
831e85c
@dms1981
update to correct GP cidr
b6ebb75
@richgreen-moj @dms1981
remove logging/monitoring config from r53_dns_firewall module
8f443ab
@richgreen-moj @dms1981
Add r53-dns-firewallmodule to core-vpc-* github workflows
a9e0a6f
@ASTRobinson @dms1981
Add Template Validation to workflow
4118740
@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-preproduction
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-development
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-security-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-test
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
No changes. Your infrastructure matches the configuration.

@dms1981 dms1981 marked this pull request as ready for review January 23, 2025 13:10
@dms1981 dms1981 requested a review from a team as a code owner January 23, 2025 13:10
@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-preproduction
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-development
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-vpc-test
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-security-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-shared-services-production
Plan: 0 to add, 1 to change, 0 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-logging-production
No changes. Your infrastructure matches the configuration.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-shared-services-production
Plan: 0 to add, 1 to change, 0 to destroy.

@github-actions GitHub Actions
Copy link
Contributor

Terraform Plan Summary

core-network-services-production
No changes. Your infrastructure matches the configuration.

@dms1981 dms1981 added this pull request to the merge queue Jan 23, 2025
Merged via the queue into main with commit b366971 Jan 23, 2025
54 of 64 checks passed
@dms1981 dms1981 deleted the feature/8345-native-state-locking branch January 23, 2025 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ASTRobinson ASTRobinson ASTRobinson approved these changes

Assignees
No one assigned
Labels
github-workflow networking onboarding Tasks to onboard teams security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@dms1981 @ASTRobinson @SimonPPledger @sobostion @richgreen-moj @lwilts @ep-93