diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml new file mode 100644 index 0000000..5aee6de --- /dev/null +++ b/.github/workflows/deploy-sandbox.yml @@ -0,0 +1,24 @@ +name: Deploy Sandbox Environment + +on: + pull_request: + branches: [ main ] + push: + branches: [ main ] +permissions: + id-token: write + contents: read + +jobs: + call-terragrunt-deploy: + permissions: + contents: read + id-token: write + uses: ./.github/workflows/terragrunt-deploy.yml + with: + tf_version: '1.5.5' + tg_version: '0.54.11' + environment: sandbox + region: us-east-2 + env_id: '000' + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/draft-release.yaml b/.github/workflows/draft-release.yml similarity index 100% rename from .github/workflows/draft-release.yaml rename to .github/workflows/draft-release.yml diff --git a/.github/workflows/label-pull-request.yaml b/.github/workflows/label-pull-request.yml similarity index 100% rename from .github/workflows/label-pull-request.yaml rename to .github/workflows/label-pull-request.yml diff --git a/.github/workflows/python-tests.yaml b/.github/workflows/python-tests.yml similarity index 100% rename from .github/workflows/python-tests.yaml rename to .github/workflows/python-tests.yml diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml index acf90f4..db34e93 100644 --- a/.github/workflows/terragrunt-deploy.yml +++ b/.github/workflows/terragrunt-deploy.yml @@ -45,6 +45,15 @@ jobs: test -z "${{ vars.DEPLOY_ROLE_ARN }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing an environment variable for DEPLOY_ROLE_ARN in the ${{ inputs.environment }} environment!"; raised=1) exit $raised + - name: "Set default Terraform Tags" + id: set-tags + run: | + set -x + echo "${{ github.repository }}" | cut -d "/" -f 2 > repo.txt + echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_repository_tag=$(cat repo.txt)" >> "$GITHUB_OUTPUT" + echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@a95656fcd9ec16a226c7099657b9fc91cc777601 with: @@ -59,6 +68,9 @@ jobs: AWS_REGION: ${{ inputs.region }} INPUT_PRE_EXEC_0: | sudo apt update -yqq && sudo apt install python3 -yqq + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} @@ -68,10 +80,13 @@ jobs: - name: Deploy uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq + AWS_REGION: ${{ inputs.region }} + TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 8b2eccf..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: Test AWS Connectivity - -on: - pull_request: - branches: [ main ] - push: - branches: [ main ] -permissions: - id-token: write - contents: read - -jobs: - deploy: - name: "Plan & Deploy Sandbox Environment" - runs-on: ubuntu-latest - environment: Sandbox - steps: - - name: Checkout - uses: actions/checkout@main - - - name: "Validate GitHub Environment" - run: | - raised=0 - test -z "${{ vars.DEPLOY_ROLE_ARN }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing an environment variable for DEPLOY_ROLE_ARN!"; raised=1) - test -z "${{ vars.AWS_REGION }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing a secret for AWS_REGION!"; raised=1) - exit $raised - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1.7.0 - with: - role-to-assume: ${{ vars.DEPLOY_ROLE_ARN }} - role-session-name: ${{ github.run_id }} - aws-region: ${{ vars.AWS_REGION }} - - - name: Plan - id: plan - uses: gruntwork-io/terragrunt-action@v2 - env: - AWS_REGION: ${{ vars.AWS_REGION }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - with: - tf_version: '1.5.5' - tg_version: '0.54.11' - tg_dir: 'platform/sandbox/us-east-2/000' - tg_command: 'plan -out=sandbox.tfplan' - - - name: Deploy - uses: gruntwork-io/terragrunt-action@v2 - env: - AWS_REGION: ${{ vars.AWS_REGION }} - TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - with: - tf_version: '1.5.5' - tg_version: '0.54.11' - tg_dir: 'platform/sandbox/us-east-2/000' - tg_command: 'apply sandbox.tfplan' - diff --git a/terragrunt.hcl b/terragrunt.hcl index dd199f4..f8b2c49 100644 --- a/terragrunt.hcl +++ b/terragrunt.hcl @@ -24,12 +24,41 @@ generate "provider" { contents = <