From c2df563a04ef374e7c598c89bf0eee1d7fc01f34 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 16 Jun 2025 10:32:42 -0500 Subject: [PATCH 1/5] Add default tagging --- .github/workflows/terragrunt-deploy.yml | 21 ++++++++++++++---- terragrunt.hcl | 29 +++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml index acf90f4..8f5c5d3 100644 --- a/.github/workflows/terragrunt-deploy.yml +++ b/.github/workflows/terragrunt-deploy.yml @@ -45,6 +45,13 @@ jobs: test -z "${{ vars.DEPLOY_ROLE_ARN }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing an environment variable for DEPLOY_ROLE_ARN in the ${{ inputs.environment }} environment!"; raised=1) exit $raised + - name: "Set default Terraform Tags" + run: | + echo "${{ github.repository }}" | cut -d "/" -f 2 > repo.txt + echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_repository_tag=$(cat repo.txt)" >> "$GITHUB_OUTPUT" + echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@a95656fcd9ec16a226c7099657b9fc91cc777601 with: @@ -59,6 +66,9 @@ jobs: AWS_REGION: ${{ inputs.region }} INPUT_PRE_EXEC_0: | sudo apt update -yqq && sudo apt install python3 -yqq + TF_VAR_organization_tag: ${{ vars.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ vars.TF_VAR_repository_tag }} + TF_VAR_organizaTF_VAR_commit_hash_tagtion_tag: ${{ vars.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} @@ -68,10 +78,13 @@ jobs: - name: Deploy uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq + AWS_REGION: ${{ inputs.region }} + TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + TF_VAR_organization_tag: ${{ vars.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ vars.TF_VAR_repository_tag }} + TF_VAR_organizaTF_VAR_commit_hash_tagtion_tag: ${{ vars.TF_VAR_commit_hash_tag }}z with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} diff --git a/terragrunt.hcl b/terragrunt.hcl index dd199f4..f8b2c49 100644 --- a/terragrunt.hcl +++ b/terragrunt.hcl @@ -24,12 +24,41 @@ generate "provider" { contents = < Date: Mon, 16 Jun 2025 10:36:48 -0500 Subject: [PATCH 2/5] Fix workflows --- .github/workflows/deploy-sandbox.yml | 24 ++++++++ .../{draft-release.yaml => draft-release.yml} | 0 ...ll-request.yaml => label-pull-request.yml} | 0 .../{python-tests.yaml => python-tests.yml} | 0 .github/workflows/test.yml | 60 ------------------- 5 files changed, 24 insertions(+), 60 deletions(-) create mode 100644 .github/workflows/deploy-sandbox.yml rename .github/workflows/{draft-release.yaml => draft-release.yml} (100%) rename .github/workflows/{label-pull-request.yaml => label-pull-request.yml} (100%) rename .github/workflows/{python-tests.yaml => python-tests.yml} (100%) delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml new file mode 100644 index 0000000..5aee6de --- /dev/null +++ b/.github/workflows/deploy-sandbox.yml @@ -0,0 +1,24 @@ +name: Deploy Sandbox Environment + +on: + pull_request: + branches: [ main ] + push: + branches: [ main ] +permissions: + id-token: write + contents: read + +jobs: + call-terragrunt-deploy: + permissions: + contents: read + id-token: write + uses: ./.github/workflows/terragrunt-deploy.yml + with: + tf_version: '1.5.5' + tg_version: '0.54.11' + environment: sandbox + region: us-east-2 + env_id: '000' + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/draft-release.yaml b/.github/workflows/draft-release.yml similarity index 100% rename from .github/workflows/draft-release.yaml rename to .github/workflows/draft-release.yml diff --git a/.github/workflows/label-pull-request.yaml b/.github/workflows/label-pull-request.yml similarity index 100% rename from .github/workflows/label-pull-request.yaml rename to .github/workflows/label-pull-request.yml diff --git a/.github/workflows/python-tests.yaml b/.github/workflows/python-tests.yml similarity index 100% rename from .github/workflows/python-tests.yaml rename to .github/workflows/python-tests.yml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 8b2eccf..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: Test AWS Connectivity - -on: - pull_request: - branches: [ main ] - push: - branches: [ main ] -permissions: - id-token: write - contents: read - -jobs: - deploy: - name: "Plan & Deploy Sandbox Environment" - runs-on: ubuntu-latest - environment: Sandbox - steps: - - name: Checkout - uses: actions/checkout@main - - - name: "Validate GitHub Environment" - run: | - raised=0 - test -z "${{ vars.DEPLOY_ROLE_ARN }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing an environment variable for DEPLOY_ROLE_ARN!"; raised=1) - test -z "${{ vars.AWS_REGION }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing a secret for AWS_REGION!"; raised=1) - exit $raised - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1.7.0 - with: - role-to-assume: ${{ vars.DEPLOY_ROLE_ARN }} - role-session-name: ${{ github.run_id }} - aws-region: ${{ vars.AWS_REGION }} - - - name: Plan - id: plan - uses: gruntwork-io/terragrunt-action@v2 - env: - AWS_REGION: ${{ vars.AWS_REGION }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - with: - tf_version: '1.5.5' - tg_version: '0.54.11' - tg_dir: 'platform/sandbox/us-east-2/000' - tg_command: 'plan -out=sandbox.tfplan' - - - name: Deploy - uses: gruntwork-io/terragrunt-action@v2 - env: - AWS_REGION: ${{ vars.AWS_REGION }} - TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - with: - tf_version: '1.5.5' - tg_version: '0.54.11' - tg_dir: 'platform/sandbox/us-east-2/000' - tg_command: 'apply sandbox.tfplan' - From 3886e4b1788dcbd78cd16b95c989e174e7527219 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 16 Jun 2025 10:38:05 -0500 Subject: [PATCH 3/5] Fix workflows --- .github/workflows/terragrunt-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml index 8f5c5d3..7f9e539 100644 --- a/.github/workflows/terragrunt-deploy.yml +++ b/.github/workflows/terragrunt-deploy.yml @@ -68,7 +68,7 @@ jobs: sudo apt update -yqq && sudo apt install python3 -yqq TF_VAR_organization_tag: ${{ vars.TF_VAR_organization_tag }} TF_VAR_repository_tag: ${{ vars.TF_VAR_repository_tag }} - TF_VAR_organizaTF_VAR_commit_hash_tagtion_tag: ${{ vars.TF_VAR_commit_hash_tag }} + TF_VAR_commit_hash_tag: ${{ vars.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} @@ -84,7 +84,7 @@ jobs: sudo apt update -yqq && sudo apt install python3 -yqq TF_VAR_organization_tag: ${{ vars.TF_VAR_organization_tag }} TF_VAR_repository_tag: ${{ vars.TF_VAR_repository_tag }} - TF_VAR_organizaTF_VAR_commit_hash_tagtion_tag: ${{ vars.TF_VAR_commit_hash_tag }}z + TF_VAR_commit_hash_tag: ${{ vars.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} From a7cbb204c397c68cdab79119ea9b5c728414f0cb Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 16 Jun 2025 10:53:15 -0500 Subject: [PATCH 4/5] Fix outputs --- .github/workflows/terragrunt-deploy.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml index 7f9e539..801b735 100644 --- a/.github/workflows/terragrunt-deploy.yml +++ b/.github/workflows/terragrunt-deploy.yml @@ -46,6 +46,7 @@ jobs: exit $raised - name: "Set default Terraform Tags" + id: set-tags run: | echo "${{ github.repository }}" | cut -d "/" -f 2 > repo.txt echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" @@ -66,9 +67,9 @@ jobs: AWS_REGION: ${{ inputs.region }} INPUT_PRE_EXEC_0: | sudo apt update -yqq && sudo apt install python3 -yqq - TF_VAR_organization_tag: ${{ vars.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ vars.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ vars.TF_VAR_commit_hash_tag }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} @@ -82,9 +83,9 @@ jobs: TERRAFORM_PLAN: ${{ steps.plan.outputs.TERRAFORM_PLAN }} INPUT_PRE_EXEC_0: | sudo apt update -yqq && sudo apt install python3 -yqq - TF_VAR_organization_tag: ${{ vars.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ vars.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ vars.TF_VAR_commit_hash_tag }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} From 57044e5c650ca10b6bb8b30ea5da1beee3886525 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 16 Jun 2025 10:56:19 -0500 Subject: [PATCH 5/5] Fix outputs --- .github/workflows/terragrunt-deploy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml index 801b735..db34e93 100644 --- a/.github/workflows/terragrunt-deploy.yml +++ b/.github/workflows/terragrunt-deploy.yml @@ -48,6 +48,7 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | + set -x echo "${{ github.repository }}" | cut -d "/" -f 2 > repo.txt echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" echo "TF_VAR_repository_tag=$(cat repo.txt)" >> "$GITHUB_OUTPUT"