-
Notifications
You must be signed in to change notification settings - Fork 2
135 lines (120 loc) · 4.31 KB
/
terragrunt-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Deploy using terragrunt
permissions:
contents: read
packages: write
on:
workflow_call:
inputs:
DEFAULT_APPLICATION_ENVIRONMENT:
required: true
type: string
IMAGE_TAG:
required: true
type: string
workflow_dispatch:
inputs:
DEFAULT_APPLICATION_ENVIRONMENT:
required: true
type: choice
options:
- dev
- test
- prod
IMAGE_TAG:
required: true
type: string
default: main
# SCHEMA_NAME:
# required: true
# type: string
# default: app_wf1_prev
# CHANGELOG_NAME:
# type: string
# options:
# - none
# - changelog_app_wf1_prev
# - changelog_app_wf1_prev_proxy
# TARGET_LIQUIBASE_TAG:
# required: false
# type: string
# IS_HOTFIX:
# required: true
# type: string
# default: 'false'
env:
TF_VERSION: 1.8.5
TG_VERSION: 0.48.4
TG_SRC_PATH: terraform
REPOSITORY: ghcr.io
jobs:
deploy:
name: Deploy
runs-on: ubuntu-22.04
environment: ${{ inputs.DEFAULT_APPLICATION_ENVIRONMENT }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- uses: actions/checkout@v3
# - name: retrieve lambda artifacts
# uses: actions/download-artifact@v3
# with:
# name: lambda-functions
# path: ${{env.TG_SRC_PATH}}/lambda-functions
- id: changeLogCount
name: Determine changelog to execute
run: |
if [ "${{ inputs.CHANGELOG_NAME }}" == "changelog_app_wf1_prev" ]; then
echo "NONPROXY_COUNT=1" >> $GITHUB_OUTPUT
echo "PROXY_COUNT=0" >> $GITHUB_OUTPUT
elif [ "${{ inputs.CHANGELOG_NAME }}" == "changelog_app_wf1_prev_proxy" ] ; then
echo "NONPROXY_COUNT=0" >> $GITHUB_OUTPUT
echo "PROXY_COUNT=1" >> $GITHUB_OUTPUT
else
echo "NONPROXY_COUNT=0" >> $GITHUB_OUTPUT
echo "PROXY_COUNT=0" >> $GITHUB_OUTPUT
fi
- id: liquibaseCommand
name: Determine liquibase command
run: |
if [ "${{ inputs.TARGET_LIQUIBASE_TAG }}" == "" ]; then
echo "LIQUIBASE_COMMAND=update" >> $GITHUB_OUTPUT
echo "TARGET_LIQUIBASE_TAG=""" >> $GITHUB_OUTPUT
else
echo "LIQUIBASE_COMMAND=update-to-tag" >> $GITHUB_OUTPUT
echo "TARGET_LIQUIBASE_TAG=--tag=${{inputs.TARGET_LIQUIBASE_TAG}}" >> $GITHUB_OUTPUT
fi
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_TERRAFORM_ROLE_TO_ASSUME }}
role-session-name: wfprev-terraform-s3
aws-region: ca-central-1
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}
cli_config_credentials_token: ${{ secrets.TFC_TEAM_TOKEN }}
- uses: peter-murray/[email protected]
with:
terragrunt_version: ${{ env.TG_VERSION }}
- name: Terragrunt Apply
working-directory: ${{env.TG_SRC_PATH}}
env:
# Necessary for all components
TFC_PROJECT: ${{ secrets.TFC_PROJECT }}
TARGET_ENV: ${{ inputs.DEFAULT_APPLICATION_ENVIRONMENT }}
APP_COUNT: ${{vars.APP_COUNT}}
LOGGING_LEVEL: ${{vars.LOGGING_LEVEL}}
# Necessary for WFPREV API
WFPREV_API_NAME: wfprev-api
WFPREV_API_IMAGE: ${{ vars.REPOSITORY }}/${{ github.repository }}-wfprev-api:${{ inputs.IMAGE_TAG }}
WFPREV_API_CPU_UNITS: ${{vars.WFPREV_API_CPU_UNITS}}
WFPREV_API_MEMORY: ${{vars.WFPREV_API_MEMORY}}
WFPREV_API_PORT: ${{vars.WFPREV_API_PORT}}
TARGET_AWS_ACCOUNT_ID: ${{secrets.TARGET_AWS_ACCOUNT_ID}}
# WFPREV UI
CLIENT_IMAGE: ${{ vars.REPOSITORY }}/${{ github.repository }}-wfprev-ui:${{ inputs.IMAGE_TAG }}
WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET: ${{ secrets.WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET }}
WFPREV_CLIENT_MEMORY: ${{vars.WFPREV_CLIENT_MEMORY}}
WFPREV_CLIENT_CPU_UNITS : ${{vars.WFPREV_CLIENT_CPU_UNITS}}
run: terragrunt apply --terragrunt-non-interactive -auto-approve