Skip to content
Terragrunt plan PRODUCTION

Release 2.5.8 #287

Sign in to view logs

Release 2.5.8

Release 2.5.8 #287

Workflow file for this run

.github/workflows/terragrunt_plan_production.yml at 5c4003d
name: "Terragrunt plan PRODUCTION"
on:
pull_request:
paths:
- ".github/workflows/infrastructure_version.txt"
env:
TARGET_ENV_PATH: production
AWS_ACCESS_KEY_ID: ${{ secrets.PRODUCTION_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.PRODUCTION_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ca-central-1
TERRAFORM_VERSION: 0.14.4
TERRAGRUNT_VERSION: 0.35.13
TF_VAR_base_domain: ${{secrets.PRODUCTION_BASE_DOMAIN}}
TF_VAR_alt_base_domain: ${{secrets.PRODUCTION_ALT_BASE_DOMAIN}}
TF_VAR_dbtools_password: ${{ secrets.PRODUCTION_DBTOOLS_PASSWORD }}
TF_VAR_heartbeat_api_key: ${{ secrets.PRODUCTION_HEARTBEAT_API_KEY }}
TF_VAR_heartbeat_sms_number: ${{ secrets.PRODUCTION_HEARTBEAT_SMS_NUMBER }}
TF_VAR_rds_cluster_password: ${{ secrets.PRODUCTION_RDS_CLUSTER_PASSWORD }}
TF_VAR_app_db_user_password: ${{ secrets.PRODUCTION_APP_DB_USER_PASSWORD }}
TF_VAR_quicksight_db_user_password: ${{ secrets.PRODUCTION_QUICKSIGHT_DB_USER_PASSWORD }}
TF_VAR_cloudwatch_opsgenie_alarm_webhook: ${{ secrets.PRODUCTION_CLOUDWATCH_OPSGENIE_ALARM_WEBHOOK }}
TF_VAR_cloudwatch_slack_webhook_warning_topic: ${{ secrets.PRODUCTION_CLOUDWATCH_SLACK_WEBHOOK }}
TF_VAR_cloudwatch_slack_webhook_critical_topic: ${{ secrets.PRODUCTION_CLOUDWATCH_SLACK_WEBHOOK }}
TF_VAR_cloudwatch_slack_webhook_general_topic: ${{ secrets.PRODUCTION_CLOUDWATCH_SLACK_WEBHOOK }}
TF_VAR_notify_o11y_google_oauth_client_id: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_ID }}
TF_VAR_notify_o11y_google_oauth_client_secret: ${{ secrets.NOTIFY_O11Y_GOOGLE_OAUTH_CLIENT_SECRET }}
TF_VAR_sentinel_customer_id: ${{ secrets.SENTINEL_CUSTOMER_ID }}
TF_VAR_sentinel_shared_key: ${{ secrets.SENTINEL_SHARED_KEY }}
TF_VAR_slack_channel_warning_topic: notification-ops
TF_VAR_slack_channel_critical_topic: notification-ops
TF_VAR_slack_channel_general_topic: notification-ops
TF_VAR_sqlalchemy_database_reader_uri: ${{ secrets.PRODUCTION_SQLALCHEMY_DATABASE_READER_URI }}
TF_VAR_system_status_admin_url: "https://notification.canada.ca"
TF_VAR_system_status_api_url: "https://api.notification.canada.ca"
TF_VAR_system_status_bucket_name: "notification-canada-ca-production-system-status"
TF_VAR_new_relic_license_key: ${{ secrets.PRODUCTION_NEW_RELIC_LICENSE_KEY }}
TF_VAR_waf_secret: ${{secrets.PRODUCTION_WAF_SECRET}}
TF_VAR_route_53_zone_arn: /hostedzone/Z07701011ICTZVSX5P68J
# Prevents repeated creation of the Slack lambdas if already existing.
# See: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/84
TF_RECREATE_MISSING_LAMBDA_PACKAGE: false
TF_VAR_blazer_slack_webhook_general_topic: ${{ secrets.PRODUCTION_BLAZER_SLACK_WEBHOOK }}
TF_VAR_client_vpn_access_group_id: ${{ secrets.PRODUCTION_CLIENT_VPN_ACCESS_GROUP_ID }}
TF_VAR_client_vpn_saml_metadata: ${{ secrets.PRODUCTION_CLIENT_VPN_SAML_METADATA }}
TF_VAR_client_vpn_self_service_saml_metadata: ${{ secrets.PRODUCTION_CLIENT_VPN_SELF_SERVICE_SAML_METADATA }}
jobs:
terragrunt-plan-production:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- name: Set environment variables
uses: ./.github/actions/setvars
with:
envVarFile: ./.env
- name: Setup Terraform tools
uses: cds-snc/terraform-tools-setup@v1
env: # In case you want to override default versions
CONFTEST_VERSION: 0.30.0
TERRAFORM_VERSION: 1.6.2
TERRAGRUNT_VERSION: 0.44.4
TF_SUMMARIZE_VERSION: 0.2.3
- name: Set INFRASTRUCTURE_VERSION
run: |
INFRASTRUCTURE_VERSION=`cat ./.github/workflows/infrastructure_version.txt`
echo "INFRASTRUCTURE_VERSION=$INFRASTRUCTURE_VERSION" >> $GITHUB_ENV
- name: Terragrunt plan common
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/common"
comment-delete: "true"
comment-title: "Production: common"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan ECR
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/ecr"
comment-delete: "true"
comment-title: "Production: ECR"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan ses_receiving_emails
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/ses_receiving_emails"
comment-delete: "true"
comment-title: "Production: ses_receiving_emails"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan ses_to_sqs_email_callbacks
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/ses_to_sqs_email_callbacks"
comment-delete: "true"
comment-title: "Production: ses_to_sqs_email_callbacks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan sns_to_sqs_sms_callbacks
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/sns_to_sqs_sms_callbacks"
comment-delete: "true"
comment-title: "Production: sns_to_sqs_sms_callbacks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan dns
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/dns"
comment-delete: "true"
comment-title: "Production: dns"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan ses_validation_dns_entries
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/ses_validation_dns_entries"
comment-delete: "true"
comment-title: "Production: ses_validation_dns_entries"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan eks
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/eks"
comment-delete: "true"
comment-title: "Production: eks"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan elasticache
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/elasticache"
comment-delete: "true"
comment-title: "Production: elasticache"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan rds
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/rds"
comment-delete: "true"
comment-title: "Production: rds"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan cloudfront
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/cloudfront"
comment-delete: "true"
comment-title: "Production: cloudfront"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan lambda-api
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/lambda-api"
comment-delete: "true"
comment-title: "Production: lambda-api"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan heartbeat
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/heartbeat"
comment-delete: "true"
comment-title: "Production: heartbeat"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan database-tools
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/database-tools"
comment-delete: "true"
comment-title: "Production: database-tools"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan quicksight
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/quicksight"
comment-delete: "true"
comment-title: "Production: quicksight"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan lambda-google-cidr
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/lambda-google-cidr"
comment-delete: "true"
comment-title: "Production: lambda-google-cidr"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan system_status
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/system_status"
comment-delete: "true"
comment-title: "Production: system_status"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
skip-conftest: "true"
- name: Terragrunt plan system_status_static_site
uses: cds-snc/terraform-plan@v3
with:
directory: "env/production/system_status_static_site"
comment-delete: "true"
comment-title: "Production: system_status_static_site"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
skip-conftest: "true"