Skip to content

[EC-68] Resolve issues with CD pipelines (#821) #103

[EC-68] Resolve issues with CD pipelines (#821)

[EC-68] Resolve issues with CD pipelines (#821) #103

name: Continuous Delivery on prod citizen-auth
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "src/domains/citizen-auth**"
- ".github/workflows/prod**citizen-auth.yml"
permissions:
id-token: write
contents: read
env:
DIR: "src/domains/citizen-auth"
ARM_USE_OIDC: true
ARM_USE_AZUREAD: true
ARM_STORAGE_USE_AZUREAD: true
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
jobs:
terraform_plan_job:
name: Terraform Plan
runs-on: self-hosted
environment: prod-ci
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CI }}
steps:
- name: Checkout
id: checkout
# from https://github.com/actions/checkout/commits/main
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
with:
persist-credentials: false
fetch-depth: 0
- name: Azure Login
id: az_login
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Set Terraform Version
id: env_tf_version
run: |
echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
id: terraform_setup
name: Setup Terraform
with:
terraform_version: ${{ steps.env_tf_version.outputs.terraform_version}}
terraform_wrapper: true
- name: Terraform plan common
shell: bash
working-directory: ${{ env.DIR }}-common
env:
AZURE_ENVIRONMENT: prod
run: |
bash ./terraform.sh plan ${{ env.AZURE_ENVIRONMENT }} -lock-timeout=3000s -out=tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }} -input=false
- name: Terraform plan weu-beta
shell: bash
working-directory: ${{ env.DIR }}-app
env:
AZURE_ENVIRONMENT: weu-beta
run: |
bash ./terraform.sh plan ${{ env.AZURE_ENVIRONMENT }} -lock-timeout=3000s -out=tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }} -input=false
- name: Terraform plan weu-prod01
shell: bash
working-directory: ${{ env.DIR }}-app
env:
AZURE_ENVIRONMENT: weu-prod01
run: |
bash ./terraform.sh plan ${{ env.AZURE_ENVIRONMENT }} -lock-timeout=3000s -out=tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }} -input=false
- uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392
id: artifact_upload
name: Upload plans as artifacts
with:
name: tfplan-output
if-no-files-found: error
path: |
**/tfplan-prod-*
**/tfplan-weu-beta-*
**/tfplan-weu-prod01-*
outputs:
terraform_version: ${{ steps.env_tf_version.outputs.terraform_version}}
terraform_apply_job:
name: Terraform Apply
runs-on: self-hosted
environment: prod-cd
needs: [terraform_plan_job]
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
steps:
- name: Checkout
id: checkout
# from https://github.com/actions/checkout/commits/main
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
with:
persist-credentials: false
fetch-depth: 0
- uses: actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110
id: artifact_download
name: Download plans as artifact
with:
name: tfplan-output
- name: Azure Login
id: az_login
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36
id: terraform_setup
name: Setup Terraform
with:
terraform_version: ${{ needs.terraform_plan_job.outputs.terraform_version }}
terraform_wrapper: true
- name: Terraform apply common
id: terraform_apply_common
shell: bash
working-directory: ${{ env.DIR }}-common
env:
AZURE_ENVIRONMENT: prod
run: |
bash ./terraform.sh apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }}
rm -rf tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }}
- name: Terraform apply weu-beta
id: terraform_apply_weu-beta
shell: bash
working-directory: ${{ env.DIR }}-app
env:
AZURE_ENVIRONMENT: weu-beta
run: |
bash ./terraform.sh apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }}
rm -rf tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }}
- name: Terraform apply weu-prod01
id: terraform_apply_weu-prod01
shell: bash
working-directory: ${{ env.DIR }}-app
env:
AZURE_ENVIRONMENT: weu-prod01
run: |
bash ./terraform.sh apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }}
rm -rf tfplan-${{ env.AZURE_ENVIRONMENT }}-${{ github.sha }}