Update detected #3504
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "[Prod] MAMIP - Infrastructure GitHub Actions" | |
on: | |
workflow_dispatch: | |
push: | |
tags-ignore: | |
- "*.*" | |
branches: | |
- master | |
env: | |
tf_version: "0.13.5" | |
tf_working_dir: "./automation/tf-fargate" | |
env: "prod" | |
project: "mamip" | |
aws_region: "eu-west-1" | |
artifacts_bucket: "mamip-artifacts" | |
jobs: | |
terraform: | |
name: "Build & Deploy" | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: ubuntu-latest | |
steps: | |
- name: "Checkout" | |
uses: actions/checkout@v2 | |
- name: AWS IAM Assume Role | |
uses: aws-actions/configure-aws-credentials@master | |
with: | |
aws-region: ${{ secrets.REGION }} | |
role-to-assume: ${{ secrets.ROLE_TO_ASSUME }} | |
role-duration-seconds: 1200 | |
role-session-name: GH-Actions-${{ env.project }}-${{ env.env }} | |
# - name: Who Am I? | |
# run: aws sts get-caller-identity | |
- name: "Terraform Init" | |
uses: hashicorp/terraform-github-actions@master | |
with: | |
tf_actions_version: ${{ env.tf_version }} | |
tf_actions_subcommand: "init" | |
tf_actions_working_dir: ${{ env.tf_working_dir }} | |
tf_actions_comment: false | |
args: '-backend-config="bucket=${{ secrets.TF_STATE_S3_BUCKET }}" -backend-config="key=mamip/terraform-${{ env.env }}.tfstate"' | |
# - name: "Terraform Validate" | |
# uses: hashicorp/terraform-github-actions@master | |
# with: | |
# tf_actions_version: ${{ env.tf_version }} | |
# tf_actions_subcommand: "validate" | |
# tf_actions_working_dir: ${{ env.tf_working_dir }} | |
# tf_actions_comment: false | |
- name: "Terraform Plan" | |
id: plan | |
uses: hashicorp/terraform-github-actions@master | |
with: | |
tf_actions_version: ${{ env.tf_version }} | |
tf_actions_subcommand: "plan" | |
tf_actions_working_dir: ${{ env.tf_working_dir }} | |
tf_actions_comment: false | |
args: '-var="env=${{ env.env }}" -var="artifacts_bucket=${{ env.artifacts_bucket }}"' | |
- name: "Terraform Apply" | |
if: steps.plan.outputs.tf_actions_plan_has_changes == 'true' | |
uses: hashicorp/terraform-github-actions@master | |
with: | |
tf_actions_version: ${{ env.tf_version }} | |
tf_actions_subcommand: "apply" | |
tf_actions_working_dir: ${{ env.tf_working_dir }} | |
tf_actions_comment: false | |
args: '-var="env=${{ env.env }}"' | |
- name: Update runbook artifact | |
run: aws s3 cp ./automation/runbook-${{ env.env }}.sh 's3://${{ env.project }}-artifacts/${{ env.env }}/runbook.sh' | |
# - name: Login to Amazon ECR | |
# id: login-ecr | |
# uses: aws-actions/amazon-ecr-login@v1 | |
# - name: Build, tag, and push image to Amazon ECR | |
# env: | |
# ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
# ECR_REPOSITORY: mamip-ecr-${{ env.env }} | |
# IMAGE_TAG: ${{ github.sha }} | |
# run: | | |
# docker buildx build --platform=linux/arm64 -t mamip-image ./automation/ | |
# docker tag mamip-image $ECR_REGISTRY/$ECR_REPOSITORY | |
# docker push $ECR_REGISTRY/$ECR_REPOSITORY | |
- name: Logout of Amazon ECR | |
if: always() | |
run: docker logout ${{ steps.login-ecr.outputs.registry }} |