-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (117 loc) · 3.84 KB
/
infrastructure-sandbox.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
---
name: infrastucture - sandbox
on:
pull_request:
branches:
- main
push:
branches:
- main
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
AWS_ACCOUNT_ID: 107662415716
AWS_ENV_NAME: sandbox
OIDC_IAM_ROLE: sandbox-terraform-aws-deploy
jobs:
set-matrix:
runs-on: ubuntu-latest
timeout-minutes: 5
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Checkout source code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set Matrix
id: set-matrix
uses: ./.github/actions/set-matrix
with:
AWS_ENV_NAME: ${{ env.AWS_ENV_NAME }}
terraform:
needs: [set-matrix]
if: ${{ needs.set-matrix.outputs.matrix != '["_empty"]' }}
runs-on: ubuntu-latest
timeout-minutes: 15
permissions:
id-token: write # For aws-actions/configure-aws-credentials
contents: read # For aws-actions/configure-aws-credentials
deployments: write # For bobheadxi/deployments
pull-requests: write # For bobheadxi/deployments
strategy:
fail-fast: false
matrix:
directory: ${{ fromJson(needs.set-matrix.outputs.matrix )}}
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: AWS Credential
uses: ./.github/actions/aws-credential
with:
oidc-iam-role: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/${{ env.OIDC_IAM_ROLE }}
- name: Terraform Plan
uses: ./.github/actions/terraform-plan
with:
working-directory: ./infrastructure/environments/${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Start Deployment
if: env.TF_PLAN_STATUS == 'has-diff' && github.ref == 'refs/heads/main'
uses: bobheadxi/deployments@v1
id: deployment
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
env: ${{ env.AWS_ENV_NAME }}
- name: Terraform Apply
if: env.TF_PLAN_STATUS == 'has-diff' && contains(fromJSON('["push", "workflow_dispatch"]'), github.event_name)
uses: ./.github/actions/terraform-apply
with:
AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
AWS_ENV_NAME: ${{ env.AWS_ENV_NAME }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
working-directory: ./infrastructure/environments/${{ env.AWS_ENV_NAME }}/${{ matrix.directory }}
- name: Finish Deployment
if: env.TF_PLAN_STATUS == 'has-diff' && always() && github.ref == 'refs/heads/main'
uses: bobheadxi/deployments@v1
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
env: ${{ steps.deployment.outputs.env }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
delete_pr_comments:
name: Delete PR Comments
needs: [terraform]
runs-on: ubuntu-latest
timeout-minutes: 5
if: contains(fromJSON('["pull_request"]'), github.event_name)
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Check and delete comments
run: |
./.github/scripts/delete_pr_comments.sh \
"tqer39" \
"time-capsule" \
"${{ env.AWS_ENV_NAME }}" \
"${{ github.event.pull_request.number }}" \
"${{ secrets.GITHUB_TOKEN }}"
workflow-result-infrastructure:
runs-on: ubuntu-latest
timeout-minutes: 5
needs: [terraform]
if: always()
steps:
- name: Failure
if: >-
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
run: |
echo "workflow failure"
exit 1
- name: Success
run: |
echo "workflow success"