move production deployment to separte workflow that's triggered by release

Co-authored-by: joates-madetech <james.oates@madetech.com>
Co-authored-by: maysakanoni <maysa@madetech.com>
Co-authored-by: mattbee <matt.bee@madetech.com>

Author: 4 people

.github/workflows/data_platform_prod.yml

@@ -0,0 +1,66 @@
+name: Data-Platform (Production)
+env:
+  aws_deploy_account: ${{ secrets.AWS_ACCOUNT_DATA_PLATFORM_STG }}
+  aws_api_account: ${{ secrets.AWS_API_ACCOUNT_STG }}
+  aws_deploy_region: "eu-west-2"
+  environment: "stg"
+  terraform_state_s3_key_prefix: "data-platform"
+  build_path: "."
+  automation_build_url: "https://github.com/LBHackney-IT/data-platform/actions/workflows/data_platform_prod.yml"
+on:
+  release:
+    types: [published]
+    paths-ignore:
+      - "documentation/**"
+      - "infrastructure/projects/**"
+      - "infrastructure/platform/**"
+  workflow_dispatch:
+    inputs:
+      terraform_import:
+        description: "Terraform import statements"
+        required: false
+      terraform_remove:
+        description: "Terraform state rm statements"
+        required: false
+
+jobs:
+  build:
+    name: AWS Terraform
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@v2
+      - name: Set Node.js 14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+      - name: Install dependencies in rds-database-snapshot-replicator lambda
+        working-directory: "./lambdas/rds-database-snapshot-replicator/lambda"
+        run: npm install
+      - name: Set up Google Cloud Credentials
+        run: |
+            echo $GOOGLE_CREDENTIALS_STG >> ./google_service_account_creds.json
+        shell: bash
+        env:
+          GOOGLE_CREDENTIALS_STG: ${{secrets.GOOGLE_CREDENTIALS_STG}}
+      - name: Run AWS Terraform
+        uses: ./.github/actions/aws-terraform
+        with:
+          aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws_deploy_region: ${{ env.aws_deploy_region }}
+          terraform_state_s3_key_prefix: ${{ env.terraform_state_s3_key_prefix }}
+          build_path: ${{ env.build_path }}
+          environment: ${{ env.environment }}
+          automation_build_url: ${{ env.automation_build_url }}
+          aws_deploy_account: ${{ env.aws_deploy_account }}
+          aws_api_account: ${{ env.aws_api_account }}
+          aws_deploy_iam_role_name: ${{ secrets.AWS_ROLE_TO_ASSUME }}
+          branch: ${GITHUB_REF##*/}
+          terraform_import: ${{ github.event.inputs.terraform_import }}
+          terraform_remove: ${{ github.event.inputs.terraform_remove }}
+          # DANGER ZONE
+          # In order to allow you to run a Terraform destroy (that will delete all AWS resources managed by Terraform,
+          # you can set terraform_destroy: 'destroy_me'. Not providing a value or any other value except 'destroy_me' will
+          # cause nothing to happen. The example here, with the value set to false is to ensure you've read this comment ;)
+          terraform_destroy: false

.github/workflows/data_platform_stg.yml

@@ -18,7 +18,7 @@ env:
 on:
   # This controls when a build will be triggered for a push. Unless you have a specific use case, this should be sufficient!
   push:
-    branches: [mainy]
+    branches: [main]
     paths-ignore:
       - "documentation/**"
       - "infrastructure/projects/**"