Account-wide infra deployment to account-test of NRL-1666-point-perftest-at-baseline-table by anjalitrace2-nhs #42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Account-wide infrastructure | |
| run-name: Account-wide infra deployment to ${{ inputs.environment }} of ${{ inputs.branch_name }} by ${{ github.actor }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Account to deploy to" | |
| required: true | |
| default: "account-dev" | |
| type: environment | |
| branch_name: | |
| description: Branch to deploy | |
| required: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: write | |
| jobs: | |
| check-selected-environment: | |
| name: Check Workflow Env | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Validate environment | |
| env: | |
| IS_VALID_ENV: ${{ startsWith(inputs.environment, 'account-') }} | |
| run: | | |
| echo "valid workflow environment selected:" $IS_VALID_ENV | |
| if [[ $IS_VALID_ENV == true ]]; then | |
| exit 0 | |
| fi | |
| echo "This workflow can only be run with 'account-*' environments as it deploys account-specific infrastructure" | |
| exit 1 | |
| terraform-plan: | |
| name: Terraform Plan - ${{ inputs.environment }} | |
| environment: ${{ inputs.environment }} | |
| needs: [check-selected-environment] | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }} | |
| - name: Retrieve Server Certificates | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: | | |
| make truststore-pull-all-for-account ACCOUNT=${ACCOUNT_NAME} | |
| - name: Terraform Init | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: | | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} init | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} workspace new ${ACCOUNT_NAME} || \ | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} workspace select ${ACCOUNT_NAME} | |
| - name: Terraform Plan | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
| run: | | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} plan \ | |
| -var assume_account=${ACCOUNT_ID} \ | |
| -var assume_role=terraform \ | |
| -out tfplan | |
| - name: Save Terraform Plan | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: | | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} show -no-color tfplan > terraform/account-wide-infrastructure/$ACCOUNT_NAME/tfplan.txt | |
| aws s3 cp terraform/account-wide-infrastructure/$ACCOUNT_NAME/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/acc-$ACCOUNT_NAME/${{ github.run_id }}/tfplan | |
| aws s3 cp terraform/account-wide-infrastructure/$ACCOUNT_NAME/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/acc-$ACCOUNT_NAME/${{ github.run_id }}/tfplan.txt | |
| terraform-apply: | |
| name: Terraform Apply - ${{ inputs.environment }} | |
| needs: [terraform-plan] | |
| runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }} | |
| environment: ${{ inputs.environment }} | |
| steps: | |
| - name: Git clone - ${{ inputs.branch_name }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.branch_name }} | |
| - name: Setup environment | |
| run: | | |
| echo "${HOME}/.asdf/bin" >> $GITHUB_PATH | |
| poetry install --no-root | |
| - name: Configure Management Credentials | |
| uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a #v4.3.1 | |
| with: | |
| aws-region: eu-west-2 | |
| role-to-assume: ${{ secrets.MGMT_ROLE_ARN }} | |
| role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}} | |
| - name: Download Terraform Plan artifact | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/acc-$ACCOUNT_NAME/${{ github.run_id }}/tfplan terraform/account-wide-infrastructure/${ACCOUNT_NAME}/tfplan | |
| - name: Retrieve Server Certificates | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: | | |
| make truststore-pull-all-for-account ACCOUNT=${ACCOUNT_NAME} | |
| - name: Terraform Init | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: | | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} init | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} workspace new ${ACCOUNT_NAME} || \ | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} workspace select ${ACCOUNT_NAME} | |
| - name: Terraform Apply | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
| run: | | |
| terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} apply tfplan | |
| - name: Update environment config version | |
| env: | |
| ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }} | |
| run: | | |
| deployed_version=$(terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} output --raw version) | |
| echo $deployed_version |