NRL-1595 check deployed version written to state correctly

Author: atrace

.github/workflows/deploy-account-wide-infra.yml

@@ -102,7 +102,7 @@ jobs:
           ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
         run: |
           terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} show -no-color tfplan > terraform/account-wide-infrastructure/$ACCOUNT_NAME/tfplan.txt
-          ls terraform/account-wide-infrastructure/$ACCOUNT_NAME/
+
           aws s3 cp terraform/account-wide-infrastructure/$ACCOUNT_NAME/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/acc-$ACCOUNT_NAME/${{ github.run_id }}/tfplan
           aws s3 cp terraform/account-wide-infrastructure/$ACCOUNT_NAME/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/acc-$ACCOUNT_NAME/${{ github.run_id }}/tfplan.txt
 
@@ -149,22 +149,21 @@ jobs:
           terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} workspace new ${ACCOUNT_NAME} || \
             terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} workspace select ${ACCOUNT_NAME}
 
-      # - name: Terraform Apply
-      #   env:
-      #     AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-      #   run: |
-      #     terraform -chdir=terraform/account-wide-infrastructure apply tfplan \
-      #     -var 'assume_account=AWS_ACCOUNT_ID' \
-      #     -var 'assume_role=terraform'
-
-      # TODO: fix this
-      # # Is this where we'd burn commit & datetime into state?
-      # - name: Update environment config version
-      #   env:
-      #     ENVIRONMENT: ${{ 'account-dev' }}
-      #   run: |
-      #     deployed_version=$(terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} output --raw version)
-      #     poetry run python ./scripts/set_env_config.py inactive-version ${deployed_version} $ENVIRONMENT
+      - name: Terraform Apply
+        env:
+          ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
+          ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+        run: |
+          terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} tfplan \
+            -var assume_account=${ACCOUNT_ID} \
+            -var assume_role=terraform
+
+      - name: Update environment config version
+        env:
+          ACCOUNT_NAME: ${{ vars.ACCOUNT_NAME }}
+        run: |
+          deployed_version=$(terraform -chdir=terraform/account-wide-infrastructure/${ACCOUNT_NAME} output --raw version)
+          echo $deployed_version
 
   # Slack notif: starting deploy of account-wide infra <branch deets>
   # tf-plan: ensure output is visible in job output

terraform/account-wide-infrastructure/dev/data.tf

@@ -17,3 +17,10 @@ data "aws_secretsmanager_secret" "emails" {
 data "aws_secretsmanager_secret_version" "emails" {
   secret_id = data.aws_secretsmanager_secret.emails.id
 }
+
+data "external" "current-info" {
+  program = [
+    "bash",
+    "../../../scripts/get-current-info.sh",
+  ]
+}

terraform/account-wide-infrastructure/dev/outputs.tf

@@ -22,3 +22,7 @@ output "athena_kms_key_arn" {
   description = "KMS key ARN for Athena encryption"
   value       = var.enable_reporting ? module.dev-athena[0].kms_key_arn : null
 }
+
+output "version" {
+  value = data.external.current-info.result.version
+}