@@ -25,11 +25,67 @@ permissions:
2525 actions : write
2626
2727jobs :
28+ check-versions :
29+ name : Check versions
30+ runs-on : [self-hosted, ci]
31+
32+ steps :
33+ - name : Git clone - ${{ github.ref }}
34+ uses : actions/checkout@v4
35+ with :
36+ ref : ${{ github.ref }}
37+
38+ - name : Setup asdf cache
39+ uses : actions/cache@v4
40+ with :
41+ path : ~/.asdf
42+ key : ${{ runner.os }}-asdf-${{ hashFiles('**/.tool-versions') }}
43+ restore-keys : |
44+ ${{ runner.os }}-asdf-
45+
46+ name : Install asdf
47+ uses :
asdf-vm/actions/[email protected] 48+
49+ - name : Install zip
50+ run : sudo apt-get install zip
51+
52+ - name : Setup Python environment
53+ run : |
54+ poetry install --no-root
55+ source $(poetry env info --path)/bin/activate
56+
57+ name : Configure Management Credentials
58+ uses : aws-actions/configure-aws-credentials@v4
59+ with :
60+ aws-region : eu-west-2
61+ role-to-assume : ${{ secrets.MGMT_ROLE_ARN }}
62+ role-session-name : github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
63+
64+ - name : Terraform Init
65+ run : |
66+ terraform -chdir=terraform/infrastructure init
67+ terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
68+ terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
69+
70+ name : Check deployed version matches build version
71+ run : |
72+ this_version="$(./scripts/get-current-info.sh) | jq -r .version)"
73+ deployed_version="$(terraform -chdir=terraform/infrastructure output --raw version)"
74+
75+ if [ "${deployed_version}" != "${this_version}" ]; then
76+ echo "Deployed version is ${deployed_version}, not ${this_version}"
77+ exit 1
78+ fi
79+
80+ echo "Deployed version matches this version: ${deployed_version}"
81+
2882build-permissions :
2983 name : Build permissions for ${{ inputs.environment }}
3084 runs-on : [self-hosted, ci]
3185 environment : ${{ inputs.environment }}
3286
87+ needs : [check-versions]
88+
3389 steps :
3490 - name : Git clone - ${{ github.ref }}
3591 uses : actions/checkout@v4
@@ -74,10 +130,12 @@ jobs:
74130 path : dist/nrlf_permissions.zip
75131
76132 pull-deployed-lambdas :
77- name : Pull deployed lambdas for ${{ inputs.environment }}
133+ name : Pull deployed lambdas from ${{ inputs.stack_name }}
78134 runs-on : [self-hosted, ci]
79135 environment : ${{ inputs.environment }}
80136
137+ needs : [check-versions]
138+
81139 steps :
82140 - name : Git clone - ${{ github.ref }}
83141 uses : actions/checkout@v4
@@ -111,7 +169,7 @@ jobs:
111169 path : dist/*.zip
112170
113171 terraform-plan :
114- name : Plan changes to ${{ inputs.environment }}
172+ name : Plan changes to ${{ inputs.stack_name }} for ${{ inputs. environment }}
115173 runs-on : [self-hosted, ci]
116174 environment : ${{ inputs.environment }}
117175
@@ -165,7 +223,7 @@ jobs:
165223 aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan.txt
166224
167225terraform-apply :
168- name : Apply permissions to ${{ inputs.environment }}
226+ name : Apply permissions to ${{ inputs.stack_name }} for ${{ inputs. environment }}
169227 runs-on : [self-hosted, ci]
170228 environment : ${{ inputs.environment }}
171229
0 commit comments