Skip to content

Commit 93eca14

Browse files
axelkrastek1-nhsaxelkrastek1-nhs
committed
NRL-1594 Fix other variable expensions in run workflows
1 parent e9d2517 commit 93eca14

File tree

6 files changed

+102
-43
lines changed

6 files changed

+102
-43
lines changed

.github/workflows/activate-stack.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,9 +45,14 @@ jobs:
4545
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
4646

4747
- name: Get current environment config
48+
env:
49+
ENVIRONMENT: ${{ inputs.environment }}
4850
run: |
49-
poetry run python ./scripts/get_env_config.py all ${{ inputs.environment }}
51+
poetry run python ./scripts/get_env_config.py all $ENVIRONMENT
5052
5153
- name: Activate Stack
54+
env:
55+
STACK_NAME: ${{ inputs.stack_name }}
56+
ENVIRONMENT: ${{ inputs.environment }}
5257
run: |
53-
poetry run python ./scripts/activate_stack.py ${{ inputs.stack_name }} ${{ inputs.environment }}
58+
poetry run python ./scripts/activate_stack.py $STACK_NAME $ENVIRONMENT

.github/workflows/persistent-environment.yml

Lines changed: 43 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -52,9 +52,11 @@ jobs:
5252
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
5353

5454
- name: Add S3 Permissions to Lambda
55+
env:
56+
ENVIRONMENT: ${{ inputs.environment }}
5557
run: |
56-
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
57-
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
58+
account=$(echo "$ENVIRONMENT" | cut -d '-' -f1)
59+
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
5860
make get-s3-perms ENV=${account} TF_WORKSPACE_NAME=${inactive_stack}
5961
6062
- name: Save Build Artifacts
@@ -96,8 +98,10 @@ jobs:
9698
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
9799

98100
- name: Retrieve Server Certificates
101+
env:
102+
ENVIRONMENT: ${{ inputs.environment }}
99103
run: |
100-
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
104+
account=$(echo "$ENVIRONMENT" | cut -d '-' -f1)
101105
make truststore-pull-server ENV=${account}
102106
103107
- name: Download build artifacts
@@ -114,28 +118,33 @@ jobs:
114118
fail-on-cache-miss: true
115119

116120
- name: Terraform Init
121+
env:
122+
ENVIRONMENT: ${{ inputs.environment }}
117123
run: |
118-
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
124+
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
119125
terraform -chdir=terraform/infrastructure init
120126
terraform -chdir=terraform/infrastructure workspace new ${inactive_stack} || \
121127
terraform -chdir=terraform/infrastructure workspace select ${inactive_stack}
122128
123129
- name: Terraform Plan
124130
env:
125131
DEPLOY_ROLE_ARN: ${{ secrets.DEPLOY_ROLE_ARN }}
132+
ENVIRONMENT: ${{ inputs.environment }}
126133
run: |
127-
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
134+
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
128135
terraform -chdir=terraform/infrastructure plan \
129136
--var-file=etc/${{ vars.ACCOUNT_NAME }}.tfvars \
130137
--var assume_role_arn=${DEPLOY_ROLE_ARN} \
131138
--var use_shared_resources=$(poetry run python scripts/are_resources_shared_for_stack.py ${inactive_stack}) \
132139
-out tfplan
133140
134141
- name: Save Terraform Plan
142+
env:
143+
ENVIRONMENT: ${{ inputs.environment }}
135144
run: |
136145
terraform -chdir=terraform/infrastructure show -no-color tfplan > terraform/infrastructure/tfplan.txt
137-
aws s3 cp terraform/infrastructure/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan
138-
aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan.txt
146+
aws s3 cp terraform/infrastructure/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/$ENVIRONMENT/${{ github.run_id }}/tfplan
147+
aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/$ENVIRONMENT/${{ github.run_id }}/tfplan.txt
139148
140149
terraform-apply:
141150
name: Terraform Apply - ${{ inputs.environment }}
@@ -175,16 +184,22 @@ jobs:
175184
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
176185

177186
- name: Download Terraform Plan artifact
178-
run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan terraform/infrastructure/tfplan
187+
env:
188+
ENVIRONMENT: ${{ inputs.environment }}
189+
run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/$ENVIRONMENT/${{ github.run_id }}/tfplan terraform/infrastructure/tfplan
179190

180191
- name: Retrieve Server Certificates
192+
env:
193+
ENVIRONMENT: ${{ inputs.environment }}
181194
run: |
182-
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
195+
account=$(echo "$ENVIRONMENT" | cut -d '-' -f1)
183196
make truststore-pull-server ENV=${account}
184197
185198
- name: Terraform Init
199+
env:
200+
ENVIRONMENT: ${{ inputs.environment }}
186201
run: |
187-
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
202+
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
188203
terraform -chdir=terraform/infrastructure init
189204
terraform -chdir=terraform/infrastructure workspace new ${inactive_stack} || \
190205
terraform -chdir=terraform/infrastructure workspace select ${inactive_stack}
@@ -193,15 +208,19 @@ jobs:
193208
run: terraform -chdir=terraform/infrastructure apply tfplan
194209

195210
- name: Update environment config version
211+
env:
212+
ENVIRONMENT: ${{ inputs.environment }}
196213
run: |
197214
deployed_version=$(terraform -chdir=terraform/infrastructure output --raw version)
198-
poetry run python ./scripts/set_env_config.py inactive-version ${deployed_version} ${{ inputs.environment }}
215+
poetry run python ./scripts/set_env_config.py inactive-version ${deployed_version} $ENVIRONMENT
199216
200217
- name: Smoke Test
218+
env:
219+
ENVIRONMENT: ${{ inputs.environment }}
201220
run: |
202-
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
221+
account=$(echo "$ENVIRONMENT" | cut -d '-' -f1)
203222
make ENV=${account} truststore-pull-client
204-
make ENV=${{ inputs.environment }} test-smoke-internal
223+
make ENV=$ENVIRONMENT test-smoke-internal
205224
206225
activate-stack:
207226
name: Activate - ${{ inputs.environment }}
@@ -228,9 +247,11 @@ jobs:
228247
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
229248

230249
- name: Activate Stack
250+
env:
251+
ENVIRONMENT: ${{ inputs.environment }}
231252
run: |
232-
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
233-
poetry run python ./scripts/activate_stack.py ${inactive_stack} ${{ inputs.environment }}
253+
inactive_stack=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
254+
poetry run python ./scripts/activate_stack.py ${inactive_stack} $ENVIRONMENT
234255
235256
post-release-verify:
236257
name: Verify - ${{ inputs.environment }}
@@ -257,8 +278,10 @@ jobs:
257278
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
258279

259280
- name: "Smoke Test"
281+
env:
282+
ENVIRONMENT: ${{ inputs.environment }}
260283
run: |
261-
make ENV=${{ inputs.environment }} test-smoke-public
284+
make ENV=$ENVIRONMENT test-smoke-public
262285
263286
rollback-stack:
264287
name: Rollback - ${{ inputs.environment }}
@@ -286,6 +309,8 @@ jobs:
286309
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
287310

288311
- name: Deactivate Stack
312+
env:
313+
ENVIRONMENT: ${{ inputs.environment }}
289314
run: |
290-
inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
291-
poetry run python ./scripts/activate_stack.py ${inactive_stack_name} ${{ inputs.environment }}
315+
inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
316+
poetry run python ./scripts/activate_stack.py ${inactive_stack_name} $ENVIRONMENT

.github/workflows/pr-env-deploy.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,16 +23,18 @@ jobs:
2323
environment: pull-request
2424
steps:
2525
- name: Set a ID based on the branch name
26+
env:
27+
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
2628
id: set_environment_id
2729
run: |
2830
JIRA_TICKET=$(
29-
echo '${{ github.event.pull_request.head.ref }}' | \
31+
echo "$PR_HEAD_REF" | \
3032
grep -Po --color=none '[A-z]{3,4}-[0-9]{3,5}' | \
3133
sed 's/-//g' | \
3234
tr '[:upper:]' '[:lower:]' || \
3335
true
3436
)
35-
BRANCH_HASH=$(echo '${{ github.event.pull_request.head.ref }}${{ github.event.pull_request.id }}' | sha256sum | head -c 6)
37+
BRANCH_HASH=$(echo "$PR_HEAD_REF${{ github.event.pull_request.id }}" | sha256sum | head -c 6)
3638
3739
if [ -z "$JIRA_TICKET" ]; then
3840
echo "environment_id=${BRANCH_HASH}" > $GITHUB_OUTPUT

.github/workflows/pr-env-destroy.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,16 +23,18 @@ jobs:
2323
runs-on: codebuild-nhsd-nrlf-ci-build-project-${{ github.run_id }}-${{ github.run_attempt }}
2424
steps:
2525
- name: Set a ID based on the branch name
26+
env:
27+
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
2628
id: set_environment_id
2729
run: |
2830
JIRA_TICKET=$(
29-
echo '${{ github.event.pull_request.head.ref }}' | \
31+
echo "$PR_HEAD_REF" | \
3032
grep -Po --color=none '[A-z]{3,4}-[0-9]{3,5}' | \
3133
sed 's/-//g' | \
3234
tr '[:upper:]' '[:lower:]' || \
3335
true
3436
)
35-
BRANCH_HASH=$(echo '${{ github.event.pull_request.head.ref }}${{ github.event.pull_request.id }}' | sha256sum | head -c 6)
37+
BRANCH_HASH=$(echo "$PR_HEAD_REF${{ github.event.pull_request.id }}" | sha256sum | head -c 6)
3638
3739
if [ -z "$JIRA_TICKET" ]; then
3840
echo "environment_id=${BRANCH_HASH}" > $GITHUB_OUTPUT

.github/workflows/rollback-stack.yml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -40,14 +40,20 @@ jobs:
4040
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id}}
4141

4242
- name: Get current environment config
43+
env:
44+
ENVIRONMENT: ${{ inputs.environment }}
4345
run: |
44-
poetry run python ./scripts/get_env_config.py all ${{ inputs.environment }}
46+
poetry run python ./scripts/get_env_config.py all $ENVIRONMENT
4547
4648
- name: Rollback
49+
env:
50+
ENVIRONMENT: ${{ inputs.environment }}
4751
run: |
48-
inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
49-
poetry run python ./scripts/activate_stack.py ${inactive_stack_name} ${{ inputs.environment }}
52+
inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack $ENVIRONMENT)
53+
poetry run python ./scripts/activate_stack.py ${inactive_stack_name} $ENVIRONMENT
5054
5155
- name: "Smoke Test"
56+
env:
57+
ENVIRONMENT: ${{ inputs.environment }}
5258
run: |
53-
make ENV=${{ inputs.environment }} test-smoke-public
59+
make ENV=$ENVIRONMENT test-smoke-public

.github/workflows/update-lambda-permissions.yml

Lines changed: 34 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -50,12 +50,16 @@ jobs:
5050
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
5151

5252
- name: Terraform Init
53+
env:
54+
STACK_NAME: ${{ inputs.stack_name }}
5355
run: |
5456
terraform -chdir=terraform/infrastructure init
55-
terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
56-
terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
57+
terraform -chdir=terraform/infrastructure workspace new $STACK_NAME || \
58+
terraform -chdir=terraform/infrastructure workspace select $STACK_NAME
5759
5860
- name: Check deployed version matches build version
61+
env:
62+
STRICT_VERSIONING: ${{ inputs.strict_versioning }}
5963
run: |
6064
this_version="$(./scripts/get-current-info.sh | jq -r .version)"
6165
deployed_version="$(terraform -chdir=terraform/infrastructure output --raw version)"
@@ -66,7 +70,7 @@ jobs:
6670
then
6771
echo "${this_version} does not match deployed version: ${deployed_version}" 1>&2
6872
69-
if [ "${{ inputs.strict_versioning }}" == "true" ]; then
73+
if [ "$STRICT_VERSIONING" == "true" ]; then
7074
echo "Strict version checking failed, cancelling workflow" 1>&2
7175
exit 1
7276
fi
@@ -98,9 +102,12 @@ jobs:
98102
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
99103

100104
- name: Create lambda permissions layer
105+
env:
106+
ENVIRONMENT: ${{ inputs.environment }}
107+
STACK_NAME: ${{ inputs.stack_name }}
101108
run: |
102-
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
103-
make get-s3-perms ENV=${account} TF_WORKSPACE_NAME=${{ inputs.stack_name }}
109+
account=$(echo "$ENVIRONMENT" | cut -d '-' -f1)
110+
make get-s3-perms ENV=${account} TF_WORKSPACE_NAME=$STACK_NAME
104111
105112
- name: Save NRLF permissions in cache
106113
uses: actions/cache/save@v4
@@ -137,9 +144,12 @@ jobs:
137144
role-session-name: github-actions-ci-acc-${{ inputs.environment }}-${{ github.run_id }}
138145

139146
- name: Pull deployed lambda artifacts
147+
env:
148+
ENVIRONMENT: ${{ inputs.environment }}
149+
STACK_NAME: ${{ inputs.stack_name }}
140150
run: |
141-
account=$(echo '${{ inputs.environment }}' | cut -d '-' -f1)
142-
./scripts/pull-lambda-code-for-stack.sh ${{ inputs.stack_name }}
151+
account=$(echo "$ENVIRONMENT" | cut -d '-' -f1)
152+
./scripts/pull-lambda-code-for-stack.sh $STACK_NAME
143153
144154
- name: Save lambda artifacts in cache
145155
uses: actions/cache/save@v4
@@ -187,26 +197,31 @@ jobs:
187197
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
188198

189199
- name: Terraform Init
200+
env:
201+
STACK_NAME: ${{ inputs.stack_name }}
190202
run: |
191203
terraform -chdir=terraform/infrastructure init
192-
terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
193-
terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
204+
terraform -chdir=terraform/infrastructure workspace new $STACK_NAME || \
205+
terraform -chdir=terraform/infrastructure workspace select $STACK_NAME
194206
195207
- name: Terraform Plan
196208
env:
197209
DEPLOY_ROLE_ARN: ${{ secrets.DEPLOY_ROLE_ARN }}
210+
STACK_NAME: ${{ inputs.stack_name }}
198211
run: |
199212
terraform -chdir=terraform/infrastructure plan \
200213
--var-file=etc/${{ vars.ACCOUNT_NAME }}.tfvars \
201214
--var assume_role_arn=${DEPLOY_ROLE_ARN} \
202-
--var use_shared_resources=$(poetry run python scripts/are_resources_shared_for_stack.py ${{ inputs.stack_name }}) \
215+
--var use_shared_resources=$(poetry run python scripts/are_resources_shared_for_stack.py $STACK_NAME) \
203216
--out tfplan
204217
205218
- name: Save Terraform Plan
219+
env:
220+
ENVIRONMENT: ${{ inputs.environment }}
206221
run: |
207222
terraform -chdir=terraform/infrastructure show -no-color tfplan > terraform/infrastructure/tfplan.txt
208-
aws s3 cp terraform/infrastructure/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan
209-
aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan.txt
223+
aws s3 cp terraform/infrastructure/tfplan s3://nhsd-nrlf--mgmt--github-ci-logging/$ENVIRONMENT/${{ github.run_id }}/tfplan
224+
aws s3 cp terraform/infrastructure/tfplan.txt s3://nhsd-nrlf--mgmt--github-ci-logging/$ENVIRONMENT/${{ github.run_id }}/tfplan.txt
210225
211226
terraform-apply:
212227
name: Apply permissions
@@ -248,13 +263,17 @@ jobs:
248263
role-session-name: github-actions-ci-${{ inputs.environment }}-${{ github.run_id }}
249264

250265
- name: Download Terraform Plan artifact
251-
run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/${{ inputs.environment }}/${{ github.run_id }}/tfplan terraform/infrastructure/tfplan
266+
env:
267+
ENVIRONMENT: ${{ inputs.environment }}
268+
run: aws s3 cp s3://nhsd-nrlf--mgmt--github-ci-logging/$ENVIRONMENT/${{ github.run_id }}/tfplan terraform/infrastructure/tfplan
252269

253270
- name: Terraform Init
271+
env:
272+
STACK_NAME: ${{ inputs.stack_name }}
254273
run: |
255274
terraform -chdir=terraform/infrastructure init
256-
terraform -chdir=terraform/infrastructure workspace new ${{ inputs.stack_name }} || \
257-
terraform -chdir=terraform/infrastructure workspace select ${{ inputs.stack_name }}
275+
terraform -chdir=terraform/infrastructure workspace new $STACK_NAME || \
276+
terraform -chdir=terraform/infrastructure workspace select $STACK_NAME
258277
259278
- name: Terraform Apply
260279
run: |

0 commit comments

Comments
 (0)