NDR-297 | tikn2 #1111

Workflow file for this run

.github/workflows/deploy-sandbox.yml at 00e3d6c

	name: "Deploy - Sandbox"

	run-name: "${{ github.event.inputs.git_ref }} \| ${{ github.event.inputs.sandbox_name }}"

	on:
	workflow_dispatch:
	inputs:
	git_ref:
	description: "Branch, tag or SHA to deploy"
	required: true
	type: "string"
	sandbox_name:
	description: "Sandbox name [a-z0-9]{1,7}"
	required: true
	type: "string"

	permissions:
	pull-requests: write
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout

	jobs:
	validate_inputs:
	name: Validate Inputs
	runs-on: ubuntu-latest
	environment: development
	steps:
	- name: Validate sandbox name
	run: \|
	if ! [[ "$SANDBOX_NAME" =~ ^[a-z0-9]{1,7}$ ]]; then
	echo "Sandbox name must match [a-z0-9]{1,7} (lowercase letters and digits only, 1-7 chars)."
	exit 1
	fi
	env:
	SANDBOX_NAME: ${{ github.event.inputs.sandbox_name }}


	# APPLY base_iam TF (FROM CHOSEN BRANCH)
	terraform_plan_apply_base_iam:
	name: Terraform Plan/Apply (base_iam)
	runs-on: ubuntu-latest
	needs: validate_inputs
	environment: development
	steps:
	- name: Checkout branch
	uses: actions/checkout@v5
	with:
	ref: ${{ github.event.inputs.git_ref}}

	- name: Apply base_iam
	uses: ./.github/actions/tf-plan-apply
	with:
	# TODO: After initial deployment, can be changed to: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
	# aws_assume_role: ${{ secrets.AWS_ASSUME_ROLE }}
	aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap
	aws_region: ${{ vars.AWS_REGION }}
	backend_conf: "backend.conf"
	working_directory: "./base_iam" # Use separate base_iam directory
	workspace: ${{ github.event.inputs.sandbox_name }}
	tf_vars_file: ${{ vars.TF_VARS_FILE }}
	tf_extra_args: "-var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}"


	terraform_plan_apply_main:
	name: Terraform Plan/Apply (main)
	runs-on: ubuntu-latest
	needs: terraform_plan_apply_base_iam
	environment: development
	steps:
	- name: Checkout main
	uses: actions/checkout@v5
	with:
	ref: main

	- name: Apply Main
	uses: ./.github/actions/tf-plan-apply
	with:
	# aws_assume_role: ${{ secrets.AWS_ASSUME_ROLE }}
	aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
	aws_region: ${{ vars.AWS_REGION }}
	backend_conf: "backend.conf"
	workspace: ${{ github.event.inputs.sandbox_name }}
	tf_vars_file: ${{ vars.TF_VARS_FILE }}


	terraform_plan_apply_branch:
	name: Terraform Plan/Apply (branch)
	if: ${{ github.event.inputs.git_ref != 'main' }}
	runs-on: ubuntu-latest
	needs: terraform_plan_apply_main
	environment: development
	steps:
	- name: Checkout Branch
	uses: actions/checkout@v5
	with:
	ref: ${{ github.event.inputs.git_ref}}

	- name: Apply Branch
	uses: ./.github/actions/tf-plan-apply
	with:
	# use newly created role
	aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
	aws_region: ${{ vars.AWS_REGION }}
	backend_conf: "backend.conf"
	workspace: ${{ github.event.inputs.sandbox_name }}
	tf_vars_file: ${{ vars.TF_VARS_FILE }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NDR-297 | tikn2 #1111

Workflow file

NDR-297 | tikn2 #1111

Uh oh!

Workflow file for this run