[NDR-266] Split jobs on sandbox (#446)

* init

* Set branch and main terraform build to separate jobs

* Update job names

* Add 8 character limit to sandbox name

* Move branch check to job level.

* Fix terraform version

Author: jameslinnell

.github/workflows/deploy-sandbox.yml

@@ -10,7 +10,7 @@ on:
         required: true
         type: "string"
       sandbox_name:
-        description: "Sandbox name [a-z0-9]{1,9}"
+        description: "Sandbox name [a-z0-9]{1,8}"
         required: true
         type: "string"
 
@@ -20,20 +20,26 @@ permissions:
   contents: read # This is required for actions/checkout
 
 jobs:
-  terraform_process:
+  validate_inputs:
     runs-on: ubuntu-latest
     environment: development
 
     steps:
       - name: Validate inputs
         run: |
-          if ! [[ "$SANDBOX_NAME" =~ ^[a-z0-9]{1,9}$ ]]; then
-            echo "Sandbox name must match [a-z0-9]{1,9} (lowercase letters and digits only, 1-9 chars)."
+          if ! [[ "$SANDBOX_NAME" =~ ^[a-z0-9]{1,8}$ ]]; then
+            echo "Sandbox name must match [a-z0-9]{1,8} (lowercase letters and digits only, 1-8 chars)."
             exit 1
           fi
         env:
           SANDBOX_NAME: ${{ github.event.inputs.sandbox_name }}
 
+  terraform_process--main:
+    runs-on: ubuntu-latest
+    needs: validate_inputs
+    environment: development
+
+    steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout main
         uses: actions/checkout@v5
@@ -81,41 +87,59 @@ jobs:
         run: terraform apply -auto-approve -input=false tf-main.plan
         working-directory: ./infrastructure
 
+  terraform_process--branch:
+    if: ${{ github.event.inputs.git_ref != 'main' }}
+    runs-on: ubuntu-latest
+    needs: terraform_process--main
+    environment: development
+
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v5
+        with:
+          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
+          role-skip-session-tagging: true
+          aws-region: ${{ vars.AWS_REGION }}
+          mask-aws-account-id: true
+
+      - name: View AWS Role
+        run: aws sts get-caller-identity
+
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.13.3
+          terraform_wrapper: false
+
       - name: Checkout Branch
-        if: ${{ github.event.inputs.git_ref != 'main' }}
         uses: actions/checkout@v5
         with:
           ref: ${{ github.event.inputs.git_ref}}
 
         # Checks that all Terraform configuration files adhere to a canonical format.
       - name: Terraform Format Branch
-        if: ${{ github.event.inputs.git_ref != 'main' }}
         run: terraform fmt -check
         working-directory: ./infrastructure
 
       - name: Terraform Init Branch
-        if: ${{ github.event.inputs.git_ref != 'main' }}
         id: init
         run: terraform init -backend-config=backend.conf
         working-directory: ./infrastructure
         shell: bash
 
       - name: Terraform Set Workspace
-        if: ${{ github.event.inputs.git_ref != 'main' }}
         id: workspace
         run: terraform workspace select ${{ github.event.inputs.sandbox_name}}
         working-directory: ./infrastructure
         shell: bash
 
       - name: Terraform Plan Branch
-        if: ${{ github.event.inputs.git_ref != 'main' }}
         id: plan
         run: |
           terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
         working-directory: ./infrastructure
         shell: bash
 
       - name: Terraform Apply Branch (over main)
-        if: ${{ github.event.inputs.git_ref != 'main' }}
         run: terraform apply -auto-approve -input=false tf.plan
         working-directory: ./infrastructure