[BE] Mark custom terraform module tags as such (#6822)

ZainRizvi · web-flow · commit 193a50826d72 · 2025-06-24T12:34:09.000-05:00
This allows us to easily tell which terraform tags are custom ones
manually created vs which ones were automatically generated by pushes to
`main`

Goal of this PR is to prevent tags that were manually created but not on
`main` from accidentally being deployed to prod

It:
- Appends "-custom" to any tag that wasn't generated by a push to main
- Also triggers the tag creation workflow when someone modifies it, for
testing

Testing: Generated tags via this PR, updated local Terrafile, ran `make
plan` locally and verified terraform module was downloaded successfully
diff --git a/.github/workflows/lambda-release-tag-runners.yml b/.github/workflows/lambda-release-tag-runners.yml
@@ -7,6 +7,9 @@ on:
       - main
     paths:
       - 'terraform-aws-github-runner/**'
+  pull_request: # Generate tag when PR modifies this workflow file
+    paths:
+      - '.github/workflows/lambda-release-tag-runners.yml'
 
 jobs:
   tag:
@@ -15,6 +18,7 @@ jobs:
     container: node:20
     outputs:
       date: ${{ steps.date.outputs.date }}
+      tag_name: ${{ steps.tag.outputs.tag_name }}
     steps:
       - name: Checkout branch
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -24,18 +28,27 @@ jobs:
         run: |
           echo "date=$(date +'%Y%m%d-%H%M%S')" >> "${GITHUB_OUTPUT}"
 
+      - name: Create tag name
+        id: tag
+        run: |
+          if [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref }}" = "refs/heads/main" ]; then
+            echo "tag_name=v${{ steps.date.outputs.date }}" >> "${GITHUB_OUTPUT}"
+          else
+            echo "tag_name=v${{ steps.date.outputs.date }}-custom" >> "${GITHUB_OUTPUT}"
+          fi
+
       - name: Tag snapshot
         uses: tvdias/github-tagger@a570476cc87352c1655c606b29590df6014535e0 # v0.0.1
         env:
           GITHUB_TOKEN: ${{ secrets.TAG_RELEASE }}
         with:
           repo-token: ${{ secrets.TAG_RELEASE }}
-          tag: v${{ steps.date.outputs.date }}
+          tag: ${{ steps.tag.outputs.tag_name }}
 
   call-release:
     permissions:
       contents: write
     needs: tag
     uses: ./.github/workflows/_lambda-do-release-runners.yml
     with:
-      tag: v${{ needs.tag.outputs.date }}
+      tag: ${{ needs.tag.outputs.tag_name }}
