Infrastructure release 1.5.6 (#1946) #641
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Terragrunt deploy PRODUCTION container" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - "infrastructure/environments.yml" | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - "infrastructure/environments.yml" | |
| env: | |
| AWS_REGION: ca-central-1 | |
| CONFTEST_VERSION: 0.27.0 | |
| TERRAFORM_VERSION: 1.9.7 | |
| TERRAGRUNT_VERSION: 0.57.5 | |
| TF_INPUT: false | |
| TF_VAR_database_name: ${{ secrets.PRODUCTION_DATABASE_NAME }} | |
| TF_VAR_database_username: ${{ secrets.PRODUCTION_DATABASE_USERNAME }} | |
| TF_VAR_database_password: ${{ secrets.PRODUCTION_DATABASE_PASSWORD }} | |
| TF_VAR_cloudfront_custom_header_name: ${{ secrets.PRODUCTION_CLOUDFRONT_CUSTOM_HEADER_NAME }} | |
| TF_VAR_cloudfront_custom_header_value: ${{ secrets.PRODUCTION_CLOUDFRONT_CUSTOM_HEADER_VALUE }} | |
| TF_VAR_list_manager_endpoint: ${{ secrets.PRODUCTION_LIST_MANAGER_ENDPOINT }} | |
| TF_VAR_default_list_manager_api_key: ${{ secrets.PRODUCTION_DEFAULT_LIST_MANAGER_API_KEY }} | |
| TF_VAR_default_notify_api_key: ${{ secrets.PRODUCTION_DEFAULT_NOTIFY_API_KEY }} | |
| TF_VAR_encryption_key: ${{ secrets.PRODUCTION_ENCRYPTION_KEY }} | |
| TF_VAR_s3_uploads_bucket: ${{ secrets.PRODUCTION_S3_UPLOADS_BUCKET }} | |
| TF_VAR_s3_uploads_key: ${{ secrets.PRODUCTION_S3_UPLOADS_KEY }} | |
| TF_VAR_s3_uploads_secret: ${{ secrets.PRODUCTION_S3_UPLOADS_SECRET }} | |
| TF_VAR_c3_aws_access_key_id: ${{ secrets.PRODUCTION_C3_AWS_ACCESS_KEY_ID }} | |
| TF_VAR_c3_aws_secret_access_key: ${{ secrets.PRODUCTION_C3_AWS_SECRET_ACCESS_KEY }} | |
| TF_VAR_sentinel_customer_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} | |
| TF_VAR_sentinel_shared_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} | |
| TF_VAR_slack_webhook_url: ${{ secrets.PRODUCTION_SLACK_WEBHOOK_URL }} | |
| TF_VAR_wordpress_auth_key: ${{ secrets.PRODUCTION_WORDPRESS_AUTH_KEY }} | |
| TF_VAR_wordpress_secure_auth_key: ${{ secrets.PRODUCTION_WORDPRESS_SECURE_AUTH_KEY }} | |
| TF_VAR_wordpress_logged_in_key: ${{ secrets.PRODUCTION_WORDPRESS_LOGGED_IN_KEY }} | |
| TF_VAR_wordpress_nonce_key: ${{ secrets.PRODUCTION_WORDPRESS_NONCE_KEY }} | |
| TF_VAR_wordpress_auth_salt: ${{ secrets.PRODUCTION_WORDPRESS_AUTH_SALT }} | |
| TF_VAR_wordpress_secure_auth_salt: ${{ secrets.PRODUCTION_WORDPRESS_SECURE_AUTH_SALT }} | |
| TF_VAR_wordpress_logged_in_salt: ${{ secrets.PRODUCTION_WORDPRESS_LOGGED_IN_SALT }} | |
| TF_VAR_wordpress_nonce_salt: ${{ secrets.PRODUCTION_WORDPRESS_NONCE_SALT }} | |
| TF_VAR_jwt_auth_secret_key: ${{ secrets.PRODUCTION_JWT_AUTH_SECRET_KEY }} | |
| TF_VAR_wpml_site_key: ${{ secrets.PRODUCTION_WPML_SITE_KEY }} | |
| TF_VAR_zendesk_api_url: ${{ secrets.ZENDESK_API_URL }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| jobs: | |
| environments-manifest: | |
| uses: cds-snc/gc-articles/.github/workflows/environments-manifest.yml@main | |
| terragrunt-plan-production: | |
| needs: environments-manifest | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.ref != 'refs/heads/main' && | |
| github.event_name == 'pull_request' && | |
| needs.environments-manifest.outputs.CONTAINER_DEPLOYMENT == 'production' | |
| env: | |
| TARGET_VERSION: ${{ needs.environments-manifest.outputs.PROD_INFRASTRUCTURE }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Setup terraform tools | |
| uses: cds-snc/terraform-tools-setup@v1 | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::472286471787:role/gc-articles-plan | |
| role-session-name: TFPlanECS | |
| aws-region: ${{ env.AWS_REGION }} | |
| # Load-balancer & database dependency | |
| - name: Terragrunt plan ecs | |
| if: ${{ needs.environments-manifest.outputs.CONTAINER_DEPLOYMENT == 'production' }} | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "infrastructure/terragrunt/env/prod/ecs" | |
| comment-delete: "true" | |
| comment-title: "Production: ecs" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| terragrunt-apply-production: | |
| needs: environments-manifest | |
| runs-on: ubuntu-latest | |
| if: | | |
| github.ref == 'refs/heads/main' && | |
| github.event_name == 'push' && | |
| needs.environments-manifest.outputs.CONTAINER_DEPLOYMENT == 'production' | |
| env: | |
| APACHE_VERSION: ${{ needs.environments-manifest.outputs.PROD_APACHE }} | |
| TARGET_VERSION: ${{ needs.environments-manifest.outputs.PROD_INFRASTRUCTURE }} | |
| WORDPRESS_VERSION: ${{ needs.environments-manifest.outputs.PROD_WORDPRESS }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Setup terraform tools | |
| uses: cds-snc/terraform-tools-setup@v1 | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::472286471787:role/gc-articles-apply | |
| role-session-name: TFApplyECS | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Terragrunt apply ecs | |
| working-directory: infrastructure/terragrunt/env/prod/ecs | |
| run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
| - name: Post to slack | |
| if: success() | |
| run: | | |
| json='{"blocks":[{"type":"section","text":{"type":"mrkdwn","text":":lapage: New GC Articles <https://github.com/cds-snc/gc-articles/commit/${{ github.sha }}|release has been deployed>!"}}]}' | |
| curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SLACK_WEBHOOK_WEBSITE_INFINITE }} | |
| - name: Report deployment to Sentinel | |
| if: always() | |
| uses: cds-snc/sentinel-forward-data-action@main | |
| with: | |
| input_data: '{"product": "articles", "sha": "${{ github.sha }}", "version": "Apache ${{ env.APACHE_VERSION }}, Wordpress ${{ env.WORDPRESS_VERSION }}", "repository": "${{ github.repository }}", "environment": "production", "status": "${{ job.status }}"}' | |
| log_type: CDS_Product_Deployment_Data | |
| log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} | |
| log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} |