chore: suppress HTTP 400 bad request errors (#1568) #268
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Terragrunt apply STAGING" | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- "infrastructure/terragrunt/aws/**" | |
- "infrastructure/terragrunt/env/staging/**" | |
- "infrastructure/terragrunt/env/common/**" | |
- "infrastructure/terragrunt/env/terragrunt.hcl" | |
- ".github/workflows/terragrunt-apply-staging.yml" | |
env: | |
AWS_REGION: ca-central-1 | |
TERRAFORM_VERSION: 1.6.5 | |
TERRAGRUNT_VERSION: 0.35.6 | |
TF_INPUT: false | |
TF_VAR_database_name: ${{ secrets.STAGING_DATABASE_NAME }} | |
TF_VAR_database_username: ${{ secrets.STAGING_DATABASE_USERNAME }} | |
TF_VAR_database_password: ${{ secrets.STAGING_DATABASE_PASSWORD }} | |
TF_VAR_cloudfront_custom_header_name: ${{ secrets.STAGING_CLOUDFRONT_CUSTOM_HEADER_NAME }} | |
TF_VAR_cloudfront_custom_header_value: ${{ secrets.STAGING_CLOUDFRONT_CUSTOM_HEADER_VALUE }} | |
TF_VAR_list_manager_endpoint: ${{ secrets.STAGING_LIST_MANAGER_ENDPOINT }} | |
TF_VAR_default_list_manager_api_key: ${{ secrets.STAGING_DEFAULT_LIST_MANAGER_API_KEY }} | |
TF_VAR_default_notify_api_key: ${{ secrets.STAGING_DEFAULT_NOTIFY_API_KEY }} | |
TF_VAR_encryption_key: ${{ secrets.STAGING_ENCRYPTION_KEY }} | |
TF_VAR_s3_uploads_bucket: ${{ secrets.STAGING_S3_UPLOADS_BUCKET }} | |
TF_VAR_s3_uploads_key: ${{ secrets.STAGING_S3_UPLOADS_KEY }} | |
TF_VAR_s3_uploads_secret: ${{ secrets.STAGING_S3_UPLOADS_SECRET }} | |
TF_VAR_c3_aws_access_key_id: ${{ secrets.STAGING_C3_AWS_ACCESS_KEY_ID }} | |
TF_VAR_c3_aws_secret_access_key: ${{ secrets.STAGING_C3_AWS_SECRET_ACCESS_KEY }} | |
TF_VAR_sentinel_customer_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} | |
TF_VAR_sentinel_shared_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} | |
TF_VAR_slack_webhook_url: ${{ secrets.STAGING_SLACK_WEBHOOK_URL }} | |
TF_VAR_wordpress_auth_key: ${{ secrets.STAGING_WORDPRESS_AUTH_KEY }} | |
TF_VAR_wordpress_secure_auth_key: ${{ secrets.STAGING_WORDPRESS_SECURE_AUTH_KEY }} | |
TF_VAR_wordpress_logged_in_key: ${{ secrets.STAGING_WORDPRESS_LOGGED_IN_KEY }} | |
TF_VAR_wordpress_nonce_key: ${{ secrets.STAGING_WORDPRESS_NONCE_KEY }} | |
TF_VAR_wordpress_auth_salt: ${{ secrets.STAGING_WORDPRESS_AUTH_SALT }} | |
TF_VAR_wordpress_secure_auth_salt: ${{ secrets.STAGING_WORDPRESS_SECURE_AUTH_SALT }} | |
TF_VAR_wordpress_logged_in_salt: ${{ secrets.STAGING_WORDPRESS_LOGGED_IN_SALT }} | |
TF_VAR_wordpress_nonce_salt: ${{ secrets.STAGING_WORDPRESS_NONCE_SALT }} | |
TF_VAR_jwt_auth_secret_key: ${{ secrets.STAGING_JWT_AUTH_SECRET_KEY }} | |
TF_VAR_wpml_site_key: ${{ secrets.STAGING_WPML_SITE_KEY }} | |
TF_VAR_zendesk_api_url: ${{ secrets.ZENDESK_API_URL }} | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
terragrunt-apply-staging: | |
runs-on: ubuntu-latest | |
if: | | |
github.ref == 'refs/heads/main' && | |
github.event_name == 'push' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Setup terraform tools | |
uses: cds-snc/terraform-tools-setup@v1 | |
- uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # v2.10.4 | |
id: filter | |
with: | |
filters: | | |
common: | |
- '.github/workflows/terragrunt-apply-staging.yml' | |
- 'infrastructure/terragrunt/env/common/**' | |
- 'infrastructure/terragrunt/env/terragrunt.hcl' | |
- 'infrastructure/terragrunt/env/staging/env_vars.hcl' | |
alarms: | |
- 'infrastructure/terragrunt/aws/alarms/**' | |
- 'infrastructure/terragrunt/env/staging/alarms/**' | |
database: | |
- 'infrastructure/terragrunt/aws/database/**' | |
- 'infrastructure/terragrunt/env/staging/database/**' | |
ecr: | |
- 'infrastructure/terragrunt/aws/ecr/**' | |
- 'infrastructure/terragrunt/env/staging/ecr/**' | |
ecs: | |
- 'infrastructure/terragrunt/aws/ecs/**' | |
- 'infrastructure/terragrunt/env/staging/ecs/**' | |
hosted-zone: | |
- 'infrastructure/terragrunt/aws/hosted-zone/**' | |
- 'infrastructure/terragrunt/env/staging/hosted-zone/**' | |
load-balancer: | |
- 'infrastructure/terragrunt/aws/load-balancer/**' | |
- 'infrastructure/terragrunt/env/staging/load-balancer/**' | |
network: | |
- 'infrastructure/terragrunt/aws/network/**' | |
- 'infrastructure/terragrunt/env/staging/network/**' | |
storage: | |
- 'infrastructure/terragrunt/aws/storage/**' | |
- 'infrastructure/terragrunt/env/staging/storage/**' | |
- name: Configure AWS credentials using OIDC | |
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 | |
with: | |
role-to-assume: arn:aws:iam::729164266357:role/gc-articles-apply | |
role-session-name: TFApply | |
aws-region: ${{ env.AWS_REGION }} | |
# No dependencies | |
- name: Terragrunt apply network | |
if: ${{ steps.filter.outputs.network == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/network | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
- name: Terragrunt apply hosted-zone | |
if: ${{ steps.filter.outputs.hosted-zone == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/hosted-zone | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
- name: Terragrunt apply ecr | |
if: ${{ steps.filter.outputs.ecr == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/ecr | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
- name: Terragrunt apply storage | |
if: ${{ steps.filter.outputs.storage == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/storage | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
# Network dependency | |
- name: Terragrunt apply database | |
if: ${{ steps.filter.outputs.database == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/database | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
- name: Terragrunt apply load-balancer | |
if: ${{ steps.filter.outputs.load-balancer == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/load-balancer | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
# Load-balancer & database dependency | |
- name: Terragrunt apply ecs | |
if: ${{ steps.filter.outputs.ecs == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/ecs | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
# Depends on everything | |
- name: Terragrunt apply alarms | |
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: infrastructure/terragrunt/env/staging/alarms | |
run: terragrunt apply --terragrunt-non-interactive -auto-approve | |
- name: Report deployment to Sentinel | |
if: always() | |
uses: cds-snc/sentinel-forward-data-action@main | |
with: | |
input_data: '{"product": "articles", "sha": "${{ github.sha }}", "version": "Infrastructure ${{ github.sha }}", "repository": "${{ github.repository }}", "environment": "staging", "status": "${{ job.status }}"}' | |
log_type: CDS_Product_Deployment_Data | |
log_analytics_workspace_id: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }} | |
log_analytics_workspace_key: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }} |