feat(terraform): add ECR for application images #85
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| orchestrator: | |
| name: Orchestrator | |
| runs-on: ubuntu-latest | |
| outputs: | |
| # App | |
| should-build-app: ${{ steps.changed-api-files.outputs.any_changed == 'true' || steps.changed-selfserve-files.outputs.any_changed == 'true' || steps.changed-internal-files.outputs.any_changed == 'true' || null }} | |
| should-build-api: ${{ steps.changed-api-files.outputs.any_changed == 'true' || null }} | |
| should-build-selfserve: ${{ steps.changed-selfserve-files.outputs.any_changed == 'true' || null }} | |
| should-build-internal: ${{ steps.changed-internal-files.outputs.any_changed == 'true' || null }} | |
| # Docker | |
| should-build-docker: ${{ steps.changed-api-docker-files.outputs.any_changed == 'true' || steps.changed-selfserve-docker-files.outputs.any_changed == 'true' || steps.changed-internal-docker-files.outputs.any_changed == 'true' || null }} | |
| should-build-api-docker: ${{ steps.changed-api-docker-files.outputs.any_changed == 'true' || steps.changed-api-files.outputs.any_changed == 'true' || null }} | |
| should-build-selfserve-docker: ${{ steps.changed-selfserve-docker-files.outputs.any_changed == 'true' || steps.changed-selfserve-files.outputs.any_changed == 'true' || null }} | |
| should-build-internal-docker: ${{ steps.changed-internal-docker-files.outputs.any_changed == 'true' || steps.changed-internal-files.outputs.any_changed == 'true' || null }} | |
| should-build-docs: ${{ steps.changed-website-files.outputs.any_changed == 'true' || null }} | |
| # Terraform accounts | |
| should-plan-terraform-accounts: ${{ steps.changed-accounts-terraform-files.outputs.any_changed == 'true' || null }} | |
| should-plan-nonprod-account-terraform: ${{ contains(steps.changed-accounts-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-accounts-terraform-files.outputs.all_changed_files, 'infra/terraform/accounts/nonprod') || null }} | |
| should-plan-prod-account-terraform: ${{ contains(steps.changed-accounts-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-accounts-terraform-files.outputs.all_changed_files, 'infra/terraform/accounts/prod') || null }} | |
| # Terraform environments | |
| should-plan-terraform-environments: ${{ steps.changed-environments-terraform-files.outputs.any_changed == 'true' || null }} | |
| should-plan-dev-environment-terraform: ${{ contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/environments/dev') || null }} | |
| should-plan-int-environment-terraform: ${{ contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/environments/int') || null }} | |
| should-plan-prep-environment-terraform: ${{ contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/environments/prep') || null }} | |
| should-plan-prod-environment-terraform: ${{ contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/modules') || contains(steps.changed-environments-terraform-files.outputs.all_changed_files, 'infra/terraform/environments/prod') || null }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-api-files | |
| with: | |
| files: | | |
| app/api/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-selfserve-files | |
| with: | |
| files: | | |
| app/selfserve/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-internal-files | |
| with: | |
| files: | | |
| app/internal/** | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-api-docker-files | |
| with: | |
| files: | | |
| infra/docker/api/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-selfserve-docker-files | |
| with: | |
| files: | | |
| infra/docker/selfserve/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-internal-docker-files | |
| with: | |
| files: | | |
| infra/docker/internal/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-accounts-terraform-files | |
| with: | |
| files: | | |
| infra/terraform/accounts/** | |
| infra/terraform/modules/** | |
| files_ignore: | | |
| infra/terraform/modules/service/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-environments-terraform-files | |
| with: | |
| files: | | |
| infra/terraform/environments/{dev,int,prep,prod}/** | |
| infra/terraform/modules/** | |
| files_ignore: | | |
| infra/terraform/modules/account/** | |
| infra/terraform/modules/github/** | |
| infra/terraform/modules/remote-state/** | |
| # since_last_remote_commit: true | |
| - uses: tj-actions/changed-files@v42 | |
| id: changed-website-files | |
| with: | |
| files: | | |
| website/** | |
| docs/** | |
| since_last_remote_commit: true | |
| docs: | |
| name: Documentation | |
| if: ${{ needs.orchestrator.outputs.should-build-docs }} | |
| needs: | |
| - orchestrator | |
| uses: ./.github/workflows/deploy-documentation.yaml | |
| with: | |
| deploy: false | |
| permissions: | |
| contents: write | |
| get-version: | |
| name: Get latest app version | |
| needs: | |
| - orchestrator | |
| runs-on: ubuntu-latest | |
| outputs: | |
| api: ${{ steps.api-version.outputs.version }} | |
| selfserve: ${{ steps.selfserve-version.outputs.version }} | |
| internal: ${{ steps.internal-version.outputs.version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| fetch-depth: 0 | |
| - id: api-version | |
| uses: ./.github/actions/get-app-version | |
| with: | |
| project-path: app/api | |
| - id: selfserve-version | |
| uses: ./.github/actions/get-app-version | |
| with: | |
| project-path: app/selfserve | |
| - id: internal-version | |
| uses: ./.github/actions/get-app-version | |
| with: | |
| project-path: app/internal | |
| - name: Add to summary | |
| run: | | |
| echo "#### App versions:" >> $GITHUB_STEP_SUMMARY | |
| echo "**API**: \`${{ steps.api-version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "**Selfserve**: \`${{ steps.selfserve-version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY | |
| echo "**Internal**: \`${{ steps.internal-version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY | |
| app: | |
| name: App | |
| concurrency: | |
| group: app-${{ matrix.project }}-${{ needs.get-version.outputs[matrix.project] }} | |
| needs: | |
| - orchestrator | |
| - get-version | |
| if: ${{ needs.orchestrator.outputs.should-build-app || needs.orchestrator.outputs.should-build-docker }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project: | |
| - api | |
| - selfserve | |
| - internal | |
| exclude: | |
| - project: ${{ (needs.orchestrator.outputs.should-build-api || needs.orchestrator.outputs.should-build-api-docker) && 'ignored' || 'api' }} | |
| - project: ${{ (needs.orchestrator.outputs.should-build-selfserve || needs.orchestrator.outputs.should-build-selfserve-docker) && 'ignored' || 'selfserve' }} | |
| - project: ${{ (needs.orchestrator.outputs.should-build-internal || needs.orchestrator.outputs.should-build-internal-docker) && 'ignored' || 'internal' }} | |
| uses: ./.github/workflows/php.yaml | |
| with: | |
| project: ${{ matrix.project }} | |
| should-upload-artefact: ${{ !!needs.orchestrator.outputs[format('should-build-{0}-docker', matrix.project)] }} | |
| artefact-name: app-${{ matrix.project}}-${{ needs.get-version.outputs[matrix.project] }} | |
| retention-days: 1 | |
| permissions: | |
| contents: read | |
| docker: | |
| name: Docker | |
| concurrency: | |
| group: docker-${{ matrix.project }}-${{ needs.get-version.outputs[matrix.project] }} | |
| needs: | |
| - orchestrator | |
| - get-version | |
| - app | |
| if: ${{ always() && !cancelled() && !failure() && needs.orchestrator.outputs.should-build-docker }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| project: | |
| - api | |
| - selfserve | |
| - internal | |
| exclude: | |
| - project: ${{ needs.orchestrator.outputs.should-build-api-docker && 'ignored' || 'api' }} | |
| - project: ${{ needs.orchestrator.outputs.should-build-selfserve-docker && 'ignored' || 'selfserve' }} | |
| - project: ${{ needs.orchestrator.outputs.should-build-internal-docker && 'ignored' || 'internal' }} | |
| uses: ./.github/workflows/docker.yaml | |
| with: | |
| project: ${{ matrix.project }} | |
| app-artefact-name: app-${{ matrix.project}}-${{ needs.get-version.outputs[matrix.project] }} | |
| should-upload-artefact-to-ecr: false | |
| permissions: | |
| contents: read | |
| id-token: write | |
| terraform-account: | |
| name: Terraform Account | |
| concurrency: | |
| group: terraform-account-${{ matrix.account }} | |
| if: ${{ needs.orchestrator.outputs.should-plan-terraform-accounts }} | |
| needs: | |
| - orchestrator | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| account: | |
| - nonprod | |
| #- prod | |
| exclude: | |
| - account: ${{ needs.orchestrator.outputs.should-plan-nonprod-account-terraform && 'ignored' || 'nonprod' }} | |
| - account: ${{ needs.orchestrator.outputs.should-plan-prod-account-terraform && 'ignored' || 'prod' }} | |
| uses: ./.github/workflows/deploy-account.yaml | |
| with: | |
| account: ${{ matrix.account }} | |
| apply: false | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| deployments: write | |
| secrets: inherit | |
| terraform-env: | |
| name: Terraform Environment | |
| concurrency: | |
| group: terraform-environment-${{ matrix.environment }} | |
| needs: | |
| - get-version | |
| - orchestrator | |
| if: ${{ needs.orchestrator.outputs.should-plan-terraform-environments }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: | |
| - dev | |
| - int | |
| #- prep | |
| #- prod | |
| exclude: | |
| - environment: ${{ needs.orchestrator.outputs.should-plan-dev-environment-terraform && 'ignored' || 'dev' }} | |
| - environment: ${{ needs.orchestrator.outputs.should-plan-int-environment-terraform && 'ignored' || 'int' }} | |
| - environment: ${{ needs.orchestrator.outputs.should-plan-prep-environment-terraform && 'ignored' || 'prep' }} | |
| - environment: ${{ needs.orchestrator.outputs.should-plan-prod-environment-terraform && 'ignored' || 'prod' }} | |
| uses: ./.github/workflows/deploy-environment.yaml | |
| with: | |
| environment: ${{ matrix.environment }} | |
| api-image-tag: ${{ needs.get-version.outputs.api }} | |
| selfserve-image-tag: ${{ needs.get-version.outputs.selfserve }} | |
| internal-image-tag: ${{ needs.get-version.outputs.internal }} | |
| apply: false | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| deployments: write | |
| secrets: inherit |