Skip to content
Deploy using terragrunt

Deploy using terragrunt #232

Sign in to view logs

Deploy using terragrunt

Deploy using terragrunt #232

Workflow file for this run

.github/workflows/terragrunt-deploy.yml at 51fabaa
name: Deploy using terragrunt
permissions:
contents: read
packages: write
on:
workflow_call:
inputs:
DEFAULT_APPLICATION_ENVIRONMENT:
required: true
type: string
IMAGE_TAG:
required: true
type: string
RUN_LIQUIBASE:
required: true
type: string
COMMAND:
required: true
type: string
default: apply
GDB_EXTRACTOR_IMAGE:
required: true
type: string
workflow_dispatch:
inputs:
DEFAULT_APPLICATION_ENVIRONMENT:
required: true
type: choice
options:
- dev
- test
- prod
IMAGE_TAG:
required: true
type: string
default: main
RUN_LIQUIBASE:
type: choice
options:
- false
- true
TARGET_LIQUIBASE_TAG:
required: false
type: string
COMMAND:
required: true
type: string
default: apply
# IS_HOTFIX:
# required: true
# type: string
# default: 'false'
env:
TF_VERSION: 1.8.5
TG_VERSION: 0.48.4
TG_SRC_PATH: terraform
REPOSITORY_HOST: ghcr.io
jobs:
deploy:
name: Deploy
runs-on: ubuntu-22.04
environment: ${{ inputs.DEFAULT_APPLICATION_ENVIRONMENT }}
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- uses: actions/checkout@v3
- id: changeLogCount
name: Determine changelog to execute
run: |
if [ "${{ inputs.RUN_LIQUIBASE }}" == "true" ]; then
echo "NONPROXY_COUNT=1" >> $GITHUB_OUTPUT
echo "PROXY_COUNT=0" >> $GITHUB_OUTPUT
else
echo "NONPROXY_COUNT=0" >> $GITHUB_OUTPUT
echo "PROXY_COUNT=0" >> $GITHUB_OUTPUT
fi
- id: liquibaseCommand
name: Determine liquibase command
run: |
if [ "${{ inputs.TARGET_LIQUIBASE_TAG }}" == "" ]; then
echo "LIQUIBASE_COMMAND=update" >> $GITHUB_OUTPUT
echo "TARGET_LIQUIBASE_TAG=""" >> $GITHUB_OUTPUT
else
echo "LIQUIBASE_COMMAND=update-to-tag" >> $GITHUB_OUTPUT
echo "TARGET_LIQUIBASE_TAG=--tag=${{inputs.TARGET_LIQUIBASE_TAG}}" >> $GITHUB_OUTPUT
fi
# moved to pre-release
- name: Get digest of API docker image
id: getDigestAPI
run: |
export IMAGE='${{vars.REPOSITORY_HOST}}/${{ github.repository }}-wfprev-api:${{ inputs.IMAGE_TAG }}'
docker pull $IMAGE
echo "IMAGE_API_BY_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $IMAGE)" >> $GITHUB_OUTPUT
- name: Configure AWS Credentials for ECR target (Tools namespace)
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::${{ secrets.ECR_TARGET_ACCOUNT_ID }}:role/github-actions-role
role-session-name: wfprev-terraform-s3
aws-region: ca-central-1
- name: Authenticate Docker to AWS ECR
run: |
aws ecr get-login-password --region ca-central-1 | \
docker login --username AWS --password-stdin ${{ secrets.ECR_TARGET_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com
- name: Get digest of GDB extractor docker image
id: getDigestGDB
run: |
IMAGE="${{ secrets.ECR_TARGET_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/nr-bcws-wfprev-wfprev-gdb-extractor:latest"
docker pull $IMAGE
echo "GDB_EXTRACTOR_IMAGE=$(docker inspect --format='{{index .RepoDigests 0}}' $IMAGE)" >> $GITHUB_OUTPUT
- name: Configure AWS credentials for Terraform account (DEV/TEST/PROD)
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_TERRAFORM_ROLE_TO_ASSUME }}
role-session-name: wfprev-terraform-s3
aws-region: ca-central-1
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}
cli_config_credentials_token: ${{ secrets.TFC_TEAM_TOKEN }}
- uses: peter-murray/terragrunt-github-action@v1.0.0
with:
terragrunt_version: ${{ env.TG_VERSION }}
- name: Terragrunt Apply
working-directory: ${{env.TG_SRC_PATH}}
env:
# Necessary for all components
TFC_PROJECT: ${{ secrets.TFC_PROJECT }}
TARGET_ENV: ${{ inputs.DEFAULT_APPLICATION_ENVIRONMENT }}
APP_COUNT: ${{vars.APP_COUNT}}
LOGGING_LEVEL: ${{vars.LOGGING_LEVEL}}
# Necessary for WFPREV API
WFPREV_API_NAME: wfprev-api
WFPREV_API_IMAGE: ${{ steps.getDigestAPI.outputs.IMAGE_API_BY_DIGEST }}
WFPREV_API_CPU_UNITS: ${{vars.WFPREV_API_CPU_UNITS}}
WFPREV_API_MEMORY: ${{vars.WFPREV_API_MEMORY}}
WFPREV_API_PORT: ${{vars.WFPREV_API_PORT}}
TARGET_AWS_ACCOUNT_ID: ${{secrets.TARGET_AWS_ACCOUNT_ID}}
WFPREV_CLIENT_ID: ${{vars.WFPREV_CLIENT_ID}}
WFPREV_CLIENT_SECRET: ${{secrets.WFPREV_CLIENT_SECRET}}
WEBADE_OAUTH2_CHECK_TOKEN_URL: ${{vars.WEBADE_OAUTH2_CHECK_TOKEN_URL}}
WEBADE_OAUTH2_CHECK_AUTHORIZE_URL: ${{vars.WEBADE_OAUTH2_CHECK_AUTHORIZE_URL}}
WFPREV_BASE_URL: ${{vars.WFPREV_BASE_URL}}
WFPREV_GDB_FUNCTION_NAME: ${{vars.WFPREV_GDB_FUNCTION_NAME}}
WFPREV_DATASOURCE_URL: ${{vars.WFPREV_DATASOURCE_URL}}
server_count: ${{vars.WFPREV_SERVER_INSTANCE_COUNT}}
# WFDM API
WFDM_BASE_URL: ${{vars.WFDM_BASE_URL}}
# OPENMAPS
OPENMAPS_URL: ${{vars.OPENMAPS_URL}}
# WFPREV UI
CLIENT_IMAGE: ${{ steps.getDigestUI.outputs.IMAGE_UI_BY_DIGEST }}
WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET: ${{ secrets.WEBADE_OAUTH2_WFPREV_UI_CLIENT_SECRET }}
WFPREV_CLIENT_MEMORY: ${{vars.WFPREV_CLIENT_MEMORY}}
WFPREV_CLIENT_CPU_UNITS : ${{vars.WFPREV_CLIENT_CPU_UNITS}}
WFPREV_CHECK_TOKEN_URL: ${{vars.WFPREV_CHECK_TOKEN_URL}}
# DB
WFPREV_USERNAME: ${{secrets.WFPREV_USERNAME}}
DB_PASS: ${{secrets.DB_PASS}}
DB_INSTANCE_TYPE: ${{vars.DB_INSTANCE_TYPE}}
# GDB Extractor Lambda Image
WFPREV_GDB_EXTRACTOR_DIGEST: ${{ steps.getDigestGDB.outputs.GDB_EXTRACTOR_IMAGE }}
# AWS
AWS_ALERT_EMAIL_LIST: ${{ vars.AWS_ALERT_EMAIL_LIST }}
#liquibase
COMMAND: ${{ steps.liquibaseCommand.outputs.LIQUIBASE_COMMAND }}
PROXY_COUNT: ${{ steps.changeLogCount.outputs.PROXY_COUNT }}
NONPROXY_COUNT: ${{ steps.changeLogCount.outputs.NONPROXY_COUNT }}
LIQUIBASE_IMAGE: ${{vars.REPOSITORY_HOST}}/${{ github.repository_owner }}/${{ vars.LIQUIBASE_IMAGE }}:${{ inputs.IMAGE_TAG }}
APP_WF1_PREV_PASSWORD: ${{ secrets.APP_WF1_PREV_PASSWORD }}
PROXY_WF1_PREV_REST_PASSWORD: ${{ secrets.PROXY_WF1_PREV_REST_PASSWORD }}
TARGET_LIQUIBASE_TAG: ${{ steps.liquibaseCommand.outputs.TARGET_LIQUIBASE_TAG }}
run: terragrunt apply --terragrunt-non-interactive -auto-approve