chore: synced file(s) with cds-snc/site-reliability-engineering #2679
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Terraform plan | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| paths: | |
| - "terragrunt/**" | |
| - ".github/workflows/**" | |
| env: | |
| AWS_REGION: "ca-central-1" | |
| TERRAFORM_VERSION: 1.7.2 | |
| TERRAGRUNT_VERSION: 0.55.1 | |
| CONFTEST_VERSION: 0.49.0 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| actions: write | |
| checks: write | |
| statuses: write | |
| jobs: | |
| terraform-plan-account: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # | |
| # If more modules are added, they should also | |
| # be added to tf-drift-check.yml | |
| # | |
| - account_folder: org_account | |
| module: main | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| assume_role_name: "assume_plan" | |
| la_customer_id: LA_CUSTOMER_ID | |
| la_shared_key: LA_SHARED_KEY | |
| la_customer_ids: LA_CUSTOMER_IDS | |
| - account_folder: org_account | |
| module: spend_notifier | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| spend_notifier_hook: SPEND_NOTIFIER_HOOK | |
| weekly_spend_notifier_hook: WEEKLY_SPEND_NOTIFIER_HOOK | |
| - account_folder: org_account | |
| module: roles | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| admin_sso_role_arn: ADMIN_SSO_ROLE_ARN | |
| - account_folder: org_account | |
| module: sentinel_oidc | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| - account_folder: org_account | |
| module: cost_usage_report | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| - account_folder: org_account | |
| module: iam_identity_center | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| - account_folder: org_account | |
| module: guardrails_alerting | |
| account: 659087519042 | |
| role: cds-aws-lz-plan | |
| - account_folder: log_archive | |
| module: main | |
| account: 274536870005 | |
| role: cds-aws-lz-plan | |
| - account_folder: log_archive | |
| module: legacy_archives | |
| account: 274536870005 | |
| role: cds-aws-lz-plan | |
| - account_folder: log_archive | |
| module: sre_bot | |
| account: 274536870005 | |
| role: cds-aws-lz-plan | |
| admin_sso_role_arn: ADMIN_SSO_ROLE_ARN | |
| - account_folder: audit | |
| module: main | |
| account: 886481071419 | |
| role: cds-aws-lz-plan | |
| - account_folder: audit | |
| module: sre_bot | |
| account: 886481071419 | |
| role: cds-aws-lz-plan | |
| admin_sso_role_arn: ADMIN_SSO_ROLE_ARN | |
| - account_folder: aft | |
| module: main | |
| account: 137554749751 | |
| role: cds-aws-lz-plan | |
| lz_webhook_key: LZ_CHANNEL_WEBHOOK | |
| - account_folder: aft | |
| module: notifications | |
| account: 137554749751 | |
| role: cds-aws-lz-plan | |
| aft_notifications_hook: AFT_NOTIFICATIONS_HOOK | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
| - name: setup terraform tools | |
| uses: cds-snc/terraform-tools-setup@v1 | |
| - name: Configure aws credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@master | |
| with: | |
| role-to-assume: arn:aws:iam::${{ matrix.account }}:role/${{ matrix.role }} | |
| role-session-name: ${{matrix.module}}-plan | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Terraform Plan for ${{matrix.module }}/${{ matrix.module }} | |
| env: | |
| TF_VAR_aft_slack_webhook: ${{ secrets[matrix.lz_webhook_key] }} | |
| TF_VAR_assume_role_name: ${{ matrix.assume_role_name }} | |
| TF_VAR_lw_customer_id: ${{ secrets[matrix.la_customer_id] }} | |
| TF_VAR_lw_shared_key: ${{ secrets[matrix.la_shared_key] }} | |
| TF_VAR_lw_customer_ids: ${{ secrets[matrix.la_customer_ids] }} | |
| TF_VAR_daily_spend_notifier_hook: ${{ secrets[matrix.spend_notifier_hook] }} | |
| TF_VAR_weekly_spend_notifier_hook: ${{ secrets[matrix.weekly_spend_notifier_hook]}} | |
| TF_VAR_aft_notifications_hook: ${{ secrets[matrix.aft_notifications_hook]}} | |
| TF_VAR_admin_sso_role_arn: ${{ secrets[matrix.admin_sso_role_arn] }} | |
| uses: cds-snc/terraform-plan@v3 | |
| with: | |
| comment-delete: true | |
| comment-title: Plan for ${{matrix.account_folder}}/${{ matrix.module }} | |
| directory: ./terragrunt/${{ matrix.account_folder }}/${{ matrix.module }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| terragrunt: true |