chore(deps): update terraform github.com/cds-snc/terraform-modules to v9.6.8 #7689

Workflow file for this run

.github/workflows/terragrunt_plan_staging.yml at efb0b94

	name: "Terragrunt plan STAGING"

	env:
	ENVIRONMENT: staging
	ACCOUNT_ID: ${{ secrets.STAGING_AWS_ACCOUNT_ID }}
	AWS_REGION: ca-central-1
	OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN_STAGING }}
	WORKFLOW: true

	on:
	workflow_dispatch:
	pull_request:
	paths:
	- ".env"
	- "aws/**"
	- "env/$ENVIRONMENT/**"
	- "env/terragrunt.hcl"
	- "env/*.tfvars"
	- ".github/workflows/terragrunt_plan_$ENVIRONMENT.yml"

	permissions:
	id-token: write # This is required for requesting the OIDC JWT
	contents: write # This is required for actions/checkout
	pull-requests: write

	jobs:
	terragrunt-filter:
	runs-on: ubuntu-latest

	outputs:
	aws-auth: ${{ steps.filter.outputs.aws-auth }}
	cloudfront: ${{ steps.filter.outputs.cloudfront }}
	common: ${{ steps.filter.outputs.common }}
	config: ${{ steps.filter.outputs.config }}
	database-tools: ${{ steps.filter.outputs.database-tools }}
	dns: ${{ steps.filter.outputs.dns }}
	ecr: ${{ steps.filter.outputs.ecr }}
	ecr-us-east: ${{ steps.filter.outputs.ecr-us-east }}
	elasticache: ${{ steps.filter.outputs.elasticache }}
	eks: ${{ steps.filter.outputs.eks }}
	github: ${{ steps.filter.outputs.github }}
	heartbeat: ${{ steps.filter.outputs.heartbeat }}
	lambda-admin-pr: ${{ steps.filter.outputs.lambda-admin-pr }}
	lambda-api: ${{ steps.filter.outputs.lambda-api }}
	lambda-google-cidr: ${{ steps.filter.outputs.lambda-google-cidr }}
	manifest_secrets: ${{ steps.filter.outputs.manifest_secrets }}
	newrelic: ${{ steps.filter.outputs.newrelic }}
	performance-test: ${{ steps.filter.outputs.performance-test }}
	pinpoint_to_sqs_sms_callbacks: ${{ steps.filter.outputs.pinpoint_to_sqs_sms_callbacks }}
	quicksight: ${{ steps.filter.outputs.quicksight }}
	rds: ${{ steps.filter.outputs.rds }}
	ses_receiving_emails: ${{ steps.filter.outputs.ses_receiving_emails }}
	ses_to_sqs_email_callbacks: ${{ steps.filter.outputs.ses_to_sqs_email_callbacks }}
	ses_validation_dns_entries: ${{ steps.filter.outputs.ses_validation_dns_entries }}
	sns_to_sqs_sms_callbacks: ${{ steps.filter.outputs.sns_to_sqs_sms_callbacks }}
	system_status: ${{ steps.filter.outputs.system_status }}
	system_status_static_site: ${{ steps.filter.outputs.system_status_static_site }}

	steps:
	- uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
	id: filter
	with:
	filters: \|
	config:
	- 'env/*.tfvars'
	common:
	- '.github/workflows/terragrunt-plan-${{env.ENVIRONMENT}}.yml'
	- 'aws/common/**'
	- 'env/${{env.ENVIRONMENT}}/common/**'
	- 'env/terragrunt.hcl'
	dns:
	- 'aws/dns/**'
	- 'env/${{env.ENVIRONMENT}}/dns/**'
	- 'env/terragrunt.hcl'
	ses_validation_dns_entries:
	- 'aws/ses_validation_dns_entries/**'
	- 'env/${{env.ENVIRONMENT}}/ses_validation_dns_entries/**'
	- 'env/terragrunt.hcl'
	ecr:
	- 'aws/ecr/**'
	- 'env/${{env.ENVIRONMENT}}/ecr/**'
	- 'env/terragrunt.hcl'
	ecr-us-east:
	- 'aws/ecr-us-east/**'
	- 'env/${{env.ENVIRONMENT}}/ecr-us-east/**'
	- 'env/terragrunt.hcl'
	eks:
	- 'aws/eks/**'
	- 'env/${{env.ENVIRONMENT}}/eks/**'
	- 'env/terragrunt.hcl'
	aws-auth:
	- 'aws/aws-auth/**'
	- 'env/${{env.ENVIRONMENT}}/aws-auth/**'
	- 'env/terragrunt.hcl'
	elasticache:
	- 'aws/elasticache/**'
	- 'env/${{env.ENVIRONMENT}}/elasticache/**'
	- 'env/terragrunt.hcl'
	rds:
	- 'aws/rds/**'
	- 'env/${{env.ENVIRONMENT}}/rds/**'
	- 'env/terragrunt.hcl'
	cloudfront:
	- 'aws/cloudfront/**'
	- 'env/${{env.ENVIRONMENT}}/cloudfront/**'
	- 'env/terragrunt.hcl'
	lambda-api:
	- 'aws/lambda-api/**'
	- 'env/${{env.ENVIRONMENT}}/lambda-api/**'
	- 'env/terragrunt.hcl'
	lambda-admin-pr:
	- 'aws/lambda-admin-pr/**'
	- 'env/${{env.ENVIRONMENT}}/lambda-admin-pr/**'
	- 'env/terragrunt.hcl'
	performance-test:
	- 'aws/performance-test/**'
	- 'env/${{env.ENVIRONMENT}}/performance-test/**'
	- 'env/terragrunt.hcl'
	heartbeat:
	- 'aws/heartbeat/**'
	- 'env/${{env.ENVIRONMENT}}/heartbeat/**'
	- 'env/terragrunt.hcl'
	database-tools:
	- 'aws/database-tools/**'
	- 'env/${{env.ENVIRONMENT}}/database-tools/**'
	- 'env/terragrunt.hcl'
	system_status:
	- 'aws/system_status/**'
	- 'env/${{env.ENVIRONMENT}}/system_status/**'
	- 'env/terragrunt.hcl'
	system_status_static_site:
	- 'aws/system_status_static_site/**'
	- 'env/${{env.ENVIRONMENT}}/system_status_static_site/**'
	- 'env/terragrunt.hcl'
	quicksight:
	- 'aws/quicksight/**'
	- 'env/${{env.ENVIRONMENT}}/quicksight/**'
	- 'env/terragrunt.hcl'
	lambda-google-cidr:
	- 'aws/lambda-google-cidr/**'
	- 'env/${{env.ENVIRONMENT}}/lambda-google-cidr/**'
	- 'env/terragrunt.hcl'
	ses_receiving_emails:
	- 'aws/ses_receiving_emails/**'
	- 'env/${{env.ENVIRONMENT}}/ses_receiving_emails/**'
	- 'env/terragrunt.hcl'
	ses_to_sqs_email_callbacks:
	- 'aws/ses_to_sqs_email_callbacks/**'
	- 'env/${{env.ENVIRONMENT}}/ses_to_sqs_email_callbacks/**'
	- 'env/terragrunt.hcl'
	sns_to_sqs_sms_callbacks:
	- 'aws/sns_to_sqs_sms_callbacks/**'
	- 'env/${{env.ENVIRONMENT}}/sns_to_sqs_sms_callbacks/**'
	- 'env/terragrunt.hcl'
	pinpoint_to_sqs_sms_callbacks:
	- 'aws/pinpoint_to_sqs_sms_callbacks/**'
	- 'env/${{env.ENVIRONMENT}}/pinpoint_to_sqs_sms_callbacks/**'
	- 'env/terragrunt.hcl'
	newrelic:
	- 'aws/newrelic/**'
	- 'env/${{env.ENVIRONMENT}}/newrelic/**'
	- 'env/terragrunt.hcl'
	manifest_secrets:
	- 'aws/manifest_secrets/**'
	- 'env/${{env.ENVIRONMENT}}/manifest_secrets/**'
	- 'env/terragrunt.hcl'
	github:
	- 'aws/github/**'
	- 'env/${{env.ENVIRONMENT}}/github/**'
	- 'env/terragrunt.hcl'

	terragrunt-plan-step-1:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.common == 'true' \|\|
	needs.terragrunt-filter.outputs.ecr == 'true' \|\|
	needs.terragrunt-filter.outputs.ecr-us-east == 'true' \|\|
	needs.terragrunt-filter.outputs.newrelic == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'

	needs: terragrunt-filter
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [common, ecr, ecr-us-east, newrelic]
	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}
	```

	terragrunt-plan-step-2:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.cloudfront == 'true' \|\|
	needs.terragrunt-filter.outputs.heartbeat == 'true' \|\|
	needs.terragrunt-filter.outputs.pinpoint_to_sqs_sms_callbacks == 'true' \|\|
	needs.terragrunt-filter.outputs.ses_receiving_emails == 'true' \|\|
	needs.terragrunt-filter.outputs.ses_to_sqs_email_callbacks == 'true' \|\|
	needs.terragrunt-filter.outputs.sns_to_sqs_sms_callbacks == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'

	needs:
	- terragrunt-filter
	- terragrunt-plan-step-1
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [cloudfront, heartbeat, pinpoint_to_sqs_sms_callbacks, ses_receiving_emails, ses_to_sqs_email_callbacks, sns_to_sqs_sms_callbacks]
	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}
	```


	terragrunt-plan-step-3:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.dns == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'
	needs:
	- terragrunt-filter
	- terragrunt-plan-step-2
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [dns]
	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}

	terragrunt-plan-step-4:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.eks == 'true' \|\|
	needs.terragrunt-filter.outputs.ses_validation_dns_entries == 'true' \|\|
	needs.terragrunt-filter.outputs.system_status_static_site == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true' \|\|
	needs.terragrunt-filter.outputs.quicksight == 'true'

	needs:
	- terragrunt-filter
	- terragrunt-plan-step-3
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [eks, ses_validation_dns_entries, system_status_static_site, quicksight]
	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}

	terragrunt-aws-auth:
	name: "aws-auth"
	if: \|
	needs.terragrunt-filter.outputs.aws-auth == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'
	needs:
	- terragrunt-filter
	- terragrunt-plan-step-4
	runs-on: ubuntu-latest
	env:
	COMPONENT: aws-auth
	steps:

	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Install sponge
	run: \|
	sudo apt update
	sudo apt-get install -y moreutils

	- name: Install OpenVPN
	run: \|
	sudo apt update
	sudo apt install -y openvpn openvpn-systemd-resolved

	- name: Retrieve VPN Config
	run: \|
	sudo mkdir -p aws
	cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars
	cd ../env/${{env.ENVIRONMENT}}/eks
	terragrunt init --upgrade
	ENDPOINT_ID=$(terragrunt output --raw gha_vpn_id)
	CERT=$(terragrunt output --raw gha_vpn_certificate)
	KEY=$(terragrunt output --raw gha_vpn_key)
	aws ec2 export-client-vpn-client-configuration --client-vpn-endpoint-id $ENDPOINT_ID --output text > /var/tmp/${{env.ENVIRONMENT}}.ovpn
	echo "<cert>
	$CERT
	</cert>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn
	echo "<key>
	$KEY
	</key>" >> /var/tmp/${{env.ENVIRONMENT}}.ovpn

	- name: Setup helmfile
	uses: ./.github/actions/setup-helmfile-wrapper

	- name: Connect to VPN
	uses: "kota65535/github-openvpn-connect-action@cd2ed8a90cc7b060dc4e001143e811b5f7ea0af5" # v3.1.0
	with:
	config_file: /var/tmp/${{env.ENVIRONMENT}}.ovpn
	echo_config: false

	- name: Configure kubeconfig
	run: \|
	aws eks update-kubeconfig --name notification-canada-ca-${{env.ENVIRONMENT}}-eks-cluster
	kubectl config rename-context arn:aws:eks:ca-central-1:${{env.ACCOUNT_ID}}:cluster/notification-canada-ca-${{env.ENVIRONMENT}}-eks-cluster ${{env.ENVIRONMENT}}

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ env.COMPONENT }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	with:
	message-id: aws_auth_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ env.COMPONENT }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}

	terragrunt-plan-step-5:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.elasticache == 'true' \|\|
	needs.terragrunt-filter.outputs.lambda-google-cidr == 'true' \|\|
	needs.terragrunt-filter.outputs.rds == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'

	needs:
	- terragrunt-filter
	- terragrunt-plan-step-4
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [elasticache, lambda-google-cidr, rds]
	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}

	terragrunt-plan-step-6:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.database-tools == 'true' \|\|
	needs.terragrunt-filter.outputs.lambda-admin-pr == 'true' \|\|
	needs.terragrunt-filter.outputs.lambda-api == 'true' \|\|
	needs.terragrunt-filter.outputs.manifest_secrets == 'true' \|\|
	needs.terragrunt-filter.outputs.system_status == 'true' \|\|
	needs.terragrunt-filter.outputs.performance-test == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'

	needs:
	- terragrunt-filter
	- terragrunt-plan-step-5
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [database-tools, lambda-admin-pr, lambda-api, manifest_secrets, system_status, performance-test]

	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}


	terragrunt-plan-step-7:
	name: "${{ matrix.component }}"
	if: \|
	always() &&
	needs.terragrunt-filter.outputs.github == 'true' \|\|
	needs.terragrunt-filter.outputs.config == 'true'

	needs:
	- terragrunt-filter
	- terragrunt-plan-step-6
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	component: [github]
	env:
	COMPONENT: ${{ matrix.component }}
	steps:
	- name: Checkout
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0

	- name: Setup Terraform
	uses: ./.github/actions/setup-terraform
	with:
	role_to_assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-terraform-plan
	role_session_name: NotifyTerraformPlan

	- name: Download TFVars
	run: \|
	sudo mkdir -p aws && cd aws
	op read op://4eyyuwddp6w4vxlabrr2i2duxm/"TERRAFORM_SECRETS_${{env.ENVIRONMENT}}"/notesPlain > ${{env.ENVIRONMENT}}.tfvars

	- name: Terragrunt Plan
	id: tf-plan
	run: \|
	cd env/${{env.ENVIRONMENT}}/${{ matrix.component }}
	terragrunt init --upgrade
	terragrunt plan --terragrunt-non-interactive --no-color --log-custom-format "%msg" -lock-timeout=10m > /var/tmp/results.txt
	${{ github.workspace }}/.github/scripts/extract_terraform_plan_enhanced.sh /var/tmp/results.txt -o /var/tmp/output.txt

	cat /var/tmp/output.txt

	echo 'plan<<EOF' >> $GITHUB_OUTPUT
	cat /var/tmp/output.txt >> $GITHUB_OUTPUT
	echo 'EOF' >> $GITHUB_OUTPUT

	- name: Comment on PR with plan output
	uses: mshick/add-pr-comment@b8f338c590a895d50bcbfa6c5859251edc8952fc # v2.8.2
	if: ${{ steps.tf-plan.outputs.plan != '' }}
	with:
	message-id: ${{ matrix.component }}_plan
	message: \|
	# ${{env.ENVIRONMENT}}/${{ matrix.component }} Terragrunt Plan:
	```shell
	${{join(steps.tf-plan.outputs.plan, '\n')}}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update terraform github.com/cds-snc/terraform-modules to v9.6.8 #7689

Workflow file

chore(deps): update terraform github.com/cds-snc/terraform-modules to v9.6.8 #7689

Uh oh!

Jobs

Run details

Workflow file for this run