Plan application deployment #29
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Plan application deployment | |
| on: | |
| repository_dispatch: | |
| types: | |
| - plan-app | |
| workflow_dispatch: | |
| inputs: | |
| application: | |
| description: Application to plan. | |
| required: true | |
| type: string | |
| distinct_id: | |
| description: Distinct ID for this execution, used for tracking. | |
| required: false | |
| type: string | |
| environment: | |
| description: Environment to plan on. | |
| default: development | |
| required: true | |
| type: environment | |
| permissions: | |
| contents: read | |
| jobs: | |
| plan: | |
| name: Plan deploy of ${{ inputs.application }} to ${{ inputs.environment }} | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment }} | |
| env: | |
| # Set required secrets and variables. | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ vars.AWS_REGION || 'us-east-1' }} | |
| DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }} | |
| TF_VAR_application: ${{ inputs.application }} | |
| TF_VAR_environment: ${{ vars.TF_VAR_ENVIRONMENT }} | |
| TF_VAR_program: ${{ vars.TF_VAR_PROGRAM }} | |
| TF_VAR_project: ${{ vars.TF_VAR_PROJECT }} | |
| steps: | |
| - name: distinct ID ${{ inputs.distinct_id || github.run_id }} | |
| uses: imesense/gha-echo-action@v0.2 | |
| with: | |
| input-string: ${{ inputs.distinct_id || github.run_id }} | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Verify the application exists | |
| uses: andstor/file-existence-action@v3 | |
| with: | |
| fail: true | |
| files: "tofu/config/hosting/specs/${{ inputs.application }}.yaml" | |
| - name: Set up AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Setup OpenTofu | |
| uses: ./.github/actions/setup-opentofu | |
| with: | |
| cache-key: ${{ inputs.application }} | |
| config: hosting | |
| - name: Plan changes | |
| working-directory: ./tofu/config/hosting | |
| run: tofu plan -concise -no-color -out tfplan > plan.txt | |
| - name: Display plan | |
| working-directory: ./tofu/config/hosting | |
| run: tofu show -plan tfplan | |
| - name: Upload plan file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: hosting-tfplan | |
| path: | | |
| ./tofu/config/hosting/plan.txt | |
| ./tofu/config/hosting/tfplan | |
| retention-days: 5 |