ci: Added deployment jobs.

jamesiarmes · jamesiarmes · commit f263cdd611b8 · 2025-06-13T16:56:03.000-04:00
diff --git a/.github/workflows/deploy-app.yaml b/.github/workflows/deploy-app.yaml
@@ -0,0 +1,44 @@
+name: Deploy application
+
+on:
+  workflow_dispatch:
+    inputs:
+      application:
+        description: Application to deploy.
+        required: true
+        type: string
+      environment:
+        description: Environment to deploy to.
+        default: development
+        required: true
+        type: environment
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    name: Deploy ${{ inputs.application }} to ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+      - name: Initialize OpenTofu
+        working-directory: ./tofu/config/${{ inputs.environment }}/infra
+        run: tofu init
+      - name: Apply changes
+        working-directory: ./tofu/config/${{ inputs.environment }}/infra
+        run: tofu apply --target module.app\[\"${{ inputs.application }}\"] --auto-approve
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -0,0 +1,40 @@
+name: Deploy infrastructure
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: Environment to deploy to.
+        default: development
+        required: true
+        type: environment
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    name: Deploy infrastrucure to ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+      - name: Initialize OpenTofu
+        working-directory: ./tofu/config/${{ inputs.environment }}/infra
+        run: tofu init
+      - name: Apply changes
+        working-directory: ./tofu/config/${{ inputs.environment }}/infra
+        run: tofu apply --auto-approve
diff --git a/.github/workflows/plan-app.yaml b/.github/workflows/plan-app.yaml
@@ -0,0 +1,62 @@
+name: Plan application deployment
+
+on:
+  push:
+    branches-ignore:
+      - main
+  repository_dispatch:
+    types:
+      - plan-app
+  workflow_dispatch:
+    inputs:
+      application:
+        description: Application to plan.
+        required: true
+        type: string
+      environment:
+        description: Environment to plan on.
+        default: development
+        required: true
+        type: environment
+
+permissions:
+  contents: read
+
+jobs:
+  plan:
+    name: Plan deploy of ${{ inputs.application }} to ${{ inputs.environment }}
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    env:
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
+    steps:
+      - name: "DEBUG: Dump inputs"
+        uses: imesense/gha-echo-action@v0.2
+        with:
+          input-string: ${{ toJson(inputs) }}
+      - name: "DEBUG: Dump payload"
+        uses: imesense/gha-echo-action@v0.2
+        with:
+          input-string: ${{ toJson(github.event.client_payload) }}
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-east-1
+      - name: Setup OpenTofu
+        uses: opentofu/setup-opentofu@v1
+      - name: Initialize OpenTofu
+        working-directory: ./tofu/config/${{ inputs.environment }}/infra
+        run: tofu init
+      - name: Plan changes
+        working-directory: ./tofu/config/${{ inputs.environment }}/infra
+        run: tofu plan --target module.app\[\"${{ inputs.application }}\"]
+      - name: Display plan
+        uses: imesense/gha-echo-action@v0.2
+        with:
+          input-string: ${{ steps.plan.outputs.stdout }}
diff --git a/.github/workflows/plan.yaml b/.github/workflows/plan.yaml
@@ -43,7 +43,7 @@ jobs:
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: us-east-1
+          aws-region: ${{ vars.AWS_REGION || 'us-east-1' }}
       - name: Setup OpenTofu
         uses: opentofu/setup-opentofu@v1
       - name: Initialize OpenTofu
