Deploy infrastructure for test #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy infrastructure | |
| run-name: Deploy infrastructure for ${{ inputs.environment }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Deployment environment | |
| required: true | |
| type: choice | |
| options: | |
| - qa | |
| - poc | |
| - copilotmigration | |
| - test | |
| - preview | |
| - training | |
| - production | |
| docker_sha: | |
| description: "Docker image sha to deploy. This is used only if no existing task definition is found" | |
| required: false | |
| type: string | |
| workflow_call: | |
| inputs: | |
| environment: | |
| description: Deployment environment | |
| required: true | |
| type: string | |
| concurrency: | |
| group: deploy-infrastructure-${{ inputs.environment }} | |
| env: | |
| aws_role: ${{ inputs.environment == 'production' | |
| && 'arn:aws:iam::820242920762:role/GithubDeployMavisAndInfrastructure' | |
| || 'arn:aws:iam::393416225559:role/GithubDeployMavisAndInfrastructure' }} | |
| defaults: | |
| run: | |
| working-directory: terraform/app | |
| jobs: | |
| plan: | |
| name: Terraform plan | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.aws_role }} | |
| aws-region: eu-west-2 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.10.5 | |
| - name: Install AWS Cli | |
| run: sudo snap install --classic aws-cli | |
| - name: Check if any deployments are running | |
| run: ../scripts/check-for-running-deployments.sh ${{ inputs.environment }} | |
| - name: Get image digest | |
| run: | | |
| DIGEST="${{ inputs.docker_sha }}" | |
| if terraform state list | grep -q 'aws_ecs_task_definition.task_definition'; then | |
| DIGEST=$(terraform state show aws_ecs_task_definition.task_definition | grep -oP '(?<=mavis/webapp@)sha256:[0-9a-z]{64}') | |
| echo "Existing task definition found, using image digest from the state: $DIGEST" | |
| elif [ -z "$DIGEST" ]; then | |
| echo "Aborting infrastructure deployment: Missing existing task definition or image digest input parameter" | |
| else | |
| echo "No existing task definition found: Using image digest from the input parameter: $DIGEST" | |
| fi | |
| echo "DIGEST=$DIGEST" >> $GITHUB_ENV | |
| - name: Terraform Plan | |
| id: plan | |
| run: | | |
| set -e | |
| terraform plan -var="image_digest=$DIGEST" -var-file="env/${{ inputs.environment }}.tfvars" \ | |
| -out ${{ runner.temp }}/tfplan | tee ${{ runner.temp }}/tf_stdout | |
| - name: Validate the changes | |
| run: | | |
| set -e | |
| ../scripts/validate_plan.sh ${{ runner.temp }}/tf_stdout | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: tfplan_infrastructure-${{ inputs.environment }} | |
| path: ${{ runner.temp }}/tfplan | |
| apply: | |
| name: Terraform apply | |
| runs-on: ubuntu-latest | |
| needs: plan | |
| environment: ${{ inputs.environment }} | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.aws_role }} | |
| aws-region: eu-west-2 | |
| - name: Download artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: tfplan_infrastructure-${{ inputs.environment }} | |
| path: ${{ runner.temp }} | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.10.5 | |
| - name: Apply the changes | |
| run: | | |
| set -e | |
| terraform init -backend-config="env/${{ inputs.environment }}-backend.hcl" -upgrade | |
| terraform apply ${{ runner.temp }}/tfplan |