Standardizing conventions/setup

- Dashes instead of underline for github pipelines
- Clear separation of concerns in account tf stack
- Remove unnecessary `app_version` input

Author: TheOneFromNorway

.github/workflows/data-replication-pipeline.yml

@@ -23,7 +23,7 @@ on:
 permissions: {}
 
 env:
-  aws-role: ${{ inputs.environment == 'production'
+  aws_role: ${{ inputs.environment == 'production'
     && 'arn:aws:iam::820242920762:role/GithubDeployDataReplicationInfrastructure'
     || 'arn:aws:iam::393416225559:role/GithubDeployDataReplicationInfrastructure' }}
   aws_account_id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }}
@@ -80,15 +80,13 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ env.aws-role }}
+          role-to-assume: ${{ env.aws_role }}
           aws-region: eu-west-2
       - name: Setup python
         uses: actions/setup-python@v4
         with:
           python-version: 3.12.3
           cache: pip
-      - name: Install Python dependencies
-        run: python3 -m pip install -r script/requirements.txt
       - name: Get image digest
         id: get-image-digest
         run: |
@@ -145,7 +143,7 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ env.aws-role }}
+          role-to-assume: ${{ env.aws_role }}
           aws-region: eu-west-2
       - name: Download data-replication task definition artifact
         uses: actions/download-artifact@v5

.github/workflows/deploy-application.yml

@@ -16,7 +16,7 @@ on:
           - production
           - sandbox-alpha
           - sandbox-beta
-      server_types:
+      server-types:
         description: Server types to deploy
         required: true
         type: choice
@@ -26,7 +26,7 @@ on:
           - good-job
           - sidekiq
         default: all
-      git_sha_to_deploy:
+      git-ref-to-deploy:
         description: The git commit SHA to deploy.
         required: false
         type: string
@@ -35,17 +35,13 @@ on:
       environment:
         required: true
         type: string
-      server_types:
+      server-types:
         required: true
         type: string
-      git_sha_to_deploy:
+      git-ref-to-deploy:
         description: The git commit SHA to deploy.
         required: true
         type: string
-      app_version:
-        description: The git ref to deploy (branch, tag, or commit SHA).
-        required: false
-        type: string
 
 permissions: {}
 
@@ -56,9 +52,9 @@ env:
   aws-role: ${{ inputs.environment == 'production'
     && 'arn:aws:iam::820242920762:role/GithubDeployECSService'
     || 'arn:aws:iam::393416225559:role/GithubDeployECSService' }}
-  aws_account_id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }}
-  cluster_name: mavis-${{ inputs.environment }}
-  app_version: ${{ inputs.app_version == '' && 'unknown' || inputs.app_version }}
+  aws-account-id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }}
+  cluster-name: mavis-${{ inputs.environment }}
+  app-version: ${{ inputs.git-ref-to-deploy == '' && 'unknown' || inputs.git-ref-to-deploy }}
 
 jobs:
   prepare-deployment:
@@ -69,12 +65,13 @@ jobs:
     strategy:
       fail-fast: true
       matrix:
-        service: ${{ inputs.server_types == 'all' && fromJSON('["web", "good-job", "sidekiq"]') || fromJSON(format('["{0}"]', inputs.server_types)) }}
+        service: ${{ inputs.server-types == 'all' && fromJSON('["web", "good-job", "sidekiq"]') || fromJSON(format('["{0}"]', inputs.server-types)) }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
+        id: checkout-code
         with:
-          ref: ${{ inputs.git_sha_to_deploy || github.sha }}
+          ref: ${{ inputs.git-ref-to-deploy || github.sha }}
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
@@ -83,7 +80,7 @@ jobs:
       - name: Setup python
         uses: actions/setup-python@v4
         with:
-          python-version: 3.12.3
+          python-version: 3.13.7
           cache: pip
       - name: Install Python dependencies
         run: python3 -m pip install -r script/requirements.txt
@@ -92,7 +89,7 @@ jobs:
         run: |
           digest=$(aws ecr describe-images \
             --repository-name mavis/webapp \
-            --image-ids imageTag=${{ inputs.git_sha_to_deploy || github.sha }} \
+            --image-ids imageTag=${{ steps.checkout-code.outputs.commit }} \
             --query 'imageDetails[0].imageDigest' \
             --output text)
           echo "digest=$digest" >> $GITHUB_OUTPUT
@@ -111,13 +108,13 @@ jobs:
         with:
           task-definition-family: "mavis-${{ matrix.service }}-task-definition-${{ inputs.environment }}-template"
           container-name: "application"
-          image: "${{ env.aws_account_id }}.dkr.ecr.eu-west-2.amazonaws.com/mavis/webapp@${{ steps.get-image-digest.outputs.digest }}"
+          image: "${{ env.aws-account-id }}.dkr.ecr.eu-west-2.amazonaws.com/mavis/webapp@${{ steps.get-image-digest.outputs.digest }}"
           environment-variables: ${{ steps.parse-environment-variables.outputs.parsed_env_vars }}
       - name: Rename task definition file
         run: mv ${{ steps.create-task-definition.outputs.task-definition }} ${{ runner.temp }}/${{ matrix.service }}-task-definition.json
       - name: Populate SSM parameters for ${{ matrix.service }} service
         run: |
-          python3 script/populate_ssm_parameters.py ${{ inputs.environment }} ${{ matrix.service }} --app-version ${{ env.app_version }}
+          python3 script/populate_ssm_parameters.py ${{ inputs.environment }} ${{ matrix.service }} --app-version ${{ env.app-version }}
       - name: Upload artifact for ${{ matrix.service }} task definition
         uses: actions/upload-artifact@v4
         with:
@@ -135,8 +132,8 @@ jobs:
   deploy-web:
     name: Deploy web service
     runs-on: ubuntu-latest
-    if: ${{ inputs.server_types == 'web' || inputs.server_types == 'all' }}
-    needs: [prepare-deployment, approve-deployments]
+    if: ${{ inputs.server-types == 'web' || inputs.server-types == 'all' }}
+    needs: [ prepare-deployment, approve-deployments ]
     permissions:
       id-token: write
     steps:
@@ -148,7 +145,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
       - name: Download web task definition artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           path: ${{ runner.temp }}
           name: ${{ inputs.environment }}-web-task-definition
@@ -167,7 +164,7 @@ jobs:
         with:
           task-definition: ${{ runner.temp }}/web-task-definition.json
           codedeploy-appspec: config/templates/appspec.yaml
-          cluster: ${{ env.cluster_name }}
+          cluster: ${{ env.cluster-name }}
           service: mavis-${{ inputs.environment }}-web
           codedeploy-application: mavis-${{ inputs.environment }}
           codedeploy-deployment-group: blue-green-group-${{ inputs.environment }}
@@ -180,13 +177,13 @@ jobs:
   deploy-good-job:
     name: Deploy good-job service
     runs-on: ubuntu-latest
-    if: ${{ inputs.server_types == 'good-job' || inputs.server_types == 'all' }}
-    needs: [prepare-deployment, approve-deployments]
+    if: ${{ inputs.server-types == 'good-job' || inputs.server-types == 'all' }}
+    needs: [ prepare-deployment, approve-deployments ]
     permissions:
       id-token: write
     steps:
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v5
         with:
           role-to-assume: ${{ env.aws-role }}
           aws-region: eu-west-2
@@ -204,16 +201,16 @@ jobs:
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ runner.temp }}/good-job-task-definition.json
-          cluster: ${{ env.cluster_name }}
+          cluster: ${{ env.cluster-name }}
           service: mavis-${{ inputs.environment }}-good-job
           force-new-deployment: true
           wait-for-service-stability: true
 
   create-sidekiq-deployment:
     name: Create sidekiq deployment
     runs-on: ubuntu-latest
-    if: ${{ inputs.server_types == 'sidekiq' || inputs.server_types == 'all' }}
-    needs: [prepare-deployment, approve-deployments]
+    if: ${{ inputs.server-types == 'sidekiq' || inputs.server-types == 'all' }}
+    needs: [ prepare-deployment, approve-deployments ]
     permissions:
       id-token: write
     steps:
@@ -223,7 +220,7 @@ jobs:
           role-to-assume: ${{ env.aws-role }}
           aws-region: eu-west-2
       - name: Download sidekiq task definition artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           path: ${{ runner.temp }}
           name: ${{ inputs.environment }}-sidekiq-task-definition
@@ -236,7 +233,7 @@ jobs:
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ runner.temp }}/sidekiq-task-definition.json
-          cluster: ${{ env.cluster_name }}
+          cluster: ${{ env.cluster-name }}
           service: mavis-${{ inputs.environment }}-sidekiq
           force-new-deployment: true
           wait-for-service-stability: true

.github/workflows/deploy-infrastructure.yml

@@ -8,7 +8,7 @@ on:
         description: Deployment environment
         required: true
         type: string
-      git_ref_to_deploy:
+      git-ref-to-deploy:
         required: true
         type: string
   workflow_dispatch:
@@ -17,7 +17,7 @@ on:
         description: Deployment environment
         required: true
         type: string
-      git_ref_to_deploy:
+      git-ref-to-deploy:
         description: The git commit SHA to deploy.
         required: false
         type: string
@@ -28,12 +28,10 @@ concurrency:
   group: deploy-infrastructure-${{ inputs.environment }}
 
 env:
-  aws_role: ${{ inputs.environment == 'production'
+  aws-role: ${{ inputs.environment == 'production'
     && 'arn:aws:iam::820242920762:role/GithubDeployMavisAndInfrastructure'
     || 'arn:aws:iam::393416225559:role/GithubDeployMavisAndInfrastructure' }}
-  aws_account_id: ${{ inputs.environment == 'production'
-    && '820242920762' || '393416225559' }}
-  git_ref_to_deploy: ${{ inputs.git_ref_to_deploy || github.ref_name }}
+  git-ref-to-deploy: ${{ inputs.git-ref-to-deploy || github.ref_name }}
 
 defaults:
   run:
@@ -49,11 +47,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
         with:
-          ref: ${{ env.git_ref_to_deploy }}
+          ref: ${{ env.git-ref-to-deploy }}
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ env.aws_role }}
+          role-to-assume: ${{ env.aws-role }}
           aws-region: eu-west-2
       - name: Install terraform
         uses: hashicorp/setup-terraform@v3
@@ -92,11 +90,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
         with:
-          ref: ${{ env.git_ref_to_deploy }}
+          ref: ${{ env.git-ref-to-deploy }}
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: ${{ env.aws_role }}
+          role-to-assume: ${{ env.aws-role }}
           aws-region: eu-west-2
       - name: Download artifact
         uses: actions/download-artifact@v5

.github/workflows/deploy.yml

@@ -1,5 +1,5 @@
 name: Deploy
-run-name: Deploy ${{ inputs.git_ref_to_deploy || github.ref_name }} to ${{ inputs.environment }}
+run-name: Deploy ${{ inputs.git-ref-to-deploy || github.ref_name }} to ${{ inputs.environment }}
 
 concurrency:
   group: deploy-${{ inputs.environment }}
@@ -10,12 +10,12 @@ on:
       environment:
         required: true
         type: string
-      server_types:
+      server-types:
         required: true
         type: string
   workflow_dispatch:
     inputs:
-      git_ref_to_deploy:
+      git-ref-to-deploy:
         description:
           | # Use blank unicode character (U+2800) to force line-break
           Use code from: ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
@@ -33,7 +33,7 @@ on:
           - production
           - sandbox-alpha
           - sandbox-beta
-      server_types:
+      server-types:
         description: Server types to deploy
         required: true
         type: choice
@@ -46,7 +46,7 @@ on:
         default: all
 
 env:
-  account_id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }}
+  account-id: ${{ inputs.environment == 'production' && '820242920762' || '393416225559' }}
 
 jobs:
   validate-inputs:
@@ -56,8 +56,8 @@ jobs:
       - name: Validate inputs
         run: |
           if [[ "${{ inputs.environment }}" == "preview" || "${{ inputs.environment }}" == "production" ]]; then
-            if [[ -z "${{ inputs.git_ref_to_deploy }}" ]]; then
-              echo "Error: git_ref_to_deploy is required for preview and production environments."
+            if [[ -z "${{ inputs.git-ref-to-deploy }}" ]]; then
+              echo "Error: git-ref-to-deploy is required for preview and production environments."
               exit 1
             fi
           fi
@@ -71,7 +71,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
         with:
-          ref: ${{ inputs.git_ref_to_deploy || github.sha }}
+          ref: ${{ inputs.git-ref-to-deploy || github.sha }}
       - name: Get git sha
         id: get-git-sha
         run: echo "git-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
@@ -98,13 +98,13 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: arn:aws:iam::${{ env.account_id }}:role/GithubDeployMavisAndInfrastructure
+          role-to-assume: arn:aws:iam::${{ env.account-id }}:role/GithubDeployMavisAndInfrastructure
           aws-region: eu-west-2
       - name: Compare permissions
         id: compare-permissions
         run: |
           source ./scripts/validate-github-actions-policy.sh
-          validate_policies arn:aws:iam::${{ env.account_id }}:policy/DeployMavisResources ./account/resources/iam_policy_DeployMavisResources.json
+          validate_policies arn:aws:iam::${{ env.account-id }}:policy/DeployMavisResources ./account/resources/iam_policy_DeployMavisResources.json
           exit $?
   update-permissions:
     runs-on: ubuntu-latest
@@ -124,10 +124,10 @@ jobs:
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
-          role-to-assume: arn:aws:iam::${{ env.account_id }}:role/GithubDeployMavisAndInfrastructure
+          role-to-assume: arn:aws:iam::${{ env.account-id }}:role/GithubDeployMavisAndInfrastructure
           aws-region: eu-west-2
       - name: Update IAM policy
-        run: ./scripts/update-github-actions-policy.sh arn:aws:iam::${{ env.account_id }}:policy/DeployMavisResources ./account/resources/iam_policy_DeployMavisResources.json
+        run: ./scripts/update-github-actions-policy.sh arn:aws:iam::${{ env.account-id }}:policy/DeployMavisResources ./account/resources/iam_policy_DeployMavisResources.json
   deploy-infrastructure:
     permissions:
       id-token: write
@@ -144,15 +144,14 @@ jobs:
     uses: ./.github/workflows/deploy-infrastructure.yml
     with:
       environment: ${{ inputs.environment }}
-      git_ref_to_deploy: ${{ inputs.git_ref_to_deploy || github.ref_name }}
+      git-ref-to-deploy: ${{ inputs.git-ref-to-deploy || github.ref_name }}
   deploy-application:
     permissions:
       id-token: write
     needs: [deploy-infrastructure, determine-git-sha]
-    if: ${{ !cancelled() && inputs.server_types != 'none' && needs.deploy-infrastructure.result == 'success' }}
+    if: ${{ !cancelled() && inputs.server-types != 'none' && needs.deploy-infrastructure.result == 'success' }}
     uses: ./.github/workflows/deploy-application.yml
     with:
       environment: ${{ inputs.environment }}
-      server_types: ${{ inputs.server_types }}
-      git_sha_to_deploy: ${{ needs.determine-git-sha.outputs.git-sha }}
-      app_version: ${{ inputs.git_ref_to_deploy }}
+      server-types: ${{ inputs.server-types }}
+      git-ref-to-deploy: ${{ inputs.git-ref-to-deploy || github.ref_name }}

.github/workflows/refresh-data-replication.yml

@@ -147,6 +147,7 @@ jobs:
             "-var-file=env/${{ inputs.environment }}.tfvars"
             "-var=allowed_egress_cidr_blocks=$CIDR_BLOCKS"
             "-out=${{ runner.temp }}/tfplan"
+            "-replace" "aws_rds_cluster.cluster"
           )
           
           if [ "${{ env.REPLACE_DB_CLUSTER }}" = "true" ]; then