Update terraform to 1.9, address deploy consistency (#2404)

### Time to review: __2 mins__

## Motivation & Context

This PR does 2 things (GASP!)

1. Prod deploys are failing because of a terraform versioning issue. As
a possible fix, I'm upgrading everything to 1.9. I'm hoping that fixes
the deploys, and if it doesn't, I shall look into this much more
closely.

2. I updated the deploy run names so its easier to tell what is running
when. This was purely to make my life easier.

## Additional information

[Here are the terraform 1.8 => 1.9
docs](https://developer.hashicorp.com/terraform/language/upgrade-guides)

The things that apply to us are...

- nothing, we don't use `import blocks`
- we also don't use `.tftest.hcl`

## Testing

Tested on this commit:
9a70469

.github/workflows/build-and-publish.yml

@@ -1,4 +1,5 @@
 name: Build and Publish
+run-name: Build and Publish ${{ inputs.ref }} to ${{ inputs.app_name }} ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:
   workflow_call:
@@ -43,8 +44,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
         with:
-          ref: ${{ inputs.ref }}
+          terraform_version: 1.9.7
+          terraform_wrapper: false
 
       - name: Configure AWS credentials
         uses: ./.github/actions/configure-aws-credentials

.github/workflows/cd-analytics-infra.yml

@@ -1,6 +1,5 @@
 name: Deploy Analytics Infra
-
-run-name: Deploy ${{ github.ref_name }} to Analytics ${{ (github.event_name == 'release' && 'prod') || 'nonprod' }}
+run-name: Deploy ${{ github.ref_name }} to Analytics Infra ${{ (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:
   push:
@@ -23,7 +22,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - name: Configure AWS credentials
@@ -52,7 +51,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - name: Configure AWS credentials
@@ -64,5 +63,5 @@ jobs:
       - name: Terraform Init and Apply
         run: |
           ./bin/terraform-init.sh infra/analytics/${{ matrix.directory }} ${{ matrix.envs }}
-          export TF_CLI_ARGS="-input=false -auto-approve -var environment_name=${{ matrix.envs }}" 
+          export TF_CLI_ARGS="-input=false -auto-approve -var environment_name=${{ matrix.envs }}"
           ./bin/terraform-apply.sh infra/analytics/${{ matrix.directory }} ${{ matrix.envs }}

.github/workflows/cd-analytics.yml

@@ -1,7 +1,5 @@
 name: Deploy Analytics
-# Need to set a default value for when the workflow is triggered from a git push
-# which bypasses the default configuration for inputs
-run-name: Deploy ${{ github.ref_name }} to Analytics ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod'}} # changed for consistency with other files
+run-name: Deploy ${{ github.ref_name }} to Analytics ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod'}}
 
 on:
   push:

.github/workflows/cd-api-infra.yml

@@ -1,6 +1,5 @@
 name: Deploy API Infra
-
-run-name: Deploy ${{ github.ref_name }} to API ${{ (github.event_name == 'release' && 'prod') || 'nonprod' }}
+run-name: Deploy ${{ github.ref_name }} to API Infra ${{ (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:
   push:
@@ -23,7 +22,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - name: Configure AWS credentials
@@ -42,7 +41,7 @@ jobs:
       matrix:
         directory: ["database", "service"]
         envs: ${{ github.event_name == 'release' && fromJSON('["prod"]') || fromJSON('["dev", "staging"]') }} # deploy prod on releases, otherwise deploy staging and dev
-  
+
     permissions:
       contents: read
       id-token: write
@@ -51,7 +50,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - name: Configure AWS credentials
@@ -63,5 +62,5 @@ jobs:
       - name: Terraform Init and Apply
         run: |
           ./bin/terraform-init.sh infra/api/${{ matrix.directory }} ${{ matrix.envs }}
-          export TF_CLI_ARGS="-input=false -auto-approve -var environment_name=${{ matrix.envs }}" 
+          export TF_CLI_ARGS="-input=false -auto-approve -var environment_name=${{ matrix.envs }}"
           ./bin/terraform-apply.sh infra/api/${{ matrix.directory }} ${{ matrix.envs }}

.github/workflows/cd-api.yml

@@ -1,6 +1,4 @@
 name: Deploy API
-# Need to set a default value for when the workflow is triggered from a git push
-# which bypasses the default configuration for inputs
 run-name: Deploy ${{ github.ref_name }} to API ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:

.github/workflows/cd-frontend-infra.yml

@@ -1,6 +1,5 @@
 name: Deploy Frontend Infra
-
-run-name: Deploy ${{ github.ref_name }} to Frontend ${{ (github.event_name == 'release' && 'prod') || 'nonprod' }}
+run-name: Deploy ${{ github.ref_name }} to Frontend Infra ${{ (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:
   push:
@@ -23,7 +22,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - name: Configure AWS credentials
@@ -51,7 +50,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - name: Configure AWS credentials
@@ -63,5 +62,5 @@ jobs:
       - name: Terraform Init and Apply
         run: |
           ./bin/terraform-init.sh infra/frontend/${{ matrix.directory }} ${{ matrix.envs }}
-          export TF_CLI_ARGS="-input=false -auto-approve -var environment_name=${{ matrix.envs }}" 
+          export TF_CLI_ARGS="-input=false -auto-approve -var environment_name=${{ matrix.envs }}"
           ./bin/terraform-apply.sh infra/frontend/${{ matrix.directory }} ${{ matrix.envs }}

.github/workflows/cd-frontend.yml

@@ -1,6 +1,4 @@
 name: Deploy Frontend
-# Need to set a default value for when the workflow is triggered from a git push
-# which bypasses the default configuration for inputs
 run-name: Deploy ${{ github.ref_name }} to Frontend ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:

.github/workflows/ci-infra.yml

@@ -43,7 +43,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
       - name: Run infra-lint-terraform
         run: |
@@ -56,7 +56,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
       - name: Validate
         run: make infra-validate-modules

.github/workflows/database-migrations.yml

@@ -1,4 +1,5 @@
-name: Database migrations
+name: Database Migrations
+run-name: Database Migrations ${{ github.ref_name }} to ${{ inputs.app_name }} ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:
   workflow_call:
@@ -25,6 +26,10 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.9.7
+          terraform_wrapper: false
 
       - name: Configure AWS credentials
         uses: ./.github/actions/configure-aws-credentials

.github/workflows/deploy.yml

@@ -1,4 +1,5 @@
-name: Deploy
+name: Chained Deploy
+run-name: Chained Deploy Layer for ${{ github.ref_name }} to ${{ inputs.app_name }} ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'nonprod' }}
 
 on:
   workflow_call:
@@ -38,6 +39,10 @@ jobs:
       id-token: write
     steps:
       - uses: actions/checkout@v4
+      - uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: 1.9.7
+          terraform_wrapper: false
 
       - name: Configure AWS credentials
         uses: ./.github/actions/configure-aws-credentials

.github/workflows/infra-service.yml

@@ -22,7 +22,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.8.2
+          terraform_version: 1.9.7
           terraform_wrapper: false
 
       - uses: actions/setup-go@v5

infra/accounts/main.tf

@@ -16,7 +16,7 @@ locals {
 
 terraform {
 
-  required_version = "< 1.9.7"
+  required_version = "< 1.10"
 
   required_providers {
     aws = {

infra/alarms/main.tf

@@ -18,7 +18,7 @@ locals {
 
 terraform {
 
-  required_version = "< 1.9.7"
+  required_version = "< 1.10"
 
   required_providers {
     aws = {

infra/analytics/build-repository/main.tf

@@ -18,7 +18,7 @@ locals {
 }
 
 terraform {
-  required_version = "< 1.9.7"
+  required_version = "< 1.10"
 
   required_providers {
     aws = {

infra/analytics/database/main.tf

@@ -36,7 +36,7 @@ locals {
 }
 
 terraform {
-  required_version = "< 1.9.7"
+  required_version = "< 1.10"
 
   required_providers {
     aws = {