Skip to content

Commit

Permalink
Deploy to preproduction and production envs
Browse files Browse the repository at this point in the history
Plan the account/environment deployments in PRs, and run in main build.

Fixes CTC-129 #major
  • Loading branch information
gregtyler committed Dec 12, 2023
1 parent e8efa1e commit 055ac74
Show file tree
Hide file tree
Showing 6 changed files with 153 additions and 1 deletion.
7 changes: 6 additions & 1 deletion .github/workflows/account-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ on:
description: "The terraform workspace to target for account actions"
required: true
type: string
plan_only:
description: "Whether to only plan the deployment, not run it"
required: false
type: boolean
default: false
secrets:
aws_access_key_id:
description: "AWS Access Key ID"
Expand Down Expand Up @@ -55,7 +60,7 @@ jobs:
working-directory: ./terraform/account

- name: Terraform Apply
if: github.ref == 'refs/heads/main'
if: inputs.plan_only == false
env:
TF_WORKSPACE: ${{ inputs.workspace_name }}
run: |
Expand Down
7 changes: 7 additions & 0 deletions .github/workflows/env-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ on:
description: "The docker image tag to deploy in the environment"
required: true
type: string
plan_only:
description: "Whether to only plan the deployment, not run it"
required: false
type: boolean
default: false
secrets:
aws_access_key_id:
description: "AWS Access Key ID"
Expand Down Expand Up @@ -72,6 +77,7 @@ jobs:
working-directory: ./terraform/environment

- name: Terraform Apply
if: inputs.plan_only == false
env:
TF_WORKSPACE: ${{ inputs.workspace_name }}
TF_VAR_app_version: ${{ inputs.version_tag }}
Expand All @@ -80,6 +86,7 @@ jobs:
working-directory: ./terraform/environment

- name: Terraform Outputs
if: inputs.plan_only == false
id: terraform_outputs
env:
TF_WORKSPACE: ${{ inputs.workspace_name }}
Expand Down
56 changes: 56 additions & 0 deletions .github/workflows/workflow-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,59 @@ jobs:
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

deploy-preproduction-account:
needs: [test-dev-env]
name: TF Deploy Preproduction Account
uses: ./.github/workflows/account-deploy.yml
with:
workspace_name: preproduction
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

deploy-preproduction-env:
name: Deploy Preproduction Environment
needs: [deploy-preproduction-account, generate-tag]
uses: ./.github/workflows/env-deploy.yml
with:
workspace_name: preproduction
version_tag: ${{ needs.generate-tag.outputs.tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}

deploy-production-account:
name: TF Deploy Production Account
needs: [deploy-preproduction-env]
uses: ./.github/workflows/account-deploy.yml
with:
workspace_name: production
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

deploy-production-env:
name: Deploy Production Environment
needs: [deploy-production-account, generate-tag]
uses: ./.github/workflows/env-deploy.yml
with:
workspace_name: production
version_tag: ${{ needs.generate-tag.outputs.tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}

deploy-demo-env:
name: Deploy Demo Environment
needs: [deploy-production-env, generate-tag]
uses: ./.github/workflows/env-deploy.yml
with:
workspace_name: demo
version_tag: ${{ needs.generate-tag.outputs.tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}
47 changes: 47 additions & 0 deletions .github/workflows/workflow-pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,58 @@ jobs:
name: TF Plan Dev Account
uses: ./.github/workflows/account-deploy.yml
with:
plan_only: true
workspace_name: development
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

plan-preproduction-account:
name: TF Plan Preproduction Account
uses: ./.github/workflows/account-deploy.yml
with:
plan_only: true
workspace_name: preproduction
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

plan-production-account:
name: TF Plan Production Account
uses: ./.github/workflows/account-deploy.yml
with:
plan_only: true
workspace_name: production
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

plan-preproduction-env:
name: Plan Preproduction Environment
needs: [generate-tag]
uses: ./.github/workflows/env-deploy.yml
with:
plan_only: true
workspace_name: preproduction
version_tag: ${{ needs.generate-tag.outputs.tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}

plan-production-env:
name: Plan Production Environment
needs: [generate-tag]
uses: ./.github/workflows/env-deploy.yml
with:
plan_only: true
workspace_name: production
version_tag: ${{ needs.generate-tag.outputs.tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}

deploy-pr-env:
name: Deploy PR Environment
needs:
Expand Down
10 changes: 10 additions & 0 deletions terraform/account/terraform.tfvars.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,16 @@
"account_id": "493907465011",
"account_name": "development",
"is_production": false
},
"preproduction": {
"account_id": "936779158973",
"account_name": "preproduction",
"is_production": false
},
"production": {
"account_id": "764856231715",
"account_name": "production",
"is_production": true
}
}
}
27 changes: 27 additions & 0 deletions terraform/environment/terraform.tfvars.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,33 @@
"arn:aws:iam::493907465011:role/operator",
"arn:aws:iam::493907465011:role/lpa-store-ci"
]
},
"demo": {
"account_id": "493907465011",
"account_name": "demo",
"is_production": false,
"allowed_arns": [
"arn:aws:iam::493907465011:role/operator",
"arn:aws:iam::493907465011:role/lpa-store-ci"
]
},
"preproduction": {
"account_id": "936779158973",
"account_name": "preproduction",
"is_production": false,
"allowed_arns": [
"arn:aws:iam::936779158973:role/operator",
"arn:aws:iam::936779158973:role/lpa-store-ci"
]
},
"production": {
"account_id": "764856231715",
"account_name": "production",
"is_production": true,
"allowed_arns": [
"arn:aws:iam::764856231715:role/operator",
"arn:aws:iam::764856231715:role/lpa-store-ci"
]
}
}
}

0 comments on commit 055ac74

Please sign in to comment.