From 055ac74ea461d546332b8c68c7c839d48933d174 Mon Sep 17 00:00:00 2001 From: Greg Tyler Date: Tue, 12 Dec 2023 16:21:59 +0000 Subject: [PATCH] Deploy to preproduction and production envs Plan the account/environment deployments in PRs, and run in main build. Fixes CTC-129 #major --- .github/workflows/account-deploy.yml | 7 ++- .github/workflows/env-deploy.yml | 7 +++ .github/workflows/workflow-main.yml | 56 +++++++++++++++++++++ .github/workflows/workflow-pr.yml | 47 +++++++++++++++++ terraform/account/terraform.tfvars.json | 10 ++++ terraform/environment/terraform.tfvars.json | 27 ++++++++++ 6 files changed, 153 insertions(+), 1 deletion(-) diff --git a/.github/workflows/account-deploy.yml b/.github/workflows/account-deploy.yml index 2b67f818..d3410a83 100644 --- a/.github/workflows/account-deploy.yml +++ b/.github/workflows/account-deploy.yml @@ -7,6 +7,11 @@ on: description: "The terraform workspace to target for account actions" required: true type: string + plan_only: + description: "Whether to only plan the deployment, not run it" + required: false + type: boolean + default: false secrets: aws_access_key_id: description: "AWS Access Key ID" @@ -55,7 +60,7 @@ jobs: working-directory: ./terraform/account - name: Terraform Apply - if: github.ref == 'refs/heads/main' + if: inputs.plan_only == false env: TF_WORKSPACE: ${{ inputs.workspace_name }} run: | diff --git a/.github/workflows/env-deploy.yml b/.github/workflows/env-deploy.yml index a5bab711..2f1e5264 100644 --- a/.github/workflows/env-deploy.yml +++ b/.github/workflows/env-deploy.yml @@ -11,6 +11,11 @@ on: description: "The docker image tag to deploy in the environment" required: true type: string + plan_only: + description: "Whether to only plan the deployment, not run it" + required: false + type: boolean + default: false secrets: aws_access_key_id: description: "AWS Access Key ID" @@ -72,6 +77,7 @@ jobs: working-directory: ./terraform/environment - name: Terraform Apply + if: inputs.plan_only == false env: TF_WORKSPACE: ${{ inputs.workspace_name }} TF_VAR_app_version: ${{ inputs.version_tag }} @@ -80,6 +86,7 @@ jobs: working-directory: ./terraform/environment - name: Terraform Outputs + if: inputs.plan_only == false id: terraform_outputs env: TF_WORKSPACE: ${{ inputs.workspace_name }} diff --git a/.github/workflows/workflow-main.yml b/.github/workflows/workflow-main.yml index bfee1e2e..5e225110 100644 --- a/.github/workflows/workflow-main.yml +++ b/.github/workflows/workflow-main.yml @@ -55,3 +55,59 @@ jobs: secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-preproduction-account: + needs: [test-dev-env] + name: TF Deploy Preproduction Account + uses: ./.github/workflows/account-deploy.yml + with: + workspace_name: preproduction + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-preproduction-env: + name: Deploy Preproduction Environment + needs: [deploy-preproduction-account, generate-tag] + uses: ./.github/workflows/env-deploy.yml + with: + workspace_name: preproduction + version_tag: ${{ needs.generate-tag.outputs.tag }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + deploy-production-account: + name: TF Deploy Production Account + needs: [deploy-preproduction-env] + uses: ./.github/workflows/account-deploy.yml + with: + workspace_name: production + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-production-env: + name: Deploy Production Environment + needs: [deploy-production-account, generate-tag] + uses: ./.github/workflows/env-deploy.yml + with: + workspace_name: production + version_tag: ${{ needs.generate-tag.outputs.tag }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + deploy-demo-env: + name: Deploy Demo Environment + needs: [deploy-production-env, generate-tag] + uses: ./.github/workflows/env-deploy.yml + with: + workspace_name: demo + version_tag: ${{ needs.generate-tag.outputs.tag }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/workflow-pr.yml b/.github/workflows/workflow-pr.yml index b35a060e..df6efe25 100644 --- a/.github/workflows/workflow-pr.yml +++ b/.github/workflows/workflow-pr.yml @@ -60,11 +60,58 @@ jobs: name: TF Plan Dev Account uses: ./.github/workflows/account-deploy.yml with: + plan_only: true workspace_name: development secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + plan-preproduction-account: + name: TF Plan Preproduction Account + uses: ./.github/workflows/account-deploy.yml + with: + plan_only: true + workspace_name: preproduction + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + plan-production-account: + name: TF Plan Production Account + uses: ./.github/workflows/account-deploy.yml + with: + plan_only: true + workspace_name: production + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + plan-preproduction-env: + name: Plan Preproduction Environment + needs: [generate-tag] + uses: ./.github/workflows/env-deploy.yml + with: + plan_only: true + workspace_name: preproduction + version_tag: ${{ needs.generate-tag.outputs.tag }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + plan-production-env: + name: Plan Production Environment + needs: [generate-tag] + uses: ./.github/workflows/env-deploy.yml + with: + plan_only: true + workspace_name: production + version_tag: ${{ needs.generate-tag.outputs.tag }} + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + github_access_token: ${{ secrets.GITHUB_TOKEN }} + deploy-pr-env: name: Deploy PR Environment needs: diff --git a/terraform/account/terraform.tfvars.json b/terraform/account/terraform.tfvars.json index 3f8aac20..520ec38e 100644 --- a/terraform/account/terraform.tfvars.json +++ b/terraform/account/terraform.tfvars.json @@ -4,6 +4,16 @@ "account_id": "493907465011", "account_name": "development", "is_production": false + }, + "preproduction": { + "account_id": "936779158973", + "account_name": "preproduction", + "is_production": false + }, + "production": { + "account_id": "764856231715", + "account_name": "production", + "is_production": true } } } diff --git a/terraform/environment/terraform.tfvars.json b/terraform/environment/terraform.tfvars.json index 5a4673f7..f3fe8f41 100644 --- a/terraform/environment/terraform.tfvars.json +++ b/terraform/environment/terraform.tfvars.json @@ -17,6 +17,33 @@ "arn:aws:iam::493907465011:role/operator", "arn:aws:iam::493907465011:role/lpa-store-ci" ] + }, + "demo": { + "account_id": "493907465011", + "account_name": "demo", + "is_production": false, + "allowed_arns": [ + "arn:aws:iam::493907465011:role/operator", + "arn:aws:iam::493907465011:role/lpa-store-ci" + ] + }, + "preproduction": { + "account_id": "936779158973", + "account_name": "preproduction", + "is_production": false, + "allowed_arns": [ + "arn:aws:iam::936779158973:role/operator", + "arn:aws:iam::936779158973:role/lpa-store-ci" + ] + }, + "production": { + "account_id": "764856231715", + "account_name": "production", + "is_production": true, + "allowed_arns": [ + "arn:aws:iam::764856231715:role/operator", + "arn:aws:iam::764856231715:role/lpa-store-ci" + ] } } }