From d00428d7d8a7b2ad4f15e7f1982f729da4066ffb Mon Sep 17 00:00:00 2001 From: Greg Tyler Date: Tue, 12 Dec 2023 16:43:29 +0000 Subject: [PATCH] Deploy to preproduction and production accounts Plan the account deployments in PR pipelines, and run in main build. Fixes CTC-129 #major --- .github/workflows/account-deploy.yml | 7 ++++++- .github/workflows/workflow-main.yml | 20 ++++++++++++++++++++ .github/workflows/workflow-pr.yml | 21 +++++++++++++++++++++ terraform/account/terraform.tfvars.json | 10 ++++++++++ 4 files changed, 57 insertions(+), 1 deletion(-) diff --git a/.github/workflows/account-deploy.yml b/.github/workflows/account-deploy.yml index 2b67f818..d3410a83 100644 --- a/.github/workflows/account-deploy.yml +++ b/.github/workflows/account-deploy.yml @@ -7,6 +7,11 @@ on: description: "The terraform workspace to target for account actions" required: true type: string + plan_only: + description: "Whether to only plan the deployment, not run it" + required: false + type: boolean + default: false secrets: aws_access_key_id: description: "AWS Access Key ID" @@ -55,7 +60,7 @@ jobs: working-directory: ./terraform/account - name: Terraform Apply - if: github.ref == 'refs/heads/main' + if: inputs.plan_only == false env: TF_WORKSPACE: ${{ inputs.workspace_name }} run: | diff --git a/.github/workflows/workflow-main.yml b/.github/workflows/workflow-main.yml index bfee1e2e..f8d902c7 100644 --- a/.github/workflows/workflow-main.yml +++ b/.github/workflows/workflow-main.yml @@ -55,3 +55,23 @@ jobs: secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-preproduction-account: + needs: [test-dev-env] + name: TF Deploy Preproduction Account + uses: ./.github/workflows/account-deploy.yml + with: + workspace_name: preproduction + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-production-account: + name: TF Deploy Production Account + needs: [deploy-preproduction-account] + uses: ./.github/workflows/account-deploy.yml + with: + workspace_name: production + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/workflow-pr.yml b/.github/workflows/workflow-pr.yml index b35a060e..ab00f268 100644 --- a/.github/workflows/workflow-pr.yml +++ b/.github/workflows/workflow-pr.yml @@ -60,11 +60,32 @@ jobs: name: TF Plan Dev Account uses: ./.github/workflows/account-deploy.yml with: + plan_only: true workspace_name: development secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + plan-preproduction-account: + name: TF Plan Preproduction Account + uses: ./.github/workflows/account-deploy.yml + with: + plan_only: true + workspace_name: preproduction + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + plan-production-account: + name: TF Plan Production Account + uses: ./.github/workflows/account-deploy.yml + with: + plan_only: true + workspace_name: production + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + deploy-pr-env: name: Deploy PR Environment needs: diff --git a/terraform/account/terraform.tfvars.json b/terraform/account/terraform.tfvars.json index 3f8aac20..520ec38e 100644 --- a/terraform/account/terraform.tfvars.json +++ b/terraform/account/terraform.tfvars.json @@ -4,6 +4,16 @@ "account_id": "493907465011", "account_name": "development", "is_production": false + }, + "preproduction": { + "account_id": "936779158973", + "account_name": "preproduction", + "is_production": false + }, + "production": { + "account_id": "764856231715", + "account_name": "production", + "is_production": true } } }