Skip to content

Commit

Permalink
Deploy to preproduction and production accounts (#68)
Browse files Browse the repository at this point in the history 
* Deploy to preproduction and production accounts

Plan the account deployments in PR pipelines, and run in main build.

Fixes CTC-129 #major

* Use matrix and better variable name

Plan accounts in a matrix to reduce duplication. Replace `plan_only` variable with `apply` to make safer default behaviour.

#patch
  • Loading branch information
@gregtyler
gregtyler authored Dec 13, 2023
1 parent 89821f8 commit d4233cb
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 4 deletions.
7 changes: 6 additions & 1 deletion .github/workflows/account-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ on:
description: "The terraform workspace to target for account actions"
required: true
type: string
apply:
description: "Whether to apply the deployment"
required: false
type: boolean
default: false
secrets:
aws_access_key_id:
description: "AWS Access Key ID"
Expand Down Expand Up @@ -55,7 +60,7 @@ jobs:
working-directory: ./terraform/account

- name: Terraform Apply
if: github.ref == 'refs/heads/main'
if: inputs.apply == true
env:
TF_WORKSPACE: ${{ inputs.workspace_name }}
run: |
Expand Down
23 changes: 23 additions & 0 deletions .github/workflows/workflow-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ jobs:
uses: ./.github/workflows/account-deploy.yml
with:
workspace_name: development
apply: true
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Expand All @@ -55,3 +56,25 @@ jobs:
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

deploy-preproduction-account:
needs: [test-dev-env]
name: TF Deploy Preproduction Account
uses: ./.github/workflows/account-deploy.yml
with:
workspace_name: preproduction
apply: true
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

deploy-production-account:
name: TF Deploy Production Account
needs: [deploy-preproduction-account]
uses: ./.github/workflows/account-deploy.yml
with:
workspace_name: production
apply: true
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
12 changes: 9 additions & 3 deletions .github/workflows/workflow-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,17 @@ jobs:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

plan-dev-account:
name: TF Plan Dev Account
plan-account:
strategy:
matrix:
account:
- development
- preproduction
- production
name: "TF Plan Account: ${{ matrix.account }}"
uses: ./.github/workflows/account-deploy.yml
with:
workspace_name: development
workspace_name: ${{ matrix.account }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Expand Down
10 changes: 10 additions & 0 deletions terraform/account/terraform.tfvars.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,16 @@
"account_id": "493907465011",
"account_name": "development",
"is_production": false
},
"preproduction": {
"account_id": "936779158973",
"account_name": "preproduction",
"is_production": false
},
"production": {
"account_id": "764856231715",
"account_name": "production",
"is_production": true
}
}
}

0 comments on commit d4233cb

Please sign in to comment.