From d4233cba03423f078bf48d50aba134910b3e5a48 Mon Sep 17 00:00:00 2001 From: Greg Tyler Date: Wed, 13 Dec 2023 09:57:35 +0000 Subject: [PATCH] Deploy to preproduction and production accounts (#68) * Deploy to preproduction and production accounts Plan the account deployments in PR pipelines, and run in main build. Fixes CTC-129 #major * Use matrix and better variable name Plan accounts in a matrix to reduce duplication. Replace `plan_only` variable with `apply` to make safer default behaviour. #patch --- .github/workflows/account-deploy.yml | 7 ++++++- .github/workflows/workflow-main.yml | 23 +++++++++++++++++++++++ .github/workflows/workflow-pr.yml | 12 +++++++++--- terraform/account/terraform.tfvars.json | 10 ++++++++++ 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/.github/workflows/account-deploy.yml b/.github/workflows/account-deploy.yml index 2b67f818..c865cafb 100644 --- a/.github/workflows/account-deploy.yml +++ b/.github/workflows/account-deploy.yml @@ -7,6 +7,11 @@ on: description: "The terraform workspace to target for account actions" required: true type: string + apply: + description: "Whether to apply the deployment" + required: false + type: boolean + default: false secrets: aws_access_key_id: description: "AWS Access Key ID" @@ -55,7 +60,7 @@ jobs: working-directory: ./terraform/account - name: Terraform Apply - if: github.ref == 'refs/heads/main' + if: inputs.apply == true env: TF_WORKSPACE: ${{ inputs.workspace_name }} run: | diff --git a/.github/workflows/workflow-main.yml b/.github/workflows/workflow-main.yml index bfee1e2e..ebba45d8 100644 --- a/.github/workflows/workflow-main.yml +++ b/.github/workflows/workflow-main.yml @@ -30,6 +30,7 @@ jobs: uses: ./.github/workflows/account-deploy.yml with: workspace_name: development + apply: true secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} @@ -55,3 +56,25 @@ jobs: secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-preproduction-account: + needs: [test-dev-env] + name: TF Deploy Preproduction Account + uses: ./.github/workflows/account-deploy.yml + with: + workspace_name: preproduction + apply: true + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + + deploy-production-account: + name: TF Deploy Production Account + needs: [deploy-preproduction-account] + uses: ./.github/workflows/account-deploy.yml + with: + workspace_name: production + apply: true + secrets: + aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/workflow-pr.yml b/.github/workflows/workflow-pr.yml index b35a060e..0126ef1f 100644 --- a/.github/workflows/workflow-pr.yml +++ b/.github/workflows/workflow-pr.yml @@ -56,11 +56,17 @@ jobs: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - plan-dev-account: - name: TF Plan Dev Account + plan-account: + strategy: + matrix: + account: + - development + - preproduction + - production + name: "TF Plan Account: ${{ matrix.account }}" uses: ./.github/workflows/account-deploy.yml with: - workspace_name: development + workspace_name: ${{ matrix.account }} secrets: aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/terraform/account/terraform.tfvars.json b/terraform/account/terraform.tfvars.json index 3f8aac20..520ec38e 100644 --- a/terraform/account/terraform.tfvars.json +++ b/terraform/account/terraform.tfvars.json @@ -4,6 +4,16 @@ "account_id": "493907465011", "account_name": "development", "is_production": false + }, + "preproduction": { + "account_id": "936779158973", + "account_name": "preproduction", + "is_production": false + }, + "production": { + "account_id": "764856231715", + "account_name": "production", + "is_production": true } } }