v0.6.5 refactor tf ssm parameter use #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| on: | |
| release: | |
| types: | |
| - published | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| production_deploy_plan: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Get Image Metadata from Release | |
| uses: dsaltares/fetch-gh-release-asset@master | |
| with: | |
| version: ${{ github.event.release.id }} | |
| file: metadata.json | |
| - name: Set Image Digest from Metadata | |
| id: set_image_digest | |
| run: | | |
| image_digest=$(cat metadata.json | jq -r '."containerimage.digest"') | |
| echo "image_digest=$image_digest" >> $GITHUB_OUTPUT | |
| - name: Expose github environment as shell variables | |
| env: | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | |
| echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| - name: Terragrunt Plan | |
| id: terragrunt_plan | |
| uses: gruntwork-io/[email protected] | |
| with: | |
| tf_version: '1.5.7' | |
| tg_version: '0.51.0' | |
| tg_dir: './deploy/tg' | |
| tg_command: 'run-all plan' | |
| env: | |
| TF_INPUT: 0 | |
| TF_IN_AUTOMATION: true | |
| # get the image digest from the build job with optional override from vars context | |
| TF_VAR_image: ${{ vars.IMAGE || steps.set_image_digest.outputs.image_digest }} | |
| # set the parameter name variables | |
| TF_VAR_alb_parameter_name: ${{ env.ALB_PARAMETER_NAME }} | |
| TF_VAR_ecr_parameter_name: ${{ vars.ECR_REPOSITORY }} | |
| TF_VAR_rds_parameter_name: ${{ env.RDS_PARAMETER_NAME }} | |
| production_deploy_apply: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| needs: [production_deploy_plan] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Get Image Metadata from Release | |
| uses: dsaltares/fetch-gh-release-asset@master | |
| with: | |
| version: ${{ github.event.release.id }} | |
| file: metadata.json | |
| - name: Set Image Digest from Metadata | |
| id: set_image_digest | |
| run: | | |
| image_digest=$(cat metadata.json | jq -r '."containerimage.digest"') | |
| echo "image_digest=$image_digest" >> $GITHUB_OUTPUT | |
| - name: Expose github environment as shell variables | |
| env: | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | |
| echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| - name: Terragrunt Apply | |
| id: terragrunt_plan | |
| uses: gruntwork-io/[email protected] | |
| with: | |
| tf_version: '1.5.7' | |
| tg_version: '0.51.0' | |
| tg_dir: './deploy/tg' | |
| tg_command: 'run-all apply' | |
| env: | |
| TF_INPUT: 0 | |
| TF_IN_AUTOMATION: true | |
| # get the image digest from the build job with optional override from vars context | |
| TF_VAR_image: ${{ vars.IMAGE || steps.set_image_digest.outputs.image_digest }} | |
| # set the parameter name variables | |
| TF_VAR_alb_parameter_name: ${{ env.ALB_PARAMETER_NAME }} | |
| TF_VAR_ecr_parameter_name: ${{ vars.ECR_REPOSITORY }} | |
| TF_VAR_rds_parameter_name: ${{ env.RDS_PARAMETER_NAME }} |