v0.6.10 #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Production | ||
| on: | ||
| release: | ||
| types: | ||
| - published | ||
| workflow_dispatch: | ||
| inputs: | ||
| image_digest: | ||
| description: The sha256 digest of the docker image to use | ||
| required: true | ||
| type: string | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| jobs: | ||
| get_image_metadata: | ||
| runs-on: ubuntu-latest | ||
| environment: production | ||
| if: github.event != 'workflow_dispatch' | ||
| outputs: | ||
| image_digest: ${{ steps.set_image_digest.outputs.image_digest }} | ||
| steps: | ||
| - name: Get Image Metadata from Release | ||
| uses: dsaltares/fetch-gh-release-asset@master | ||
| with: | ||
| version: ${{ github.event.release.id || }} | ||
|
Check failure on line 29 in .github/workflows/deploy-production.yml
|
||
| file: metadata.json | ||
| - name: Set Image Digest from Metadata | ||
| id: set_image_digest | ||
| run: | | ||
| image_digest=$(cat metadata.json | jq -r '."containerimage.digest"') | ||
| echo "image_digest=$image_digest" >> $GITHUB_OUTPUT | ||
| production_deploy: | ||
| runs-on: ubuntu-latest | ||
| environment: production | ||
| env: | ||
| tf_version: '1.5.7' | ||
| tg_version: '0.54.0' | ||
| tg_dir: './deploy/tg' | ||
| needs: [get_image_metadata] | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| audience: sts.amazonaws.com | ||
| aws-region: ${{ vars.AWS_REGION }} | ||
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | ||
| - name: Expose github environment as shell variables | ||
| env: | ||
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | ||
| VARS_CONTEXT: ${{ toJson(vars) }} | ||
| run: | | ||
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | ||
| to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | ||
| echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | ||
| echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | ||
| - name: Setup Terraform | ||
| uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| terraform_version: ${{ env.tf_version }} | ||
| - name: Setup Terragrunt | ||
| id: setup_terragrunt | ||
| run: | | ||
| wget https://github.com/gruntwork-io/terragrunt/releases/download/v${terragrunt_version}/terragrunt_linux_amd64 \ | ||
| && mv terragrunt_linux_amd64 terragrunt \ | ||
| && chmod +x terragrunt \ | ||
| && mv terragrunt /usr/local/bin/terragrunt | ||
| env: | ||
| terragrunt_version: ${{ env.tg_version }} | ||
| - name: Terragrunt Plan | ||
| id: terragrunt_plan | ||
| run: terragrunt plan -out=tf.plan | ||
| working-directory: ${{ env.tg_dir }} | ||
| env: | ||
| TF_INPUT: 0 | ||
| TF_IN_AUTOMATION: true | ||
| # get the image digest from the build job with optional override from vars context | ||
| TF_VAR_image: ${{ vars.IMAGE || needs.get_image_metadata.outputs.image_digest || inputs.image_digest }} | ||
| - name: Terragrunt Apply | ||
| id: terragrunt_apply | ||
| run: terragrunt apply -auto-approve tf.plan | ||
| working-directory: ${{ env.tg_dir }} | ||
| env: | ||
| TF_INPUT: 0 | ||
| TF_IN_AUTOMATION: true | ||
| # get the image digest from the build job with optional override from vars context | ||
| TF_VAR_image: ${{ vars.IMAGE || needs.get_image_metadata.outputs.image_digest || inputs.image_digest }} | ||
