diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index fddd448..41f6248 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -10,10 +10,114 @@ on: jobs: deploy-dev: - uses: ./.github/workflows/deploy-wf.yaml - secrets: inherit - concurrency: dev - with: - stage: dev - url: https://console.goose.filmdrop.element84.com + permissions: + id-token: write + contents: read + runs-on: ubuntu-latest + env: + CI: true + STAC_SERVER_TAG: v3.7.0 + CIRRUS_TAG: v1.0.0a0 fd-aws-tf-modules-version: v2.29.0 + stage: dev + project-name: goose + + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: "18" + - uses: actions/setup-python@v5 + with: + python-version: "3.12" + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "1.7.5" + + - name: Preparing Environment + id: prep_env + run: | + echo "Creating terraform backend file ..." + echo '' > config.s3.backend.tf + echo 'terraform {' >> config.s3.backend.tf + echo ' backend "s3" {' >> config.s3.backend.tf + echo ' encrypt = true' >> config.s3.backend.tf + echo " bucket = \"${{ secrets.TF_STATE_BUCKET }}\"" >> config.s3.backend.tf + echo " dynamodb_table = \"${{ secrets.TF_STATE_LOCK_TABLE }}\"" >> config.s3.backend.tf + echo " key = \"${{ env.project-name }}-${{ env.stage }}.tfstate\"" >> config.s3.backend.tf + echo " region = \"${{ secrets.AWS_REGION }}\"" >> config.s3.backend.tf + echo ' }' >> config.s3.backend.tf + echo '}' >> config.s3.backend.tf + cat config.s3.backend.tf + echo "Using FilmDrop Terraform ${{ env.fd-aws-tf-modules-version }} release..." + ./scripts/retrieve_tf_modules.sh ${{ env.fd-aws-tf-modules-version }} + + - name: Update stac-server lambdas + id: update_stac_lambdas + run: ./scripts/update-stac-server-lambdas.bash + + - name: Update cirrus lambda dist + id: update_cirrus_lambda_dist + run: ./scripts/update-cirrus-lambda-dist.bash + + - name: Configure Terraform Init Credentials + id: init_creds + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE }} + role-session-name: GooseTFInit + + - name: Terraform Init + id: tf_init + run: terraform init + + - name: Terraform Validate + id: tf_validate + run: terraform validate + + - name: Configure Terraform Plan Credentials + id: plan_creds + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE }} + role-session-name: GooseTFPlan + + - name: Terraform Plan + id: tf_plan + run: terraform plan -var-file="${{ inputs.stage }}.tfvars" -out ${{ inputs.stage }}.tfplan -lock=false + + - name: Configure Terraform Apply Credentials + id: apply_creds + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ secrets.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE }} + role-session-name: GooseTFApply + + - name: Terraform Apply + id: tf_apply + run: terraform apply -lock=false -input=false ${{ inputs.stage }}.tfplan + + - name: Post status to Slack channel + id: tf_apply_successs + if: steps.tf_apply.outcome == 'success' + continue-on-error: true + uses: slackapi/slack-github-action@v1.26.0 + with: + channel-id: ${{ secrets.SLACK_CHANNEL_ID }} + slack-message: ":silly-goose: ${{ env.project-name }}-${{ inputs.stage }}-titiler ${{ github.ref_name }} terraform apply job has succeeded!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} + + - name: Post status to Slack channel + id: tf_apply_failure + if: steps.tf_apply.outcome != 'success' + continue-on-error: true + uses: slackapi/slack-github-action@v1.26.0 + with: + channel-id: ${{ secrets.SLACK_CHANNEL_ID }} + slack-message: ":goosebonk: ${{ env.project-name }}-${{ inputs.stage }}-titiler ${{ github.ref_name }} terraform apply has failed!\n:alert: make sure cleanup job deletes all AWS resources!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + env: + SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/deploy-wf.yml b/.github/workflows/deploy-wf.yml deleted file mode 100644 index c9c6f66..0000000 --- a/.github/workflows/deploy-wf.yml +++ /dev/null @@ -1,121 +0,0 @@ -on: - workflow_call: - inputs: - stage: - required: true - type: string - url: - required: true - type: string - fd-aws-tf-modules-version: - required: true - type: string - -env: - project-name: goose - -permissions: - id-token: write - contents: read - -jobs: - deploy: - environment: - name: ${{ inputs.stage }} - url: ${{ inputs.url }} - - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - uses: hashicorp/setup-terraform@v3 - with: - terraform_version: "1.7.5" - - - name: Preparing Environment - id: prep_env - run: | - echo "Creating terraform backend file ..." - echo '' > config.s3.backend.tf - echo 'terraform {' >> config.s3.backend.tf - echo ' backend "s3" {' >> config.s3.backend.tf - echo ' encrypt = true' >> config.s3.backend.tf - echo " bucket = \"${{ secrets.TF_STATE_BUCKET }}\"" >> config.s3.backend.tf - echo " dynamodb_table = \"${{ secrets.TF_STATE_LOCK_TABLE }}\"" >> config.s3.backend.tf - echo " key = \"${{ env.project-name }}-${{ inputs.stage }}.tfstate\"" >> config.s3.backend.tf - echo " region = \"${{ secrets.AWS_REGION }}\"" >> config.s3.backend.tf - echo ' }' >> config.s3.backend.tf - echo '}' >> config.s3.backend.tf - cat config.s3.backend.tf - echo "Using FilmDrop Terraform ${{ inputs.fd-aws-tf-modules-version }} release..." - ./scripts/retrieve_tf_modules.sh ${{ inputs.fd-aws-tf-modules-version }} - - - name: Update stac-server lambdas - id: update_stac_lambdas - run: ./scripts/update-stac-server-lambdas.bash - - - name: Update cirrus lambda dist - id: update_cirrus_lambda_dist - run: ./scripts/update-cirrus-lambda-dist.bash - - - name: Configure Terraform Init Credentials - id: init_creds - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ secrets.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE }} - role-session-name: GitHubReleaseInit - - - name: Terraform Init - id: tf_init - run: terraform init - - - name: Terraform Validate - id: tf_validate - run: terraform validate - - - name: Configure Terraform Plan Credentials - id: plan_creds - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ secrets.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE }} - role-session-name: GitHubReleasePlan - - - name: Terraform Plan - id: tf_plan - run: terraform plan -var-file="${{ inputs.stage }}.tfvars" -out ${{ inputs.stage }}.tfplan -lock=false - - - name: Configure Terraform Apply Credentials - id: apply_creds - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-region: ${{ secrets.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ROLE }} - role-session-name: GitHubReleaseApply - - - name: Terraform Apply - id: tf_apply - run: terraform apply -lock=false -input=false ${{ inputs.stage }}.tfplan - - - name: Post status to Slack channel - id: tf_apply_successs - if: steps.tf_apply.outcome == 'success' - continue-on-error: true - uses: slackapi/slack-github-action@v1.26.0 - with: - channel-id: ${{ secrets.SLACK_CHANNEL_ID }} - slack-message: ":silly-goose: ${{ env.project-name }}-${{ inputs.stage }}-titiler ${{ github.ref_name }} terraform apply job has succeeded!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - - - name: Post status to Slack channel - id: tf_apply_failure - if: steps.tf_apply.outcome != 'success' - continue-on-error: true - uses: slackapi/slack-github-action@v1.26.0 - with: - channel-id: ${{ secrets.SLACK_CHANNEL_ID }} - slack-message: ":goosebonk: ${{ env.project-name }}-${{ inputs.stage }}-titiler ${{ github.ref_name }} terraform apply has failed!\n:alert: make sure cleanup job deletes all AWS resources!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c5f145a..2764ac4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -83,7 +83,7 @@ jobs: with: aws-region: ${{ secrets.AWS_REGION }} role-to-assume: ${{ secrets.AWS_ROLE }} - role-session-name: GitHubReleaseInit + role-session-name: GooseValidate - name: Terraform Init id: tf_init