HHS · coilysiren · Apr 19, 2024 · Apr 18, 2024 · Apr 18, 2024 · Apr 18, 2024
@@ -1,12 +1,12 @@
-name: 'Configure AWS Credentials'
-description: 'Configure AWS Credentials for a given application and |
+name: "Configure AWS Credentials"
+description: "Configure AWS Credentials for a given application and |
   environment so that the GitHub Actions workflow can access AWS resources. |
   This is a wrapper around https://github.com/aws-actions/configure-aws-credentials |
   that first determines the account, role, and region based on the |
-  account_names_by_environment configuration in app-config'
+  account_names_by_environment configuration in app-config"
 inputs:
   app_name:
-    description: 'Name of application folder under /infra'
+    description: "Name of application folder under /infra"
     required: true
   environment:
     description: 'Name of environment (dev, staging, prod) that AWS resources live in, or "shared" for resources that are shared across environments'
@@ -17,28 +17,29 @@ runs:
     - name: Get AWS account authentication details (AWS account, IAM role, AWS region)
       env:
         TF_LOG: DEBUG
-        TF_LOG_PATH: './terraform-debug.log'
       run: |
-        # Set up environment for detailed Terraform logging
-        echo "Enabling Terraform Debug Logging"
-        export TF_LOG="${{ env.TF_LOG }}"
-        export TF_LOG_PATH="${{ env.TF_LOG_PATH }}"
-
         # Get AWS account authentication details (AWS account, IAM role, AWS region)
         # associated with the application environment to figure out which AWS
         # account to log into, which IAM role to assume, and which AWS region to use
 
         echo "::group::AWS account authentication details"
 
-        terraform -chdir=infra/project-config init > /dev/null
-        terraform -chdir=infra/project-config apply -refresh-only -auto-approve> /dev/null
+        # Print the commands as you run them
+        set -o xtrace
+
+        # Set up environment for detailed Terraform logs
+        export TF_LOG="${{ env.TF_LOG }}"
+
+        terraform --version
+        terraform -chdir=infra/project-config init
+        terraform -chdir=infra/project-config apply -auto-approve
         AWS_REGION=$(terraform -chdir=infra/project-config output -raw default_region)
         echo "AWS_REGION=$AWS_REGION"
         GITHUB_ACTIONS_ROLE_NAME=$(terraform -chdir=infra/project-config output -raw github_actions_role_name)
         echo "GITHUB_ACTIONS_ROLE_NAME=$GITHUB_ACTIONS_ROLE_NAME"
 
-        terraform -chdir=infra/${{ inputs.app_name }}/app-config init > /dev/null
-        terraform -chdir=infra/${{ inputs.app_name }}/app-config apply -refresh-only -auto-approve> /dev/null
+        terraform -chdir=infra/${{ inputs.app_name }}/app-config init
+        terraform -chdir=infra/${{ inputs.app_name }}/app-config apply -auto-approve
         ACCOUNT_NAME=$(terraform -chdir=infra/${{ inputs.app_name }}/app-config output -json account_names_by_environment | jq -r .${{ inputs.environment }})
         echo "ACCOUNT_NAME=$ACCOUNT_NAME"
 
@@ -58,9 +59,6 @@ runs:
         echo "Setting env vars AWS_ROLE_TO_ASSUME and AWS_REGION..."
         echo "AWS_ROLE_TO_ASSUME=$AWS_ROLE_TO_ASSUME" >> "$GITHUB_ENV"
         echo "AWS_REGION=$AWS_REGION" >> "$GITHUB_ENV"
-
-        # Output Terraform log file contents
-        cat "$TF_LOG_PATH"
       shell: bash
     - name: Configure AWS credentials
       uses: aws-actions/configure-aws-credentials@v3

diff --git a/.github/workflows/cd-api.yml b/.github/workflows/cd-api.yml
@@ -4,6 +4,10 @@ name: Deploy API
 run-name: Deploy ${{ github.ref_name }} to API ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'dev' }}
 
 on:
+  # for testing purposes
+  pull_request:
+    paths:
+      - ".github/workflows/cd-api.yml"
   push:
     branches:
       - "main"