Merge pull request #841 from UKHSA-Internal/chore/update-ip-allowlist… #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Well Known Environment Workflow | |
| on: | |
| push: | |
| branches: | |
| - "env/**" | |
| workflow_call: | |
| inputs: | |
| branch: | |
| required: true | |
| type: string | |
| env: | |
| AWS_REGION: "eu-west-2" | |
| branch: ${{ inputs.branch == '' && github.ref_name || inputs.branch }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| terraform_plan: | |
| name: Terraform plan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.branch }} | |
| - uses: actions/setup-python@v5 | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Terraform plan | |
| run: | | |
| source uhd.sh | |
| uhd terraform init | |
| [ $IS_ACCOUNT_LAYER_BRANCH = "true" ] && uhd terraform plan:layer 10-account $TARGET_ACCOUNT_NAME | |
| uhd terraform plan:layer 20-app $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| terraform_apply: | |
| name: Terraform apply | |
| runs-on: ubuntu-latest | |
| needs: ["terraform_plan"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.branch }} | |
| - uses: actions/setup-python@v5 | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| role-duration-seconds: "7200" | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Terraform apply | |
| run: | | |
| source uhd.sh | |
| uhd terraform init | |
| [ $IS_ACCOUNT_LAYER_BRANCH = "true" ] && uhd terraform apply:layer 10-account $TARGET_ACCOUNT_NAME | |
| uhd terraform apply:layer 20-app $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| push_docker_images: | |
| name: Push docker images | |
| runs-on: ubuntu-latest | |
| needs: ["terraform_apply"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.branch }} | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Pull / push docker images | |
| run: | | |
| source uhd.sh | |
| uhd docker ecr:login | |
| uhd docker pull | |
| uhd docker ecr:login $TARGET_ACCOUNT_NAME | |
| uhd docker push $TARGET_ACCOUNT_NAME $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| restart_services: | |
| name: Restart services | |
| runs-on: ubuntu-latest | |
| needs: ["push_docker_images"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.branch }} | |
| - name: Configure AWS credentials for tools account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| tools-account-role: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Terraform output | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform output:layer 20-app $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| - name: Configure AWS credentials for account | |
| uses: ./.github/actions/configure-aws-credentials | |
| with: | |
| account-name: ${{ env.TARGET_ACCOUNT_NAME }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| dev-account-role: ${{ secrets.UHD_ECS_ROLE_DEV }} | |
| test-account-role: ${{ secrets.UHD_ECS_ROLE_TEST }} | |
| uat-account-role: ${{ secrets.UHD_ECS_ROLE_UAT }} | |
| - name: Restart ECS services | |
| run: | | |
| source uhd.sh | |
| uhd ecs restart-services | |
| shell: zsh {0} | |
| - name: Redeploy lambda functions | |
| run: | | |
| source uhd.sh | |
| uhd lambda redeploy-functions | |
| shell: zsh {0} |