Pause deployments for a while #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Well Known Environment Workflow | |
| on: | |
| push: | |
| branches: | |
| - "env/**" | |
| workflow_call: | |
| inputs: | |
| branch: | |
| required: true | |
| type: string | |
| env: | |
| AWS_REGION: "eu-west-2" | |
| branch: ${{ inputs.branch == '' && github.ref_name || inputs.branch }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| terraform_plan: | |
| name: Terraform plan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.branch }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Terraform plan | |
| run: | | |
| source uhd.sh | |
| uhd terraform init | |
| [ $IS_ACCOUNT_LAYER_BRANCH = "true" ] && uhd terraform plan:layer 10-account $TARGET_ACCOUNT_NAME | |
| uhd terraform plan:layer 20-app $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| terraform_apply: | |
| name: Terraform apply | |
| runs-on: ubuntu-latest | |
| needs: ["terraform_plan"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.branch }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Terraform apply | |
| run: | | |
| source uhd.sh | |
| uhd terraform init | |
| [ $IS_ACCOUNT_LAYER_BRANCH = "true" ] && uhd terraform apply:layer 10-account $TARGET_ACCOUNT_NAME | |
| uhd terraform apply:layer 20-app $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| push_docker_images: | |
| name: Push docker images | |
| runs-on: ubuntu-latest | |
| needs: ["terraform_apply"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.branch }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Pull / push docker images | |
| run: | | |
| source uhd.sh | |
| uhd docker ecr:login | |
| uhd docker pull | |
| uhd docker ecr:login $TARGET_ACCOUNT_NAME | |
| uhd docker push $TARGET_ACCOUNT_NAME $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| restart_ecs_services: | |
| name: Restart ECS services | |
| runs-on: ubuntu-latest | |
| needs: ["push_docker_images"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ env.branch }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/well-known-environment-name | |
| with: | |
| branch: ${{ env.branch }} | |
| - name: Terraform output | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform output:layer 20-app $ENVIRONMENT_NAME | |
| env: | |
| branch: ${{ env.branch }} | |
| shell: zsh {0} | |
| - name: Configure AWS credentials for ECS (dev) | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| if: startsWith(env.branch, 'env/dev/') | |
| with: | |
| role-to-assume: ${{ secrets.UHD_ECS_ROLE_DEV }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-chaining: true | |
| - name: Configure AWS credentials for ECS (test) | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| if: startsWith(env.branch, 'env/test/') | |
| with: | |
| role-to-assume: ${{ secrets.UHD_ECS_ROLE_TEST }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-chaining: true | |
| - name: Configure AWS credentials for ECS (uat) | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| if: startsWith(env.branch, 'env/uat/') | |
| with: | |
| role-to-assume: ${{ secrets.UHD_ECS_ROLE_UAT }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-chaining: true | |
| - name: Restart ECS services | |
| run: | | |
| source uhd.sh | |
| uhd ecs restart-services | |
| shell: zsh {0} |