Update GitHub Action github/codeql-action
to v3.27.5 (#5711)
#2858
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: HASH Terraform Apply | |
on: | |
workflow_dispatch: | |
inputs: | |
env: | |
type: choice | |
options: ["prod"] | |
description: "Environment to deploy" | |
required: true | |
default: "prod" | |
push: | |
branches: | |
- main | |
env: | |
VAULT_ADDR: ${{ secrets.VAULT_ADDR }} | |
jobs: | |
matrix-eval: | |
name: Prepare environments to be applied | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- name: Set matrix | |
id: set-matrix | |
env: | |
DISPATCH_ENV: ${{ github.event.inputs.env }} | |
run: | | |
# Only apply the prod environment on merge to main or manual dispatch | |
if [[ "$DISPATCH_ENV" == "prod" || "$GITHUB_REF_NAME" == "main" ]]; then | |
echo "matrix=[\"prod\"]" | tee -a $GITHUB_OUTPUT | |
else | |
echo "matrix=[]" | tee -a $GITHUB_OUTPUT | |
fi | |
terraform: | |
runs-on: ubuntu-latest | |
# The following permissions are required for the Vault step used in the | |
# Terraform composite action. | |
permissions: | |
id-token: write | |
contents: read | |
needs: | |
- matrix-eval | |
strategy: | |
matrix: | |
env: ${{ fromJson(needs.matrix-eval.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Prepare SSH key | |
run: | | |
echo "${{ secrets.BASTION_SSH_KEY }}" > h-hash-prod-usea1-bastionkey.pem | |
- uses: ./.github/actions/terraform-exec | |
with: | |
vault-address: ${{ env.VAULT_ADDR }} | |
working-directory: infra/terraform/hash | |
command: apply | |
env: ${{ matrix.env }} | |
- name: Notify Slack on failure | |
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 | |
if: ${{ failure() }} | |
env: | |
SLACK_LINK_NAMES: true | |
SLACK_MESSAGE: "Error applying Terraform configuration <@U0143NL4GMP> <@U027NPY8Y3X> <@U02NLJY0FGX>" # Notifies C & T | |
SLACK_TITLE: Terraform apply failed | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_USERNAME: GitHub | |
VAULT_ADDR: "" | |
VAULT_TOKEN: "" |