Skip to content

Update GitHub Action github/codeql-action to v3.27.5 (#5711) #2858

Update GitHub Action github/codeql-action to v3.27.5 (#5711)

Update GitHub Action github/codeql-action to v3.27.5 (#5711) #2858

Workflow file for this run

name: HASH Terraform Apply
on:
workflow_dispatch:
inputs:
env:
type: choice
options: ["prod"]
description: "Environment to deploy"
required: true
default: "prod"
push:
branches:
- main
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
jobs:
matrix-eval:
name: Prepare environments to be applied
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Set matrix
id: set-matrix
env:
DISPATCH_ENV: ${{ github.event.inputs.env }}
run: |
# Only apply the prod environment on merge to main or manual dispatch
if [[ "$DISPATCH_ENV" == "prod" || "$GITHUB_REF_NAME" == "main" ]]; then
echo "matrix=[\"prod\"]" | tee -a $GITHUB_OUTPUT
else
echo "matrix=[]" | tee -a $GITHUB_OUTPUT
fi
terraform:
runs-on: ubuntu-latest
# The following permissions are required for the Vault step used in the
# Terraform composite action.
permissions:
id-token: write
contents: read
needs:
- matrix-eval
strategy:
matrix:
env: ${{ fromJson(needs.matrix-eval.outputs.matrix) }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Prepare SSH key
run: |
echo "${{ secrets.BASTION_SSH_KEY }}" > h-hash-prod-usea1-bastionkey.pem
- uses: ./.github/actions/terraform-exec
with:
vault-address: ${{ env.VAULT_ADDR }}
working-directory: infra/terraform/hash
command: apply
env: ${{ matrix.env }}
- name: Notify Slack on failure
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
if: ${{ failure() }}
env:
SLACK_LINK_NAMES: true
SLACK_MESSAGE: "Error applying Terraform configuration <@U0143NL4GMP> <@U027NPY8Y3X> <@U02NLJY0FGX>" # Notifies C & T
SLACK_TITLE: Terraform apply failed
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: GitHub
VAULT_ADDR: ""
VAULT_TOKEN: ""