diff --git a/.github/workflows/base-gp-registrations-mi.yml b/.github/workflows/base-gp-registrations-mi.yml index 64b2e3b..2a74f4d 100644 --- a/.github/workflows/base-gp-registrations-mi.yml +++ b/.github/workflows/base-gp-registrations-mi.yml @@ -7,6 +7,10 @@ on: required: true type: string default: "dev" + is_deployment: + description: "Is workflow run on deployment" + type: boolean + default: false jobs: terraform_process: @@ -20,7 +24,7 @@ jobs: uses: aws-actions/configure-aws-credentials@v4 with: aws-region: ${{ vars.AWS_REGION }} - role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} + role-to-assume: ${{inputs.is_deployment && secrets.AWS_ASSUME_ROLE || secrets.AWS_ASSUME_ROLE_READ_ONLY}} role-skip-session-tagging: true - name: Setup Terraform @@ -52,19 +56,19 @@ jobs: ./tasks_github_actions.sh build-lambdas - name: Set up Python - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/master' && inputs.is_deployment uses: actions/setup-python@v5 with: python-version: '3.12' - name: Make virtual environment - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/master' && inputs.is_deployment run: | python3 -m venv ./venv ./venv/bin/pip3 install --upgrade pip requests - name: Get ODS CSV Files - if: github.ref == 'refs/heads/master' + if: github.ref == 'refs/heads/master' && inputs.is_deployment run: | PYTHONPATH=$PYTHONPATH:. ./venv/bin/python3 stacks/gp-registrations-mi/scripts/get_latest_ods_csv.py ${{ secrets.TRUD_API_KEY }} ${{ vars.TRUD_API_URL }} @@ -87,14 +91,9 @@ jobs: working-directory: ./stacks/gp-registrations-mi/terraform shell: bash - - name: Terraform Apply - if: github.ref == 'refs/heads/master' - run: terraform apply -auto-approve -input=false tf.plan - working-directory: ./stacks/gp-registrations-mi/terraform - - name: Add PR comment uses: actions/github-script@v7 - if: github.event_name == 'pull_request' + if: github.event_name == 'pull_request' && (success() || failure()) with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -103,50 +102,26 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, issue_number: context.issue.number, - }) + }); const botComment = comments.find(comment => { return comment.user.type === 'Bot' && comment.body.includes('Report for environment: ${{ inputs.environment }}') - }) + }); // 2. Prepare format of the comment - const output = `### Report for environment: ${{ matrix.environment }} + const output = `### Report for environment: ${{ inputs.environment }} #### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` -
Format Output - \`\`\`\n - ${{ steps.fmt.outputs.stdout }} - \`\`\` - -
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` -
Initialization Output - - \`\`\`\n - ${{ steps.init.outputs.stdout }} - \`\`\` -
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` -
Validation Output - - \`\`\`\n - ${{ steps.validate.outputs.stdout }} - \`\`\` -
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\` -
Show Plan (${{ steps.plan.outputs.summary }}) - - \`\`\`\n - ${{ steps.plan.outputs.stdout }} - \`\`\` - -
`; + Plan results: ${{ steps.plan.outputs.summary }}`; // 3. If we have a comment, update it, otherwise create a new one if (botComment) { @@ -154,13 +129,16 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, comment_id: botComment.id, - body: output }) } - github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: output - }) \ No newline at end of file + }); + + - name: Terraform Apply + if: github.ref == 'refs/heads/master' && inputs.is_deployment + run: terraform apply -auto-approve -input=false tf.plan + working-directory: ./stacks/gp-registrations-mi/terraform \ No newline at end of file diff --git a/.github/workflows/deploy-gp-registrations-mi.yml b/.github/workflows/deploy-gp-registrations-mi.yml index 7012170..eefadec 100644 --- a/.github/workflows/deploy-gp-registrations-mi.yml +++ b/.github/workflows/deploy-gp-registrations-mi.yml @@ -21,4 +21,5 @@ jobs: uses: ./.github/workflows/base-gp-registrations-mi.yml with: environment: ${{ inputs.environment }} - secrets: inherit \ No newline at end of file + is_deployment: true + secrets: inherit diff --git a/.github/workflows/pr-gp-registrations-mi.yml b/.github/workflows/pr-gp-registrations-mi.yml index 5ea9925..6e9a69f 100644 --- a/.github/workflows/pr-gp-registrations-mi.yml +++ b/.github/workflows/pr-gp-registrations-mi.yml @@ -20,3 +20,4 @@ jobs: environment: ${{ matrix.environment }} secrets: inherit +