Merge pull request #4788 from nhsuk/fix_data_replication

Fix data replication workflow

Author: bogsi17

.github/workflows/data-replication-pipeline.yml

@@ -30,7 +30,7 @@ env:
   db_snapshot_arn: ${{ inputs.db_snapshot_arn }}
   egress_cidr: ${{ inputs.egress_cidr }}
   take_db_snapshot: ${{ inputs.take_db_snapshot }}
-  git_ref: ${{ inputs.git_ref_to_deploy || github.sha }}
+  git_ref_to_deploy: ${{ inputs.git_ref_to_deploy || github.sha }}
   aws_role: ${{ inputs.environment == 'production'
     && 'arn:aws:iam::820242920762:role/GithubDeployDataReplicationInfrastructure'
     || 'arn:aws:iam::393416225559:role/GithubDeployDataReplicationInfrastructure' }}
@@ -63,7 +63,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
         with:
-          ref: ${{ env.git_ref }}
+          ref: ${{ env.git_ref_to_deploy }}
       - name: Get git sha
         id: get-git-sha
         run: echo "git-sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
@@ -79,14 +79,14 @@ jobs:
   prepare-deployment:
     name: Prepare deployment
     runs-on: ubuntu-latest
-    needs: build-and-push-image
+    needs: [build-and-push-image, determine-git-sha]
     permissions:
       id-token: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
         with:
-          ref: ${{ env.git_ref }}
+          ref: ${{ env.git_ref_to_deploy }}
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v5
         with:
@@ -97,7 +97,7 @@ jobs:
         run: |
           digest=$(aws ecr describe-images \
             --repository-name mavis/webapp \
-            --image-ids imageTag=$git_ref \
+            --image-ids imageTag=${{ needs.determine-git-sha.outputs.git-sha }} \
             --query 'imageDetails[0].imageDigest' \
             --output text)
           echo "digest=$digest" >> $GITHUB_OUTPUT

.github/workflows/refresh-data-replication.yml

@@ -32,7 +32,9 @@ on:
 permissions: {}
 
 env:
+  environment: ${{ inputs.environment }}
   db_snapshot_arn: ${{ inputs.db_snapshot_arn }}
+  egress_cidr: ${{ inputs.egress_cidr }}
   aws_role: ${{ inputs.environment == 'production'
     && 'arn:aws:iam::820242920762:role/GithubDeployDataReplicationInfrastructure'
     || 'arn:aws:iam::393416225559:role/GithubDeployDataReplicationInfrastructure' }}
@@ -99,7 +101,7 @@ jobs:
       - name: Install terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
+          terraform_version: 1.13.3
     outputs:
       SNAPSHOT_ARN: ${{ steps.get-latest-snapshot.outputs.SNAPSHOT_ARN }}
 
@@ -124,7 +126,7 @@ jobs:
       - name: Install terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
+          terraform_version: 1.13.3
       - name: Get db secret arn
         id: get-db-secret-arn
         working-directory: terraform/app
@@ -204,7 +206,7 @@ jobs:
       - name: Install terraform
         uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: 1.11.4
+          terraform_version: 1.13.3
       - name: Apply the changes
         run: |
           set -e

terraform/data_replication/variables.tf

@@ -70,6 +70,10 @@ locals {
     {
       name  = "DB_NAME"
       value = aws_rds_cluster.cluster.database_name
+    },
+    {
+      name  = "RAILS_ENV"
+      value = var.environment == "production" ? "production" : "staging"
     }
   ]
   task_secrets = [