Skip to content

Commit 885ff5e

Browse files
PedroSoaresNHSPedroSoaresNHS
committed
Merge remote-tracking branch 'origin/main' into PRMP-1058
# Conflicts: # base_iam/iam_github_pre-prod.tf
2 parents f5bffac + 5930df5 commit 885ff5e

12 files changed

Lines changed: 297 additions & 83 deletions

.github/workflows/deploy-pre-prod.yml

Lines changed: 33 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,8 @@ jobs:
4444
run: |
4545
echo Tag to deploy: ${{ steps.versioning.outputs.tag || github.event.inputs.branch_or_tag }}
4646
47-
terraform_plan_apply:
48-
name: Terraform Plan/Apply (pre-prod)
47+
terraform_plan_apply_base_iam:
48+
name: Terraform Plan/Apply base-iam (pre-prod)
4949
runs-on: ubuntu-latest
5050
needs: ["tag_main"]
5151
environment: pre-prod
@@ -56,43 +56,38 @@ jobs:
5656
ref: ${{ needs.tag_main.outputs.version }}
5757
fetch-depth: "0"
5858

59-
- name: Configure AWS Credentials
60-
uses: aws-actions/configure-aws-credentials@v5
61-
with:
62-
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
63-
role-skip-session-tagging: true
64-
aws-region: ${{ vars.AWS_REGION }}
65-
mask-aws-account-id: true
66-
67-
- name: Setup Terraform
68-
uses: hashicorp/setup-terraform@v3
59+
- name: Apply base_iam
60+
uses: ./.github/actions/tf-plan-apply
6961
with:
70-
terraform_version: 1.14.3
71-
terraform_wrapper: false
72-
73-
- name: Initialise Terraform
74-
id: init
75-
run: terraform init -backend-config=backend-pre-prod.conf
76-
working-directory: ./infrastructure
77-
shell: bash
62+
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/pre-prod-github-bootstrap
63+
bucket_prefix: "pre-prod"
64+
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
65+
aws_region: ${{ vars.AWS_REGION }}
66+
working_directory: "./base_iam" # Use separate base_iam directory
67+
workspace: ${{ secrets.AWS_WORKSPACE }}
68+
tf_vars_file: ${{ vars.TF_VARS_FILE }}
69+
tf_extra_args: "-var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}"
7870

79-
- name: Select Terraform Workspace
80-
id: workspace
81-
run: terraform workspace select ${{ secrets.AWS_WORKSPACE }}
82-
working-directory: ./infrastructure
83-
shell: bash
8471

85-
- name: Check Terraform Formatting
86-
run: terraform fmt -check
87-
working-directory: ./infrastructure
88-
89-
- name: Run Terraform Plan
90-
id: plan
91-
run: |
92-
terraform plan -input=false -no-color -var-file="${{vars.TF_VARS_FILE}}" -out tf.plan
93-
working-directory: ./infrastructure
94-
shell: bash
72+
terraform_plan_apply:
73+
name: Terraform Plan/Apply infrastructure (pre-prod)
74+
runs-on: ubuntu-latest
75+
needs: ["tag_main", "terraform_plan_apply_base_iam"]
76+
environment: pre-prod
77+
steps:
78+
- name: Checkout main
79+
uses: actions/checkout@v6
80+
with:
81+
ref: ${{ needs.tag_main.outputs.version }}
82+
fetch-depth: "0"
9583

96-
- name: Run Terraform Apply
97-
run: terraform apply -auto-approve -input=false tf.plan
98-
working-directory: ./infrastructure
84+
- name: Apply Main
85+
uses: ./.github/actions/tf-plan-apply
86+
with:
87+
# use newly updated role
88+
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/pre-prod-github-actions-role
89+
bucket_prefix: "pre-prod"
90+
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
91+
aws_region: ${{ vars.AWS_REGION }}
92+
workspace: ${{ secrets.AWS_WORKSPACE }}
93+
tf_vars_file: ${{ vars.TF_VARS_FILE }}

.github/workflows/tear-down-sandbox.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ jobs:
5454
sandbox_name: ${{ inputs.sandbox_name }}
5555
environment: ${{ inputs.environment }}
5656
secrets:
57-
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}
57+
AWS_ASSUME_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
5858

5959
cleanup_versions:
6060
name: Cleanup Versions
@@ -64,7 +64,7 @@ jobs:
6464
sandbox_name: ${{ inputs.sandbox_name }}
6565
environment: ${{ inputs.environment }}
6666
secrets:
67-
AWS_ASSUME_ROLE: ${{ secrets.AWS_ASSUME_ROLE }}
67+
AWS_ASSUME_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
6868

6969
terraform_destroy:
7070
name: Terraform Destroy
@@ -80,7 +80,7 @@ jobs:
8080
- name: Configure AWS Credentials
8181
uses: aws-actions/configure-aws-credentials@v5
8282
with:
83-
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }}
83+
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
8484
aws-region: ${{ vars.AWS_REGION }}
8585
mask-aws-account-id: true
8686

0 commit comments

Comments
 (0)