Skip to content

Commit da61d88

Browse files
tim-knight-nhstim-knight-nhs
committed
Revert "[ndr-353] test commit for running against sandbox"
This reverts commit 2eea8d566560a0cd3ad7d0f3e9a78621eed57508.
1 parent 29bb50a commit da61d88

2 files changed

Lines changed: 65 additions & 66 deletions

File tree

.github/workflows/deploy-sandbox.yml

Lines changed: 43 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -78,52 +78,51 @@ jobs:
7878
workspace: ${{ inputs.sandbox_name }}
7979
tf_vars_file: ${{ vars.TF_VARS_FILE }}
8080
tf_extra_args: "-var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}"
81-
# TODO: REVERT
82-
tf_plan_only: true
8381

84-
# terraform_plan_apply_main:
85-
# name: Terraform Plan/Apply (main)
86-
# if: ${{ !inputs.skip_main_deployment }}
87-
# runs-on: ubuntu-latest
88-
# needs: terraform_plan_apply_base_iam
89-
# environment: development
90-
# steps:
91-
# - name: Checkout main
92-
# uses: actions/checkout@v6
93-
# with:
94-
# ref: main
9582

96-
# - name: Apply Main
97-
# uses: ./.github/actions/tf-plan-apply
98-
# with:
99-
# # use newly created role
100-
# aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role
101-
# bucket_prefix: "dev"
102-
# aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
103-
# aws_region: ${{ vars.AWS_REGION }}
104-
# workspace: ${{ inputs.sandbox_name }}
105-
# tf_vars_file: ${{ vars.TF_VARS_FILE }}
83+
terraform_plan_apply_main:
84+
name: Terraform Plan/Apply (main)
85+
if: ${{ !inputs.skip_main_deployment }}
86+
runs-on: ubuntu-latest
87+
needs: terraform_plan_apply_base_iam
88+
environment: development
89+
steps:
90+
- name: Checkout main
91+
uses: actions/checkout@v6
92+
with:
93+
ref: main
94+
95+
- name: Apply Main
96+
uses: ./.github/actions/tf-plan-apply
97+
with:
98+
# use newly created role
99+
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role
100+
bucket_prefix: "dev"
101+
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
102+
aws_region: ${{ vars.AWS_REGION }}
103+
workspace: ${{ inputs.sandbox_name }}
104+
tf_vars_file: ${{ vars.TF_VARS_FILE }}
106105

107106

108-
# terraform_plan_apply_branch:
109-
# name: Terraform Plan/Apply (branch)
110-
# if: ${{ always() && inputs.git_ref != 'main' && needs.validate_inputs.result == 'success' && needs.terraform_plan_apply_base_iam.result == 'success' && (needs.terraform_plan_apply_main.result == 'success' || needs.terraform_plan_apply_main.result == 'skipped') }}
111-
# runs-on: ubuntu-latest
112-
# needs: [validate_inputs, terraform_plan_apply_base_iam, terraform_plan_apply_main]
113-
# environment: development
114-
# steps:
115-
# - name: Checkout Branch
116-
# uses: actions/checkout@v6
117-
# with:
118-
# ref: ${{ inputs.git_ref}}
107+
terraform_plan_apply_branch:
108+
name: Terraform Plan/Apply (branch)
109+
if: ${{ always() && inputs.git_ref != 'main' && needs.validate_inputs.result == 'success' && needs.terraform_plan_apply_base_iam.result == 'success' && (needs.terraform_plan_apply_main.result == 'success' || needs.terraform_plan_apply_main.result == 'skipped') }}
110+
runs-on: ubuntu-latest
111+
needs: [validate_inputs, terraform_plan_apply_base_iam, terraform_plan_apply_main]
112+
environment: development
113+
steps:
114+
- name: Checkout Branch
115+
uses: actions/checkout@v6
116+
with:
117+
ref: ${{ inputs.git_ref}}
119118

120-
# - name: Apply Branch
121-
# uses: ./.github/actions/tf-plan-apply
122-
# with:
123-
# # use newly created role
124-
# aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role
125-
# bucket_prefix: "dev"
126-
# aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
127-
# aws_region: ${{ vars.AWS_REGION }}
128-
# workspace: ${{ inputs.sandbox_name }}
129-
# tf_vars_file: ${{ vars.TF_VARS_FILE }}
119+
- name: Apply Branch
120+
uses: ./.github/actions/tf-plan-apply
121+
with:
122+
# use newly created role
123+
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ inputs.sandbox_name}}-github-actions-role
124+
bucket_prefix: "dev"
125+
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
126+
aws_region: ${{ vars.AWS_REGION }}
127+
workspace: ${{ inputs.sandbox_name }}
128+
tf_vars_file: ${{ vars.TF_VARS_FILE }}

base_iam/iam_github_prod.tf

Lines changed: 22 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# aws_iam_role.prod_github_actions[0]:
22
resource "aws_iam_role" "prod_github_actions" {
3-
count = local.is_development ? 1 : 0
3+
count = local.is_prod ? 1 : 0
44
name = "${terraform.workspace}-github-actions-role"
55
description = "This role is to provide access for GitHub Actions to the ${terraform.workspace} environment."
66
force_detach_policies = false
@@ -39,7 +39,7 @@ resource "aws_iam_role" "prod_github_actions" {
3939
# INLINE POLICIES
4040

4141
resource "aws_iam_role_policy" "CloudWatchLogsPolicy_prod" {
42-
count = local.is_development ? 1 : 0
42+
count = local.is_prod ? 1 : 0
4343
role = aws_iam_role.prod_github_actions[0].id
4444
name = "CloudWatchLogsPolicy"
4545
policy = jsonencode(
@@ -69,7 +69,7 @@ resource "aws_iam_role_policy" "CloudWatchLogsPolicy_prod" {
6969
}
7070

7171
resource "aws_iam_role_policy" "CloudWatchRumPolicy_prod" {
72-
count = local.is_development ? 1 : 0
72+
count = local.is_prod ? 1 : 0
7373
role = aws_iam_role.prod_github_actions[0].id
7474
name = "CloudWatchRumPolicy"
7575
policy = jsonencode(
@@ -131,7 +131,7 @@ resource "aws_iam_role_policy" "CloudWatchRumPolicy_prod" {
131131
}
132132

133133
resource "aws_iam_role_policy" "GithubCloudfrontPolicy_prod" {
134-
count = local.is_development ? 1 : 0
134+
count = local.is_prod ? 1 : 0
135135
role = aws_iam_role.prod_github_actions[0].id
136136
name = "GithubCloudfrontPolicy"
137137
policy = jsonencode(
@@ -167,7 +167,7 @@ resource "aws_iam_role_policy" "GithubCloudfrontPolicy_prod" {
167167
}
168168

169169
resource "aws_iam_role_policy" "GithubECSPolicy_prod" {
170-
count = local.is_development ? 1 : 0
170+
count = local.is_prod ? 1 : 0
171171
role = aws_iam_role.prod_github_actions[0].id
172172
name = "GithubECSPolicy"
173173
policy = jsonencode(
@@ -186,7 +186,7 @@ resource "aws_iam_role_policy" "GithubECSPolicy_prod" {
186186
}
187187

188188
resource "aws_iam_role_policy" "GithubSchedulerPolicy_prod" {
189-
count = local.is_development ? 1 : 0
189+
count = local.is_prod ? 1 : 0
190190
role = aws_iam_role.prod_github_actions[0].id
191191
name = "GithubSchedulerPolicy"
192192
policy = jsonencode(
@@ -208,7 +208,7 @@ resource "aws_iam_role_policy" "GithubSchedulerPolicy_prod" {
208208
}
209209

210210
resource "aws_iam_role_policy" "acm_prod" {
211-
count = local.is_development ? 1 : 0
211+
count = local.is_prod ? 1 : 0
212212
role = aws_iam_role.prod_github_actions[0].id
213213
name = "acm"
214214
policy = jsonencode(
@@ -230,7 +230,7 @@ resource "aws_iam_role_policy" "acm_prod" {
230230
}
231231

232232
resource "aws_iam_role_policy" "ecr_policy_prod" {
233-
count = local.is_development ? 1 : 0
233+
count = local.is_prod ? 1 : 0
234234
role = aws_iam_role.prod_github_actions[0].id
235235
name = "ecr_policy"
236236
policy = jsonencode(
@@ -259,7 +259,7 @@ resource "aws_iam_role_policy" "ecr_policy_prod" {
259259
}
260260

261261
resource "aws_iam_role_policy" "github_extended_policy_virus_scanner_prod" {
262-
count = local.is_development ? 1 : 0
262+
count = local.is_prod ? 1 : 0
263263
role = aws_iam_role.prod_github_actions[0].id
264264
name = "github-extended-policy-virus-scanner"
265265
policy = jsonencode(
@@ -294,7 +294,7 @@ resource "aws_iam_role_policy" "github_extended_policy_virus_scanner_prod" {
294294
}
295295

296296
resource "aws_iam_role_policy" "lambda_prod" {
297-
count = local.is_development ? 1 : 0
297+
count = local.is_prod ? 1 : 0
298298
role = aws_iam_role.prod_github_actions[0].id
299299
name = "lambda"
300300
policy = jsonencode(
@@ -330,7 +330,7 @@ resource "aws_iam_role_policy" "lambda_prod" {
330330
}
331331

332332
resource "aws_iam_role_policy" "mtls_gateway_prod" {
333-
count = local.is_development ? 1 : 0
333+
count = local.is_prod ? 1 : 0
334334
role = aws_iam_role.prod_github_actions[0].id
335335
name = "mtls-gateway"
336336
policy = jsonencode(
@@ -398,7 +398,7 @@ resource "aws_iam_role_policy" "mtls_gateway_prod" {
398398
}
399399

400400
resource "aws_iam_role_policy" "resource_tagging_prod" {
401-
count = local.is_development ? 1 : 0
401+
count = local.is_prod ? 1 : 0
402402
role = aws_iam_role.prod_github_actions[0].id
403403
name = "resource_tagging"
404404
policy = jsonencode(
@@ -535,7 +535,7 @@ resource "aws_iam_role_policy" "resource_tagging_prod" {
535535
}
536536

537537
resource "aws_iam_role_policy" "step_functions_prod" {
538-
count = local.is_development ? 1 : 0
538+
count = local.is_prod ? 1 : 0
539539
role = aws_iam_role.prod_github_actions[0].id
540540
name = "step_functions"
541541
policy = jsonencode(
@@ -564,20 +564,20 @@ resource "aws_iam_role_policy" "step_functions_prod" {
564564
# ATTACHED POLICIES
565565

566566
resource "aws_iam_role_policy_attachment" "ReadOnlyAccess_prod" {
567-
count = local.is_development ? 1 : 0
567+
count = local.is_prod ? 1 : 0
568568
role = aws_iam_role.prod_github_actions[0].name
569569
policy_arn = "arn:aws:iam::aws:policy/ReadOnlyAccess"
570570
}
571571

572572
resource "aws_iam_role_policy_attachment" "GitHubAllAccess_prod" {
573-
count = local.is_development ? 1 : 0
573+
count = local.is_prod ? 1 : 0
574574
role = aws_iam_role.prod_github_actions[0].name
575575
policy_arn = aws_iam_policy.GitHubAllAccess_prod[0].arn
576576
}
577577

578578
# aws_iam_policy.GitHubAllAccess_prod[0]:
579579
resource "aws_iam_policy" "GitHubAllAccess_prod" {
580-
count = local.is_development ? 1 : 0
580+
count = local.is_prod ? 1 : 0
581581
description = "Access for Github Workflows"
582582
name = "${terraform.workspace}-GitHubAllAccess"
583583
name_prefix = null
@@ -830,14 +830,14 @@ resource "aws_iam_policy" "GitHubAllAccess_prod" {
830830
}
831831

832832
resource "aws_iam_role_policy_attachment" "ecs_policy_prod" {
833-
count = local.is_development ? 1 : 0
833+
count = local.is_prod ? 1 : 0
834834
role = aws_iam_role.prod_github_actions[0].name
835835
policy_arn = aws_iam_policy.ecs_policy_prod[0].arn
836836
}
837837

838838
# aws_iam_policy.ecs_policy_prod[0]:
839839
resource "aws_iam_policy" "ecs_policy_prod" {
840-
count = local.is_development ? 1 : 0
840+
count = local.is_prod ? 1 : 0
841841
description = null
842842
name = "${terraform.workspace}-ecs_policy"
843843
name_prefix = null
@@ -862,14 +862,14 @@ resource "aws_iam_policy" "ecs_policy_prod" {
862862
}
863863

864864
resource "aws_iam_role_policy_attachment" "github_extension_1_prod" {
865-
count = local.is_development ? 1 : 0
865+
count = local.is_prod ? 1 : 0
866866
role = aws_iam_role.prod_github_actions[0].name
867867
policy_arn = aws_iam_policy.github_extension_1_prod[0].arn
868868
}
869869

870870
# aws_iam_policy.github_extension_1_prod[0]:
871871
resource "aws_iam_policy" "github_extension_1_prod" {
872-
count = local.is_development ? 1 : 0
872+
count = local.is_prod ? 1 : 0
873873
description = null
874874
name = "${terraform.workspace}-github-extension-1"
875875
name_prefix = null
@@ -1012,14 +1012,14 @@ resource "aws_iam_policy" "github_extension_1_prod" {
10121012
}
10131013

10141014
resource "aws_iam_role_policy_attachment" "scheduler_policy_prod" {
1015-
count = local.is_development ? 1 : 0
1015+
count = local.is_prod ? 1 : 0
10161016
role = aws_iam_role.prod_github_actions[0].name
10171017
policy_arn = aws_iam_policy.scheduler_policy_prod[0].arn
10181018
}
10191019

10201020
# aws_iam_policy.scheduler_policy_prod[0]:
10211021
resource "aws_iam_policy" "scheduler_policy_prod" {
1022-
count = local.is_development ? 1 : 0
1022+
count = local.is_prod ? 1 : 0
10231023
description = null
10241024
name = "${terraform.workspace}-scheduler_policy"
10251025
name_prefix = null

0 commit comments

Comments
 (0)