From f0d6c6eb0acaa744fd94bee481235d57e55b0fbf Mon Sep 17 00:00:00 2001 From: Sukesh Date: Fri, 17 Jan 2025 13:09:29 +0000 Subject: [PATCH] Test --- .../core-network-services-deployment.yml | 1 + .../core-vpc-development-deployment.yml | 7 +-- .../core-vpc-preproduction-deployment.yml | 8 ++- .../core-vpc-production-deployment.yml | 49 ++---------------- .../workflows/core-vpc-test-deployment.yml | 51 ++----------------- .../reusable_terraform_plan_apply.yml | 51 +++++++++++++++++++ 6 files changed, 64 insertions(+), 103 deletions(-) diff --git a/.github/workflows/core-network-services-deployment.yml b/.github/workflows/core-network-services-deployment.yml index 9297bae69..2b3ffbbbb 100644 --- a/.github/workflows/core-network-services-deployment.yml +++ b/.github/workflows/core-network-services-deployment.yml @@ -29,6 +29,7 @@ permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout pull-requests: write + defaults: run: shell: bash diff --git a/.github/workflows/core-vpc-development-deployment.yml b/.github/workflows/core-vpc-development-deployment.yml index ed9124d86..b2d32a580 100644 --- a/.github/workflows/core-vpc-development-deployment.yml +++ b/.github/workflows/core-vpc-development-deployment.yml @@ -51,16 +51,13 @@ defaults: run: shell: bash -env: - AWS_REGION: "eu-west-2" - ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }} - TF_ENV: "development" jobs: core-vpc-development-deployment-plan-apply: uses: ./.github/workflows/reusable_terraform_plan_apply.yml with: working-directory: "terraform/environments/core-vpc" - environment: development + environment: "development" + run_ram_association: true secrets: MODERNISATION_PLATFORM_ACCOUNT_NUMBER: "${{ secrets.MODERNISATION_PLATFORM_ACCOUNT_NUMBER }}" PASSPHRASE: ${{ secrets.PASSPHRASE }} diff --git a/.github/workflows/core-vpc-preproduction-deployment.yml b/.github/workflows/core-vpc-preproduction-deployment.yml index 026b61842..cc3ffdac6 100644 --- a/.github/workflows/core-vpc-preproduction-deployment.yml +++ b/.github/workflows/core-vpc-preproduction-deployment.yml @@ -42,14 +42,11 @@ on: - '!**.md' workflow_dispatch: -env: - AWS_REGION: "eu-west-2" - ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }} - TF_ENV: "preproduction" permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout pull-requests: write + defaults: run: shell: bash @@ -59,7 +56,8 @@ jobs: uses: ./.github/workflows/reusable_terraform_plan_apply.yml with: working-directory: "terraform/environments/core-vpc" - environment: preproduction + environment: "preproduction" + run_ram_association: true secrets: MODERNISATION_PLATFORM_ACCOUNT_NUMBER: "${{ secrets.MODERNISATION_PLATFORM_ACCOUNT_NUMBER }}" PASSPHRASE: ${{ secrets.PASSPHRASE }} diff --git a/.github/workflows/core-vpc-production-deployment.yml b/.github/workflows/core-vpc-production-deployment.yml index 874e145ab..293e10436 100644 --- a/.github/workflows/core-vpc-production-deployment.yml +++ b/.github/workflows/core-vpc-production-deployment.yml @@ -46,61 +46,18 @@ permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout pull-requests: write + defaults: run: shell: bash -env: - AWS_REGION: "eu-west-2" - ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }} - TF_ENV: "production" jobs: core-vpc-production-deployment-plan-apply: uses: ./.github/workflows/reusable_terraform_plan_apply.yml with: working-directory: "terraform/environments/core-vpc" environment: production + run_ram_association: true secrets: MODERNISATION_PLATFORM_ACCOUNT_NUMBER: "${{ secrets.MODERNISATION_PLATFORM_ACCOUNT_NUMBER }}" - PASSPHRASE: ${{ secrets.PASSPHRASE }} - - member-account-ram-association: - runs-on: [ ubuntu-latest ] - if: github.event.ref == 'refs/heads/main' - needs: [ core-vpc-production-deployment-plan-apply ] - steps: - - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - - - name: Set Account Number - run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$ACCOUNT_NUMBER" - echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions-apply" - role-session-name: githubactionsrolesession - aws-region: ${{ env.AWS_REGION }} - - - name: Setup Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - with: - terraform_wrapper: false - - - name: Run RAM association if needed - run: bash scripts/get-applications-and-run-ram.sh ${TF_ENV} - - - name: Slack failure notification - uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0 - with: - webhook-type: incoming-webhook - payload: | - {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - if: ${{ failure() }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} \ No newline at end of file diff --git a/.github/workflows/core-vpc-test-deployment.yml b/.github/workflows/core-vpc-test-deployment.yml index e1786a43f..d2326e2fe 100644 --- a/.github/workflows/core-vpc-test-deployment.yml +++ b/.github/workflows/core-vpc-test-deployment.yml @@ -44,61 +44,18 @@ permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout pull-requests: write + defaults: run: shell: bash -env: - AWS_REGION: "eu-west-2" - ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }} - TF_ENV: "test" jobs: core-vpc-test-deployment-plan-apply: uses: ./.github/workflows/reusable_terraform_plan_apply.yml with: working-directory: "terraform/environments/core-vpc" - environment: test + environment: "test" + run_ram_association: true secrets: MODERNISATION_PLATFORM_ACCOUNT_NUMBER: "${{ secrets.MODERNISATION_PLATFORM_ACCOUNT_NUMBER }}" - PASSPHRASE: ${{ secrets.PASSPHRASE }} - - member-account-ram-association: - runs-on: [ ubuntu-latest ] - if: github.event.ref == 'refs/heads/main' - needs: [ core-vpc-test-deployment-plan-apply ] - steps: - - name: Checkout Repository - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - - - name: Set Account Number - run: | - ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) - echo "::add-mask::$ACCOUNT_NUMBER" - echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV - - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 - with: - role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions-apply" - role-session-name: githubactionsrolesession - aws-region: ${{ env.AWS_REGION }} - - - name: Setup Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 - with: - terraform_wrapper: false - - - name: Run RAM association if needed - run: bash scripts/get-applications-and-run-ram.sh ${TF_ENV} - - - name: Slack failure notification - uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0 - with: - webhook-type: incoming-webhook - payload: | - {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - if: ${{ failure() }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} \ No newline at end of file diff --git a/.github/workflows/reusable_terraform_plan_apply.yml b/.github/workflows/reusable_terraform_plan_apply.yml index f329285ea..580ca5d7b 100644 --- a/.github/workflows/reusable_terraform_plan_apply.yml +++ b/.github/workflows/reusable_terraform_plan_apply.yml @@ -24,6 +24,11 @@ on: description: 'Unique ID for the calling workflow' required: false type: string + run_ram_association: + description: "Whether to run the RAM association job" + required: false + default: false + type: boolean secrets: MODERNISATION_PLATFORM_ACCOUNT_NUMBER: required: true @@ -161,3 +166,49 @@ jobs: {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} env: SLACK_WEBHOOK_URL: ${{ env.SLACK_WEBHOOK_URL }} + member-account-ram-association: + runs-on: [ ubuntu-latest ] + if: ${{ inputs.run_ram_association == true && github.ref == 'refs/heads/main' }} + needs: [ retrieve-secrets, plan-and-apply ] + steps: + - name: Checkout Repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Decrypt Secrets + uses: ministryofjustice/modernisation-platform-github-actions/decrypt-secrets@d9e930d93532b84efdcf7d7b82621506e96a15b0 # v1.0.0 + with: + environment_management: ${{ needs.retrieve-secrets.outputs.environment_management }} + PASSPHRASE: ${{ secrets.PASSPHRASE }} + + - name: Set Account Number + run: | + ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT) + echo "::add-mask::$ACCOUNT_NUMBER" + echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions-apply" + role-session-name: githubactionsrolesession + aws-region: ${{ inputs.aws_region }} + + - name: Setup Terraform + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 + with: + terraform_wrapper: false + + - name: Run RAM association if needed + run: bash scripts/get-applications-and-run-ram.sh ${{ inputs.environment }} + + - name: Slack failure notification + uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0 + with: + webhook-type: incoming-webhook + payload: | + {"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]} + env: + SLACK_WEBHOOK_URL: ${{ env.SLACK_WEBHOOK_URL }} + if: ${{ failure() }}