[Scheduled] Cycle Secrets #424
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Scheduled] Cycle Secrets" | |
| on: | |
| schedule: | |
| # 1:30AM from Monday to Friday | |
| - cron: "30 1 * * 1-5" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| security-events: none | |
| pull-requests: none | |
| actions: none | |
| checks: none | |
| deployments: none | |
| issues: none | |
| packages: none | |
| repository-projects: none | |
| statuses: none | |
| jobs: | |
| latest_deployed_image: | |
| name: get latest deployed image from training | |
| uses: ./.github/workflows/_latest-deployed-image.yml | |
| with: | |
| workspace: training | |
| terraform_path: environment | |
| account_name: preproduction | |
| secrets: inherit | |
| rotate_secrets_preproduction: | |
| name: rotate secrets for preproduction account | |
| uses: ./.github/workflows/_cycle-secrets.yml | |
| needs: | |
| - latest_deployed_image | |
| with: | |
| account_environment: preproduction | |
| secrets: inherit | |
| terraform_apply_integration: | |
| name: integration environment apply terraform | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - rotate_secrets_preproduction | |
| - latest_deployed_image | |
| with: | |
| workspace: integration | |
| terraform_path: environment | |
| apply: true | |
| account_name: preproduction | |
| container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
| secrets: inherit | |
| terraform_apply_training: | |
| name: training environment apply terraform | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - rotate_secrets_preproduction | |
| - latest_deployed_image | |
| with: | |
| workspace: training | |
| terraform_path: environment | |
| apply: true | |
| account_name: preproduction | |
| container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
| secrets: inherit | |
| terraform_apply_preproduction: | |
| name: preproduction environment apply terraform | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - rotate_secrets_preproduction | |
| - latest_deployed_image | |
| with: | |
| workspace: preproduction | |
| terraform_path: environment | |
| apply: true | |
| account_name: preproduction | |
| container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
| secrets: inherit | |
| rotate_secrets_production: | |
| name: rotate secrets for production account | |
| uses: ./.github/workflows/_cycle-secrets.yml | |
| needs: | |
| - terraform_apply_preproduction | |
| - terraform_apply_training | |
| - terraform_apply_integration | |
| with: | |
| account_environment: production | |
| secrets: inherit | |
| terraform_apply_production: | |
| name: production environment apply terraform | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - rotate_secrets_production | |
| - latest_deployed_image | |
| - terraform_apply_preproduction | |
| with: | |
| workspace: production02 | |
| terraform_path: environment | |
| apply: true | |
| account_name: production | |
| container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
| secrets: inherit | |
| slack_notify_failure: | |
| name: notify of failure | |
| uses: ./.github/workflows/_slack-notification.yml | |
| if: ${{ failure() }} | |
| needs: | |
| - terraform_apply_production | |
| with: | |
| success: no | |
| branch: main | |
| account: 515688267891 | |
| scheduled_task: "Cycle AWS Secrets" | |
| secrets: inherit |