Skip to content

[Scheduled] Cycle Secrets #447

[Scheduled] Cycle Secrets

[Scheduled] Cycle Secrets #447

name: "[Scheduled] Cycle Secrets"
on:
schedule:
# 1:30AM from Monday to Friday
- cron: "30 1 * * 1-5"
permissions:
id-token: write
contents: read
security-events: none
pull-requests: none
actions: none
checks: none
deployments: none
issues: none
packages: none
repository-projects: none
statuses: none
jobs:
latest_deployed_image:
name: get latest deployed image from training
uses: ./.github/workflows/_latest-deployed-image.yml
with:
workspace: training
terraform_path: environment
account_name: preproduction
secrets:
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
rotate_secrets_preproduction:
name: rotate secrets for preproduction account
uses: ./.github/workflows/_cycle-secrets.yml
needs:
- latest_deployed_image
with:
account_environment: preproduction
terraform_apply_integration:
name: integration environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_preproduction
- latest_deployed_image
with:
workspace: integration
terraform_path: environment
apply: true
account_name: preproduction
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets:
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
terraform_apply_training:
name: training environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_preproduction
- latest_deployed_image
with:
workspace: training
terraform_path: environment
apply: true
account_name: preproduction
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets:
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
terraform_apply_preproduction:
name: preproduction environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_preproduction
- latest_deployed_image
with:
workspace: preproduction
terraform_path: environment
apply: true
account_name: preproduction
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets:
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
rotate_secrets_production:
name: rotate secrets for production account
uses: ./.github/workflows/_cycle-secrets.yml
needs:
- terraform_apply_preproduction
- terraform_apply_training
- terraform_apply_integration
with:
account_environment: production
terraform_apply_production:
name: production environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_production
- latest_deployed_image
- terraform_apply_preproduction
with:
workspace: production02
terraform_path: environment
apply: true
account_name: production
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets:
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY_ALLOW_LIST_REPOSITORY }}
slack_notify_failure:
name: notify of failure
uses: ./.github/workflows/_slack-notification.yml
if: ${{ failure() }}
needs:
- terraform_apply_production
with:
success: no
branch: main
account: 515688267891
scheduled_task: "Cycle AWS Secrets"