Skip to content

chore: synced file(s) with cds-snc/site-reliability-engineering (#289) #230

chore: synced file(s) with cds-snc/site-reliability-engineering (#289)

chore: synced file(s) with cds-snc/site-reliability-engineering (#289) #230

Workflow file for this run

name: "Terraform Apply"
on:
push:
branches:
- main
env:
AWS_REGION: "ca-central-1"
TERRAFORM_VERSION: 1.7.2
TERRAGRUNT_VERSION: 0.55.1
CONFTEST_VERSION: 0.49.0
permissions:
id-token: write
contents: read
jobs:
terragrunt-apply-account:
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- account_folder: org_account
module: main
account: 659087519042
assume_role_name: "assume_apply"
la_customer_id: LA_CUSTOMER_ID
la_shared_key: LA_SHARED_KEY
role: cds-aws-lz-apply
- account_folder: org_account
module: spend_notifier
account: 659087519042
assume_role_name: "assume_apply"
spend_notifier_hook: SPEND_NOTIFIER_HOOK
weekly_spend_notifier_hook: WEEKLY_SPEND_NOTIFIER_HOOK
role: cds-aws-lz-apply
- account_folder: org_account
module: roles
account: 659087519042
assume_role_name: "assume_apply"
admin_sso_role_arn: ADMIN_SSO_ROLE_ARN
role: cds-aws-lz-apply
- account_folder: org_account
module: aft
account: 659087519042
role: cds-aws-lz-apply
- account_folder: org_account
module: sentinel_oidc
account: 659087519042
role: cds-aws-lz-apply
- account_folder: org_account
module: organization
account: 659087519042
role: cds-aws-lz-apply
- account_folder: org_account
module: billing_extract_tags
account: 659087519042
role: cds-aws-lz-apply
- account_folder: org_account
module: iam_identity_center
account: 659087519042
role: cds-aws-lz-apply
- account_folder: log_archive
module: main
account: 274536870005
role: cds-aws-lz-apply
- account_folder: log_archive
module: legacy_archives
account: 274536870005
role: cds-aws-lz-apply
- account_folder: log_archive
module: sre_bot
account: 274536870005
assume_role_name: "assume_apply"
admin_sso_role_arn: ADMIN_SSO_ROLE_ARN
role: cds-aws-lz-apply
- account_folder: audit
module: main
account: 886481071419
role: cds-aws-lz-apply
- account_folder: audit
module: sre_bot
account: 886481071419
assume_role_name: "assume_apply"
admin_sso_role_arn: ADMIN_SSO_ROLE_ARN
role: cds-aws-lz-apply
- account_folder: aft
module: main
account: 137554749751
lz_webhook_key: LZ_CHANNEL_WEBHOOK
role: cds-aws-lz-apply
- account_folder: aft
module: notifications
account: 137554749751
role: cds-aws-lz-apply
aft_notifications_hook: AFT_NOTIFICATIONS_HOOK
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: setup terraform tools
uses: cds-snc/terraform-tools-setup@v1
- name: Configure aws credentials using OIDC
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{ matrix.account }}:role/${{ matrix.role }}
role-session-name: ${{matrix.account}}-${{matrix.module}}-apply
aws-region: ${{ env.AWS_REGION }}
- name: Terraform apply ${{matrix.account_folder}}/${{ matrix.module }}
working-directory: terragrunt/${{ matrix.account_folder }}/${{ matrix.module }}
env:
TF_VAR_aft_slack_webhook: ${{ secrets[matrix.lz_webhook_key] }}
TF_VAR_assume_role_name: ${{ matrix.assume_role_name }}
TF_VAR_lw_customer_id: ${{ secrets[matrix.la_customer_id] }}
TF_VAR_lw_shared_key: ${{ secrets[matrix.la_shared_key] }}
TF_VAR_daily_spend_notifier_hook: ${{ secrets[matrix.spend_notifier_hook] }}
TF_VAR_weekly_spend_notifier_hook: ${{ secrets[matrix.weekly_spend_notifier_hook]}}
TF_VAR_aft_notifications_hook: ${{ secrets[matrix.aft_notifications_hook]}}
TF_VAR_admin_sso_role_arn: ${{ secrets[matrix.admin_sso_role_arn] }}
run: |
terragrunt apply --terragrunt-non-interactive -auto-approve