Skip to content
CD Terraform

chore: synced file(s) with cds-snc/site-reliability-engineering (#176) #196

Sign in to view logs

chore: synced file(s) with cds-snc/site-reliability-engineering (#176)

chore: synced file(s) with cds-snc/site-reliability-engineering (#176) #196

Workflow file for this run

.github/workflows/merge_to_main.yaml at 290d800
name: "CD Terraform"
on:
push:
branches:
- main
defaults:
run:
shell: bash
permissions:
id-token: write
contents: read
env:
AWS_REGION: ca-central-1
GITHUB_SHA: ${{ github.sha }}
REGISTRY: 637287734259.dkr.ecr.ca-central-1.amazonaws.com/secret
TERRAFORM_VERSION: 0.13.5
TERRAGRUNT_VERSION: 0.26.0
TF_VAR_git_sha: ${{ github.sha }}
jobs:
terraform-apply:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Setup Terraform tools
uses: cds-snc/terraform-tools-setup@v1
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::637287734259:role/secret-apply
role-session-name: TFApply
aws-region: ${{ env.AWS_REGION }}
- name: Apply aws/acm
working-directory: terragrunt/acm
run: terragrunt apply --terragrunt-non-interactive -auto-approve
- name: Apply aws/ecr
working-directory: terragrunt/ecr
run: terragrunt apply --terragrunt-non-interactive -auto-approve
- name: Apply aws/lambda
working-directory: terragrunt/lambda
run: terragrunt apply --terragrunt-non-interactive -auto-approve
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
- name: Build docker image, tag, and push to Amazon ECR
run: |
make build-lambda-app
docker tag lambda-app:latest $REGISTRY/app:latest
docker tag lambda-app:latest $REGISTRY/app:$GITHUB_SHA-`date '+%Y-%m-%d'`
docker push $REGISTRY/app:$GITHUB_SHA-`date '+%Y-%m-%d'`
docker push $REGISTRY/app:latest
- name: Deploy new image
run: |
aws lambda update-function-code \
--function-name secret-production-api \
--image-uri $REGISTRY/app:$GITHUB_SHA-`date '+%Y-%m-%d'` > /dev/null 2>&1
- name: Logout of Amazon ECR
run: docker logout ${{ steps.login-ecr.outputs.registry }}
- name: CloudFront cache invalidate
run: aws cloudfront create-invalidation --distribution-id EI3NT2MMNFDOX --paths "/*"