diff --git a/.github/workflows/release-tests.yml b/.github/workflows/release-tests.yml index e622e6f..61ba91a 100644 --- a/.github/workflows/release-tests.yml +++ b/.github/workflows/release-tests.yml @@ -7,10 +7,6 @@ on: # Allows manual testing workflow_dispatch: -# TODO: -# - Github env vars/secrets made available to this repo -# - After full testing, uncomment slack channel status - jobs: pre-commit: permissions: @@ -30,6 +26,12 @@ jobs: steps: - uses: actions/checkout@v5 + # Truncate and s3-friendly-ify tfstate filename + - name: Prereqs + id: prereqs + run: | + echo "REPOSITORY_NAME=`echo \"${{ github.ref_name }}\" | tr -d './' | cut -c1-15`" >> $GITHUB_ENV + # Here we read the terraform version from the .terraform-version file, and then install that version - name: Get Terraform version id: tf_version @@ -43,23 +45,21 @@ jobs: id: prep_env working-directory: utils/cicd run: | - sed -i 's|VAR-TF_STATE_BUCKET|${{ secrets.FD_CICD_TF_STATE_BUCKET }}|g' backend.tf - sed -i 's|VAR-AWS_REGION|${{ secrets.FD_CICD_AWS_REGION}}|g' backend.tf - sed -i 's|VAR-GITHUB_REPOSITORY|${{ github.ref_name }}|g' backend.tf - echo -e "\n cicd backend.tf contents:\n" - cat backend.tf + sed -i "s|VAR-TF_STATE_BUCKET|${{ secrets.FD_CICD_TF_STATE_BUCKET }}|g" backend.tf + sed -i "s|VAR-AWS_REGION|${{ secrets.FD_CICD_AWS_REGION}}|g" backend.tf + sed -i "s|VAR-GITHUB_REPOSITORY|$REPOSITORY_NAME|g" backend.tf - name: Update stac-server lambdas id: update_stac_lambdas run: ./utils/update-lambdas.bash - # - name: Configure Terraform Init Credentials - # id: init_creds - # uses: aws-actions/configure-aws-credentials@v5 - # with: - # aws-region: ${{ secrets.FD_CICD_AWS_REGION }} - # role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} - # role-session-name: GitHubReleaseInit + - name: Configure Terraform Init Credentials + id: init_creds + uses: aws-actions/configure-aws-credentials@v5 + with: + aws-region: ${{ secrets.FD_CICD_AWS_REGION }} + role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} + role-session-name: GitHubReleaseInit - name: Terraform Init id: tf_init @@ -71,108 +71,108 @@ jobs: working-directory: utils/cicd run: terraform validate - # - name: Configure Terraform Plan Credentials - # id: plan_creds - # uses: aws-actions/configure-aws-credentials@v5 - # with: - # aws-region: ${{ secrets.FD_CICD_AWS_REGION }} - # role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} - # role-session-name: GitHubReleasePlan + - name: Configure Terraform Plan Credentials + id: plan_creds + uses: aws-actions/configure-aws-credentials@v5 + with: + aws-region: ${{ secrets.FD_CICD_AWS_REGION }} + role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} + role-session-name: GitHubReleasePlan - name: Terraform Plan id: tf_plan working-directory: utils/cicd run: terraform plan -out test.tfplan - # - name: Configure Terraform Apply Credentials - # id: apply_creds - # uses: aws-actions/configure-aws-credentials@v5 - # with: - # aws-region: ${{ secrets.FD_CICD_AWS_REGION }} - # role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} - # role-session-name: GitHubReleaseApply - - # - name: Terraform Apply - # id: tf_apply - # continue-on-error: true - # working-directory: utils/cicd - # run: terraform apply -input=false test.tfplan - - # - name: Post tf_apply success status to Slack channel - # id: tf_apply_successs - # if: steps.tf_apply.outcome == 'success' - # continue-on-error: true - # uses: slackapi/slack-github-action@v2.1.1 - # with: - # method: chat.postMessage - # token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} - # payload: | - # channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} - # text: ":badger_dance: terraform-aws-stac-server - ${{ github.ref_name }} terraform apply job has succeeded!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" - - # - name: Post tf_apply failure status to Slack channel - # id: tf_apply_failure - # if: steps.tf_apply.outcome != 'success' - # continue-on-error: true - # uses: slackapi/slack-github-action@v2.1.1 - # with: - # method: chat.postMessage - # token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} - # payload: | - # channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} - # text: ":sadpanda: terraform-aws-stac-server -${{ github.ref_name }} terraform apply has failed!\n:alert: make sure cleanup job deletes all AWS resources!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" - - # - name: Configure Terraform Cleanup Check Credentials - # id: cleanup_check_creds - # if: always() - # uses: aws-actions/configure-aws-credentials@v5 - # with: - # aws-region: ${{ secrets.FD_CICD_AWS_REGION }} - # role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} - # role-session-name: GitHubReleaseCleanupCheck - - # - name: Terraform Destroy Pre-Check - # id: tf_destroy_plan - # if: always() - # working-directory: utils/cicd - # run: terraform plan -destroy -out test-cleanup.tfplan - - # - name: Configure Terraform Cleanup Credentials - # id: cleanup_creds - # if: always() - # uses: aws-actions/configure-aws-credentials@v5 - # with: - # aws-region: ${{ secrets.FD_CICD_AWS_REGION }} - # role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} - # role-session-name: GitHubReleaseCleanup - - # - name: Terraform Destroy - # id: tf_destroy_apply - # if: always() - # continue-on-error: true - # working-directory: utils/cicd - # run: terraform apply -destroy -input=false test-cleanup.tfplan - - # - name: Post tf_destroy success status to Slack channel - # id: tf_destroy_apply_successs - # if: steps.tf_destroy_apply.outcome == 'success' - # continue-on-error: true - # uses: slackapi/slack-github-action@v2.1.1 - # with: - # method: chat.postMessage - # token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} - # payload: | - # channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} - # text: ":badger_dance: terraform-aws-stac-server - ${{ github.ref_name }} cleanup job has succeeded!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" - - # - name: Post tf_destroy failure status to Slack channel - # id: tf_destroy_apply_failure - # if: steps.tf_destroy_apply.outcome != 'success' - # continue-on-error: true - # uses: slackapi/slack-github-action@v2.1.1 - # with: - # method: chat.postMessage - # token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} - # payload: | - # channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} - # text: ":sadpanda: terraform-aws-stac-server -${{ github.ref_name }} cleanup job has failed!\n:alert: make sure AWS resources are deleted!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + - name: Configure Terraform Apply Credentials + id: apply_creds + uses: aws-actions/configure-aws-credentials@v5 + with: + aws-region: ${{ secrets.FD_CICD_AWS_REGION }} + role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} + role-session-name: GitHubReleaseApply + + - name: Terraform Apply + id: tf_apply + continue-on-error: true + working-directory: utils/cicd + run: terraform apply -input=false test.tfplan + + - name: Post tf_apply success status to Slack channel + id: tf_apply_successs + if: steps.tf_apply.outcome == 'success' + continue-on-error: true + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} + payload: | + channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} + text: ":badger_dance: terraform-aws-stac-server - ${{ github.ref_name }} terraform apply job has succeeded!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + + - name: Post tf_apply failure status to Slack channel + id: tf_apply_failure + if: steps.tf_apply.outcome != 'success' + continue-on-error: true + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} + payload: | + channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} + text: ":sadpanda: terraform-aws-stac-server -${{ github.ref_name }} terraform apply has failed!\n:alert: make sure cleanup job deletes all AWS resources!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + + - name: Configure Terraform Cleanup Check Credentials + id: cleanup_check_creds + if: always() + uses: aws-actions/configure-aws-credentials@v5 + with: + aws-region: ${{ secrets.FD_CICD_AWS_REGION }} + role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} + role-session-name: GitHubReleaseCleanupCheck + + - name: Terraform Destroy Pre-Check + id: tf_destroy_plan + if: always() + working-directory: utils/cicd + run: terraform plan -destroy -out test-cleanup.tfplan + + - name: Configure Terraform Cleanup Credentials + id: cleanup_creds + if: always() + uses: aws-actions/configure-aws-credentials@v5 + with: + aws-region: ${{ secrets.FD_CICD_AWS_REGION }} + role-to-assume: ${{ secrets.FD_CICD_AWS_ROLE }} + role-session-name: GitHubReleaseCleanup + + - name: Terraform Destroy + id: tf_destroy_apply + if: always() + continue-on-error: true + working-directory: utils/cicd + run: terraform apply -destroy -input=false test-cleanup.tfplan + + - name: Post tf_destroy success status to Slack channel + id: tf_destroy_apply_successs + if: steps.tf_destroy_apply.outcome == 'success' + continue-on-error: true + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} + payload: | + channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} + text: ":badger_dance: terraform-aws-stac-server - ${{ github.ref_name }} cleanup job has succeeded!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" + + - name: Post tf_destroy failure status to Slack channel + id: tf_destroy_apply_failure + if: steps.tf_destroy_apply.outcome != 'success' + continue-on-error: true + uses: slackapi/slack-github-action@v2.1.1 + with: + method: chat.postMessage + token: ${{ secrets.FD_CICD_SLACK_BOT_TOKEN }} + payload: | + channel: ${{ secrets.FD_CICD_SLACK_CHANNEL_ID }} + text: ":sadpanda: terraform-aws-stac-server -${{ github.ref_name }} cleanup job has failed!\n:alert: make sure AWS resources are deleted!\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" diff --git a/CHANGELOG.md b/CHANGELOG.md index a886aa2..3367ba1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. +## [1.0.2] - 2025-11-03 + +### Added + +- Finish release-tests cicd + ## [1.0.1] - 2025-11-03 ### Added diff --git a/utils/cicd/backend.tf b/utils/cicd/backend.tf index 2a6dfc8..fbc27e3 100644 --- a/utils/cicd/backend.tf +++ b/utils/cicd/backend.tf @@ -4,7 +4,7 @@ terraform { # these are injected from env vars by CICD bucket = "VAR-TF_STATE_BUCKET" region = "VAR-AWS_REGION" - key = "VAR-GITHUB_REPOSITORY-tfstacserv-cicd.tfstate" + key = "VAR-GITHUB_REPOSITORY-cicd-stac-server.tfstate" use_lockfile = true } } diff --git a/utils/cicd/main.tf b/utils/cicd/main.tf index 753c814..17fb215 100644 --- a/utils/cicd/main.tf +++ b/utils/cicd/main.tf @@ -12,13 +12,13 @@ module "main" { source = "../.." # project - project_name = "ssrv-cicd" + project_name = "cicd" stac_id = "stac-server" stac_title = "STAC API" stac_description = "A STAC API using stac-server" stac_server_version = null - stac_api_stage = "git" - stac_api_rootpath = "git" + stac_api_stage = "gh" + stac_api_rootpath = "gh" deploy_local_stac_server_artifacts = false deploy_stac_server_opensearch_serverless = true deploy_stac_server_outside_vpc = false diff --git a/utils/cicd/vpc-data/data.tf b/utils/cicd/vpc-data/data.tf index 78cde48..5886294 100644 --- a/utils/cicd/vpc-data/data.tf +++ b/utils/cicd/vpc-data/data.tf @@ -1,15 +1,8 @@ # For our CI/CD deployment of stac-server, we must pull VPC details of the AWS account that the CI/CD # process is running in -locals { - # A VPC with the following tag must exist in the AWS account used for CI/CD - searchtag = { - Name = "aws-controltower-VPC" - } -} - data "aws_vpc" "vpc" { - tags = local.searchtag + tags = { Name = "aws-controltower-VPC" } } data "aws_subnets" "private" { @@ -18,14 +11,7 @@ data "aws_subnets" "private" { values = [data.aws_vpc.vpc.id] } - tags = local.searchtag -} - -data "aws_subnet" "private_subnets" { - for_each = toset(data.aws_subnets.private.ids) - - vpc_id = data.aws_vpc.vpc.id - id = each.value + tags = { Name = "aws-controltower-PrivateSubnet*" } } data "aws_security_group" "security_group" { diff --git a/utils/cicd/vpc-data/outputs.tf b/utils/cicd/vpc-data/outputs.tf index cab03b8..4ee833d 100644 --- a/utils/cicd/vpc-data/outputs.tf +++ b/utils/cicd/vpc-data/outputs.tf @@ -7,7 +7,7 @@ output "vpc_cidr" { } output "private_subnet_ids" { - value = values(data.aws_subnet.private_subnets)[*].id + value = data.aws_subnets.private.ids } output "security_group_id" {