From 83eb9e12658345e520db00aa06a448f2b50696c9 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 16 Jun 2025 15:09:18 -0500 Subject: [PATCH] Move TG workflow to separate workflow repo --- .github/workflows/deploy-sandbox.yml | 149 ++++++++++++----------- .github/workflows/draft-release.yml | 1 - .github/workflows/release-published.yml | 150 ++++++++++++------------ .github/workflows/terragrunt-deploy.yml | 94 --------------- 4 files changed, 149 insertions(+), 245 deletions(-) delete mode 100644 .github/workflows/terragrunt-deploy.yml diff --git a/.github/workflows/deploy-sandbox.yml b/.github/workflows/deploy-sandbox.yml index c14f5a4..c7fe5a2 100644 --- a/.github/workflows/deploy-sandbox.yml +++ b/.github/workflows/deploy-sandbox.yml @@ -1,82 +1,81 @@ name: Deploy Sandbox Environment on: - pull_request: - branches: [ "**" ] + pull_request: + branches: [ "**" ] permissions: - id-token: write - contents: read + id-token: write + contents: read jobs: - build-matrix: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.build-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f - - name: Build Environment Matrix - id: build-matrix - shell: python - env: - PLATFORM_ENVIRONMENT: "sandbox" - run: | - from pathlib import Path - import os - import json - - def discover_environments(platform_path: Path = Path("platform")) -> list[Path]: - return [d for d in platform_path.iterdir() if d.is_dir()] - - def discover_regions(environment_path: Path) -> list[Path]: - return [d for d in environment_path.iterdir() if d.is_dir()] - - def discover_instances(region_path: Path) -> list[Path]: - return [d for d in region_path.iterdir() if d.is_dir()] - - try: - ENVIRONMENT = os.environ['PLATFORM_ENVIRONMENT'] - except KeyError as ke: - raise ValueError("Environment variable named PLATFORM_ENVIRONMENT was not found. This variable must be supplied so that a matrix of environments can be built!") - - if len(ENVIRONMENT) == 0: - raise ValueError("Environment variable PLATFORM_ENVIRONMENT was empty. This variable must be supplied so that a matrix of environments can be built!") - - all_environments = discover_environments() - matrix = {"terragrunt_environment": []} - try: - selected_environment = list(filter(lambda x: x.name == ENVIRONMENT, all_environments))[0] - except Exception: - raise ValueError(f"Expected environment '{ENVIRONMENT}' not found in {all_environments}") - - regions = discover_regions(environment_path=selected_environment) - - for region_path in regions: - region_instances = discover_instances(region_path=region_path) - for instance in region_instances: - matrix["terragrunt_environment"].append({"environment": selected_environment.name, "region": region_path.name, "instance": instance.name}) - - print("Generated the following environment matrix:") - print(json.dumps(matrix, indent=4)) - - with open(os.environ["GITHUB_OUTPUT"], "a") as f: - f.write(f"matrix={json.dumps(matrix, separators=(',', ':'))}") - - call-terragrunt-deploy: - needs: build-matrix - permissions: - contents: read - id-token: write - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} - - uses: ./.github/workflows/terragrunt-deploy.yml - with: - tf_version: '1.5.5' - tg_version: '0.54.11' - environment: ${{ matrix.terragrunt_environment.environment }} - region: ${{ matrix.terragrunt_environment.region }} - env_id: ${{ matrix.terragrunt_environment.instance }} - - secrets: inherit \ No newline at end of file + build-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.build-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f + - name: Build Environment Matrix + id: build-matrix + shell: python + env: + PLATFORM_ENVIRONMENT: "sandbox" + run: | + from pathlib import Path + import os + import json + + def discover_environments(platform_path: Path = Path("platform")) -> list[Path]: + return [d for d in platform_path.iterdir() if d.is_dir()] + + def discover_regions(environment_path: Path) -> list[Path]: + return [d for d in environment_path.iterdir() if d.is_dir()] + + def discover_instances(region_path: Path) -> list[Path]: + return [d for d in region_path.iterdir() if d.is_dir()] + + try: + ENVIRONMENT = os.environ['PLATFORM_ENVIRONMENT'] + except KeyError as ke: + raise ValueError("Environment variable named PLATFORM_ENVIRONMENT was not found. This variable must be supplied so that a matrix of environments can be built!") + + if len(ENVIRONMENT) == 0: + raise ValueError("Environment variable PLATFORM_ENVIRONMENT was empty. This variable must be supplied so that a matrix of environments can be built!") + + all_environments = discover_environments() + matrix = {"terragrunt_environment": []} + try: + selected_environment = list(filter(lambda x: x.name == ENVIRONMENT, all_environments))[0] + except Exception: + raise ValueError(f"Expected environment '{ENVIRONMENT}' not found in {all_environments}") + + regions = discover_regions(environment_path=selected_environment) + + for region_path in regions: + region_instances = discover_instances(region_path=region_path) + for instance in region_instances: + matrix["terragrunt_environment"].append({"environment": selected_environment.name, "region": region_path.name, "instance": instance.name}) + + print("Generated the following environment matrix:") + print(json.dumps(matrix, indent=4)) + + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + f.write(f"matrix={json.dumps(matrix, separators=(',', ':'))}") + + call-terragrunt-deploy: + needs: build-matrix + permissions: + contents: read + id-token: write + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} + + uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-deploy.yml@v0.1.0 + with: + tf_version: '1.5.5' + tg_version: '0.54.11' + environment: ${{ matrix.terragrunt_environment.environment }} + region: ${{ matrix.terragrunt_environment.region }} + env_id: ${{ matrix.terragrunt_environment.instance }} + secrets: inherit diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index b9e368c..99724a2 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -18,7 +18,6 @@ jobs: - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 with: commitish: main - disable-autolabeler: true latest: true env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml index b15896e..1330cb9 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-published.yml @@ -1,83 +1,83 @@ on: - release: - types: - - published + release: + types: + - published name: Deploy to Production permissions: - contents: read + contents: read jobs: - build-matrix: - runs-on: ubuntu-latest - outputs: - matrix: ${{ steps.build-matrix.outputs.matrix }} - steps: - - uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f - - name: Build Environment Matrix - id: build-matrix - shell: python - env: - PLATFORM_ENVIRONMENT: "production" - run: | - from pathlib import Path - import os - import json - - def discover_environments(platform_path: Path = Path("platform")) -> list[Path]: - return [d for d in platform_path.iterdir() if d.is_dir()] - - def discover_regions(environment_path: Path) -> list[Path]: - return [d for d in environment_path.iterdir() if d.is_dir()] - - def discover_instances(region_path: Path) -> list[Path]: - return [d for d in region_path.iterdir() if d.is_dir()] - - try: - ENVIRONMENT = os.environ['PLATFORM_ENVIRONMENT'] - except KeyError as ke: - raise ValueError("Environment variable named PLATFORM_ENVIRONMENT was not found. This variable must be supplied so that a matrix of environments can be built!") - - if len(ENVIRONMENT) == 0: - raise ValueError("Environment variable PLATFORM_ENVIRONMENT was empty. This variable must be supplied so that a matrix of environments can be built!") - - all_environments = discover_environments() - matrix = {"terragrunt_environment": []} - try: - selected_environment = list(filter(lambda x: x.name == ENVIRONMENT, all_environments))[0] - except Exception: - raise ValueError(f"Expected environment '{ENVIRONMENT}' not found in {all_environments}") - - regions = discover_regions(environment_path=selected_environment) - - for region_path in regions: - region_instances = discover_instances(region_path=region_path) - for instance in region_instances: - matrix["terragrunt_environment"].append({"environment": selected_environment.name, "region": region_path.name, "instance": instance.name}) - - print("Generated the following environment matrix:") - print(json.dumps(matrix, indent=4)) - - with open(os.environ["GITHUB_OUTPUT"], "a") as f: - f.write(f"matrix={json.dumps(matrix, separators=(',', ':'))}") - - call-terragrunt-deploy: - needs: build-matrix - permissions: - contents: read - id-token: write - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} - - uses: ./.github/workflows/terragrunt-deploy.yml - with: - tf_version: '1.5.5' - tg_version: '0.54.11' - environment: ${{ matrix.terragrunt_environment.environment }} - region: ${{ matrix.terragrunt_environment.region }} - env_id: ${{ matrix.terragrunt_environment.instance }} - - secrets: inherit \ No newline at end of file + build-matrix: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.build-matrix.outputs.matrix }} + steps: + - uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f + - name: Build Environment Matrix + id: build-matrix + shell: python + env: + PLATFORM_ENVIRONMENT: "production" + run: | + from pathlib import Path + import os + import json + + def discover_environments(platform_path: Path = Path("platform")) -> list[Path]: + return [d for d in platform_path.iterdir() if d.is_dir()] + + def discover_regions(environment_path: Path) -> list[Path]: + return [d for d in environment_path.iterdir() if d.is_dir()] + + def discover_instances(region_path: Path) -> list[Path]: + return [d for d in region_path.iterdir() if d.is_dir()] + + try: + ENVIRONMENT = os.environ['PLATFORM_ENVIRONMENT'] + except KeyError as ke: + raise ValueError("Environment variable named PLATFORM_ENVIRONMENT was not found. This variable must be supplied so that a matrix of environments can be built!") + + if len(ENVIRONMENT) == 0: + raise ValueError("Environment variable PLATFORM_ENVIRONMENT was empty. This variable must be supplied so that a matrix of environments can be built!") + + all_environments = discover_environments() + matrix = {"terragrunt_environment": []} + try: + selected_environment = list(filter(lambda x: x.name == ENVIRONMENT, all_environments))[0] + except Exception: + raise ValueError(f"Expected environment '{ENVIRONMENT}' not found in {all_environments}") + + regions = discover_regions(environment_path=selected_environment) + + for region_path in regions: + region_instances = discover_instances(region_path=region_path) + for instance in region_instances: + matrix["terragrunt_environment"].append({"environment": selected_environment.name, "region": region_path.name, "instance": instance.name}) + + print("Generated the following environment matrix:") + print(json.dumps(matrix, indent=4)) + + with open(os.environ["GITHUB_OUTPUT"], "a") as f: + f.write(f"matrix={json.dumps(matrix, separators=(',', ':'))}") + + call-terragrunt-deploy: + needs: build-matrix + permissions: + contents: read + id-token: write + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} + + uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-deploy.yml@v0.1.0 + with: + tf_version: '1.5.5' + tg_version: '0.54.11' + environment: ${{ matrix.terragrunt_environment.environment }} + region: ${{ matrix.terragrunt_environment.region }} + env_id: ${{ matrix.terragrunt_environment.instance }} + + secrets: inherit diff --git a/.github/workflows/terragrunt-deploy.yml b/.github/workflows/terragrunt-deploy.yml deleted file mode 100644 index 9e87369..0000000 --- a/.github/workflows/terragrunt-deploy.yml +++ /dev/null @@ -1,94 +0,0 @@ -name: Deploy Environment - -on: - workflow_call: - inputs: - tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string - tg_version: - description: 'Version of Terragrunt to utilize' - required: true - default: '0.54.11' - type: string - environment: - description: 'Environment (subfolder of platform, e.g. sandbox) to deploy' - required: true - type: string - region: - description: 'Region within the environment (e.g. us-east-1) to deploy' - required: true - type: string - env_id: - description: 'Instance within the region (e.g. 000) to deploy.' - required: true - type: string - -permissions: - id-token: write - contents: read - -jobs: - deploy: - name: "Plan & Deploy ${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" - runs-on: ubuntu-latest - environment: ${{ inputs.environment }} - steps: - - name: Checkout - uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f - - - name: "Validate GitHub Environment" - run: | - raised=0 - test -z "${{ vars.DEPLOY_ROLE_ARN }}" && (echo "::error title=Repository Configuration Incomplete::This repository is missing an environment variable for DEPLOY_ROLE_ARN in the ${{ inputs.environment }} environment!"; raised=1) - exit $raised - - - name: "Set default Terraform Tags" - id: set-tags - run: | - set -x - echo "${{ github.repository }}" | cut -d "/" -f 2 > repo.txt - echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_repository_tag=$(cat repo.txt)" >> "$GITHUB_OUTPUT" - echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a95656fcd9ec16a226c7099657b9fc91cc777601 - with: - role-to-assume: ${{ vars.DEPLOY_ROLE_ARN }} - role-session-name: ${{ github.run_id }} - aws-region: ${{ inputs.region }} - - - name: Plan - id: plan - uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 - env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - with: - tf_version: ${{ inputs.tf_version }} - tg_version: ${{ inputs.tg_version }} - tg_dir: 'platform/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' - - - name: Deploy - uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 - env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - with: - tf_version: ${{ inputs.tf_version }} - tg_version: ${{ inputs.tg_version }} - tg_dir: 'platform/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' -