-
Notifications
You must be signed in to change notification settings - Fork 1
66 lines (66 loc) · 2.56 KB
/
apply.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
name: 'Terraform apply'
on:
workflow_dispatch:
inputs:
environment:
required: true
description: The environment to deploy against.
type: string
default: intg
project:
required: true
description: The project to run this for
type: choice
options:
- tdr
- dr2
permissions:
id-token: write
contents: write
jobs:
setup:
uses: nationalarchives/dr2-github-actions/.github/workflows/set_terraform_var_names.yml@main
with:
project: ${{ github.event.inputs.project }}
environment: ${{ github.event.inputs.environment }}
apply:
uses: nationalarchives/dr2-github-actions/.github/workflows/terraform_apply.yml@main
needs: setup
with:
repo-name: tna-custodian
environment: ${{ github.event.inputs.environment }}
working-directory: terraform
project: ${{ github.event.inputs.project }}
secrets:
WORKFLOW_TOKEN: ${{ secrets[needs.setup.outputs.workflow-token] }}
ACCOUNT_NUMBER: ${{ secrets[needs.setup.outputs.account-number] }}
SLACK_WEBHOOK: ${{ secrets[needs.setup.outputs.slack-webhook] }}
TERRAFORM_ROLE: ${{ secrets[needs.setup.outputs.terraform-role] }}
STATE_BUCKET: ${{ secrets[needs.setup.outputs.state-bucket] }}
DYNAMO_TABLE: ${{ secrets[needs.setup.outputs.dynamo-table] }}
custodian:
environment: ${{ github.event.inputs.project }}-${{ github.event.inputs.environment }}
runs-on: ubuntu-latest
needs:
- setup
- apply
steps:
- uses: actions/checkout@v3
with:
submodules: recursive
token: ${{ secrets[needs.setup.outputs.workflow-token] }}
- name: Configure AWS credentials for Cloud Custodian
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ secrets[needs.setup.outputs.custodian-role] }}
aws-region: eu-west-2
role-session-name: CustodianRole
- run: |
pip install ruamel.yaml c7n c7n-mailer c7n-guardian --ignore-installed six
cd accounts
../custodian/scripts/deploy-custodian.sh ${{ needs.setup.outputs.project-upper }} ${{ github.event.inputs.environment }} ${{ secrets[needs.setup.outputs.email] }} ${{ secrets[needs.setup.outputs.management-account] }}
- uses: nationalarchives/tdr-github-actions/.github/actions/slack-send@main
with:
message: |
Cloud Custodian deployed to ${{ github.event.inputs.environment }} AWS account
slack-url: ${{ secrets[needs.setup.outputs.slack-webhook] }}