-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: Fix terraform plan and merge AMI build + deploy workflow #1514
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #1514 +/- ##
========================================
Coverage 72.06% 72.06%
========================================
Files 185 185
Lines 18295 18295
========================================
Hits 13184 13184
Misses 4066 4066
Partials 1045 1045 |
981f69d
to
26d9b05
Compare
26d9b05
to
ed1602d
Compare
5f5d3a3
to
3e79f6f
Compare
3e79f6f
to
30fd0fc
Compare
1ffb2cc
to
5488417
Compare
terraform plan
& merge AMI build + AMI deploy workflow
terraform plan
& merge AMI build + AMI deploy workflow5488417
to
a46497a
Compare
Warning: you made changes to files that require privileged access, this means you are either using the fork-flow, or are missing some secrets.Solution: please use branch-flow, or add the missing secrets. If you are not an internal developer, please reach out to a maintainer for assistance.Note: the files that were changed also require manual testing using our organization AWS account, and using manual triggers on some of our workflows (that are not triggered normally).Pushed by: @shahzadlone, SHA: |
a46497a
to
a8ce0f8
Compare
Terraform Format and Style
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with the caveat that I'm not an expert on the topic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with the caveat that I'm not an expert on the topic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but my experience here is quite limited ad so I may miss stuff
This is mostly because I see no good reason to use `workflow_run` specially because it doesn't show with the checks on github, you have to manually search and find it under an action running on github, also `workflow_run` always uses the workflow state of `develop` branch which can cause some tidious CI debugging sessions and inconsistent behaviour as we only care about running it on the commit the push happens on.
a8ce0f8
to
464f19a
Compare
and changed workflow files concerning aws ami build and deploy (packer and terraform) files. It will fail the workflow on the PR if an unprivileged flow (or missing secrets) hits the terraform planning action.
7799475
to
8f71577
Compare
Heads-up: Changing to now not comment incase of unpriv access as github won't allow posting comments without write perms (i.e. no pr write token will be available to unpriv flows specially on fork-flow with Instead will now show more detailed fail error on ci. |
…etwork#1514) ## Relevant issue(s) Resolves sourcenetwork#1516 ## Description #### Issue: sourcenetwork#1516 Has a good overview of the problem, and the top 3 goals outlined. - AMI Building and Deploying to EC2 instance is now 2 jobs in one workflow rather than split across `workflow_run` that would previously not show in checks, nor run on the same commit / branch (as `workflow_run` runs on develop branch only). - Fixes the broken `terraform plan` action use that wouldn't comment on the PR. - The fixed `terraform plan` action happens only on PRs that are on base of `master` or `develop` and changes the files which affect the AMI building and deployment (terraform files, packer files, relevant GitHub workflow files). Note: Changing these AMI building and deployment files (terraform, packer, workflows) should always happen from a branch-flow (not from the fork-flow), So that secrets are always available.
Relevant issue(s)
Resolves #1516
Description
Issue: #1516 Has a good overview of the problem, and the top 3 goals outlined.
workflow_run
that would previously not show in checks, nor run on the same commit / branch (asworkflow_run
runs on develop branch only).terraform plan
action use that wouldn't comment on the PR.terraform plan
action happens only on PRs that are on base ofmaster
ordevelop
and changes the files which affect the AMI building and deployment (terraform files, packer files, relevant GitHub workflow files).Note:
terraform plan
workflow can't be made required as it only triggers when the ami related files are changed, if we made it required it will always be waiting for it to run even in the cases we don't expect that workflow to run.How has this been tested?
Specify the platform(s) on which this was tested: