Terraform Build and Deploy #38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use Terraform to init, validate, plan w/ output file and deploy (if changes merged to 'main'). Archive output file used for GHA Artifact for deployment. | |
| name: 'Terraform Build and Deploy' | |
| on: | |
| workflow_run: | |
| workflows: ['Download Google Drive File'] | |
| types: [completed] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| automate: | |
| name: 'Terraform Build, Validation and Deployment' | |
| runs-on: ubuntu-latest | |
| # automation only runs if previous workflow was successful | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| env: | |
| TF_VAR_AWS_ROOT_USER: ${{ secrets.AWS_ROOT_USER }} | |
| TF_VAR_AWS_IAM_USER: ${{ secrets.AWS_IAM_USER}} | |
| TF_VAR_AWS_DEPLOYMENT_ROLE: ${{ secrets.AWS_DEPLOYMENT_ROLE}} | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./deployment/aws/terraform | |
| steps: | |
| - name: Checkout Github repository | |
| uses: actions/checkout@v4 | |
| # - name: DEBUG - print default working dir and file contents | |
| # run: pwd && ls | |
| # - name: DEBUG - print workflow dir and file contents | |
| # working-directory: ./.github/workflows/ | |
| # run: pwd && ls | |
| # - name: DEBUG - print actions dir and file contents | |
| # working-directory: ./.github/actions/setup-action/ | |
| # run: pwd && ls | |
| - name: Initialize runner | |
| uses: ./.github/actions/setup-action | |
| # TODO: download and configure artifacts: (1) HTML file from Google Drive, (2) terraform state files - cached for up to 90 days | |
| - name: Terraform Init | |
| run: terraform init | |
| - name: Terraform Format | |
| run: terraform fmt -check | |
| - name: Terraform Validate | |
| run: terraform validate | |
| - name: Terraform Plan | |
| run: terraform plan -input=false -out=$GITHUB_SHA | |
| - name: Archive plan file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ github.sha }} | |
| path: ./ | |
| # Deployment should only run once changes have been merged into master | |
| - name: Terraform Deploy | |
| if: github.event_name == 'push' | |
| run: terraform apply $GITHUB_SHA |