Skip to content

chore(deps): update all non-major docker images #1138

chore(deps): update all non-major docker images

chore(deps): update all non-major docker images #1138

name: "Terragrunt plan STAGING"
on:
pull_request:
branches: [develop]
paths:
- "aws/**"
- "env/common/**"
- "env/cloud/**"
- ".github/workflows/terragrunt-plan-staging.yml"
env:
APP_ENV: staging
APP_DOMAIN: ${{ vars.STAGING_APP_DOMAIN }}
AWS_ACCOUNT_ID: ${{ vars.STAGING_AWS_ACCOUNT_ID }}
AWS_REGION: ca-central-1
AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}
CONFTEST_VERSION: 0.36.0
TERRAFORM_VERSION: 1.4.2
TERRAGRUNT_VERSION: 0.46.3
TF_INPUT: false
TF_VAR_ecs_secret_token_secret: ${{ secrets.STAGING_TOKEN_SECRET }}
TF_VAR_google_client_id: ${{ secrets.STAGING_GOOGLE_CLIENT_ID}}
TF_VAR_google_client_secret: ${{secrets.STAGING_GOOGLE_CLIENT_SECRET}}
TF_VAR_recaptcha_secret: ${{secrets.STAGING_RECAPTCHA_SITE_SECRET}}
TF_VAR_recaptcha_public: 6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY
TF_VAR_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }}
TF_VAR_cognito_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }}
TF_VAR_rds_db_password: ${{ secrets.STAGING_DB_PASSWORD }}
TF_VAR_slack_webhook: ${{ secrets.STAGING_SLACK_WEBHOOK }}
TF_VAR_gc_notify_callback_bearer_token: ${{ secrets.STAGING_GC_NOTIFY_CALLBACK_BEARER_TOKEN }}
TF_VAR_gc_temp_token_template_id: b6885d06-d10a-422a-973f-05e274d9aa86
TF_VAR_gc_template_id: 8d597a1b-a1d6-4e3c-8421-042a2b4158b7
TF_VAR_cognito_code_template_id: 12a18f84-062c-4a67-8310-bf114af051ea
TF_VAR_email_address_contact_us: ${{ vars.STAGING_CONTACT_US_EMAIL }}
TF_VAR_email_address_support: ${{ vars.STAGING_SUPPORT_EMAIL }}
jobs:
terragrunt-plan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# Setup Terraform, Terragrunt, and Conftest
- name: Setup terraform tools
uses: cds-snc/terraform-tools-setup@v1
env:
CONFTEST_VERSION: ${{env.CONFTEST_VERSION}}
TERRAFORM_VERSION: ${{env.TERRAFORM_VERSION}}
TERRAGRUNT_VERSION: ${{env.TERRAGRUNT_VERSION}}
- uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # tag=v2.10.4
id: filter
with:
filters: |
alarms:
- 'aws/alarms/**'
- 'env/cloud/alarms/**'
app:
- 'aws/app/**'
- 'env/cloud/app/**'
cognito:
- 'aws/cognito/**'
- 'env/cloud/cognito/**'
common:
- '.github/workflows/terragrunt-plan-staging.yml'
- 'env/common/**'
- 'env/terragrunt.hcl'
dynamodb:
- 'aws/dynamodb/**'
- 'env/cloud/dynamodb/**'
ecr:
- 'aws/ecr/**'
- 'env/cloud/ecr/**'
hosted_zone:
- 'aws/hosted_zone/**'
- 'env/cloud/hosted_zone/**'
kms:
- 'aws/kms/**'
- 'env/cloud/kms/**'
load_balancer:
- 'aws/load_balancer/**'
- 'env/cloud/load_balancer/**'
load_testing:
- 'aws/load_testing/**'
- 'env/cloud/load_testing/**'
network:
- 'aws/network/**'
- 'env/cloud/network/**'
rds:
- 'aws/rds/**'
- 'env/cloud/rds/**'
redis:
- 'aws/redis/**'
- 'env/cloud/redis/**'
sns:
- 'aws/sns/**'
- 'env/cloud/sns/**'
sqs:
- 'aws/sqs/**'
- 'env/cloud/sqs/**'
pr_review:
- 'aws/pr_review/**'
- 'env/cloud/pr_review/**'
# No dependencies
- name: Terragrunt plan ecr
if: ${{ steps.filter.outputs.ecr == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/ecr"
comment-delete: "true"
comment-title: "Staging: ecr"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan hosted_zone
if: ${{ steps.filter.outputs.hosted_zone == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/hosted_zone"
comment-delete: "true"
comment-title: "Staging: hosted_zone"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan kms
if: ${{ steps.filter.outputs.kms == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/kms"
comment-delete: "true"
comment-title: "Staging: kms"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan sqs
if: ${{ steps.filter.outputs.sqs == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/sqs"
comment-delete: "true"
comment-title: "Staging: sqs"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan sns
if: ${{ steps.filter.outputs.sns == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/sns"
comment-delete: "true"
comment-title: "Staging: sns"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Install Cognito Lambda deps
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/cognito/lambda/deps.sh install
- name: Terragrunt plan cognito
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/cognito"
comment-delete: "true"
comment-title: "Staging: cognito"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Remove Cognito Lambda deps
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/cognito/lambda/deps.sh delete
# Depends on kms
- name: Terragrunt plan network
if: ${{ steps.filter.outputs.network == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/network"
comment-delete: "true"
comment-title: "Staging: network"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan dynamodb
if: ${{ steps.filter.outputs.dynamodb == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/dynamodb"
comment-delete: "true"
comment-title: "Staging: dynamodb"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
# Depends on network
- name: Terragrunt plan load_balancer
if: ${{ steps.filter.outputs.load_balancer == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/load_balancer"
comment-delete: "true"
comment-title: "Staging: load_balancer"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan redis
if: ${{ steps.filter.outputs.redis == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/redis"
comment-delete: "true"
comment-title: "Staging: redis"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan rds
if: ${{ steps.filter.outputs.rds == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/rds"
comment-delete: "true"
comment-title: "Staging: rds"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
# Depends on everything
- name: Install Lambda deps
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/app/lambda/deps.sh install
- name: Terragrunt plan app
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/app"
comment-delete: "true"
comment-title: "Staging: app"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Remove Lambda deps
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/app/lambda/deps.sh delete
- name: Terragrunt plan alarms
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/alarms"
comment-delete: "true"
comment-title: "Staging: alarms"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Build Load Testing Lambda Container
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }}
working-directory: aws/load_testing/lambda
run: docker build -t load_testing_lambda:latest .
- name: Terragrunt plan load_testing
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/load_testing"
comment-delete: "true"
comment-title: "Staging: load_testing"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan pr_review
if: ${{ steps.filter.outputs.pr_review == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6
with:
directory: "env/cloud/pr_review"
comment-delete: "true"
comment-title: "Staging: pr_review"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"