chore(deps): update all non-major docker images #1139
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Terragrunt plan STAGING" | |
on: | |
pull_request: | |
branches: [develop] | |
paths: | |
- "aws/**" | |
- "env/common/**" | |
- "env/cloud/**" | |
- ".github/workflows/terragrunt-plan-staging.yml" | |
env: | |
APP_ENV: staging | |
APP_DOMAIN: ${{ vars.STAGING_APP_DOMAIN }} | |
AWS_ACCOUNT_ID: ${{ vars.STAGING_AWS_ACCOUNT_ID }} | |
AWS_REGION: ca-central-1 | |
AWS_ACCESS_KEY_ID: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }} | |
CONFTEST_VERSION: 0.36.0 | |
TERRAFORM_VERSION: 1.4.2 | |
TERRAGRUNT_VERSION: 0.46.3 | |
TF_INPUT: false | |
TF_VAR_ecs_secret_token_secret: ${{ secrets.STAGING_TOKEN_SECRET }} | |
TF_VAR_google_client_id: ${{ secrets.STAGING_GOOGLE_CLIENT_ID}} | |
TF_VAR_google_client_secret: ${{secrets.STAGING_GOOGLE_CLIENT_SECRET}} | |
TF_VAR_recaptcha_secret: ${{secrets.STAGING_RECAPTCHA_SITE_SECRET}} | |
TF_VAR_recaptcha_public: 6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY | |
TF_VAR_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }} | |
TF_VAR_cognito_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }} | |
TF_VAR_rds_db_password: ${{ secrets.STAGING_DB_PASSWORD }} | |
TF_VAR_slack_webhook: ${{ secrets.STAGING_SLACK_WEBHOOK }} | |
TF_VAR_gc_notify_callback_bearer_token: ${{ secrets.STAGING_GC_NOTIFY_CALLBACK_BEARER_TOKEN }} | |
TF_VAR_gc_temp_token_template_id: b6885d06-d10a-422a-973f-05e274d9aa86 | |
TF_VAR_gc_template_id: 8d597a1b-a1d6-4e3c-8421-042a2b4158b7 | |
TF_VAR_cognito_code_template_id: 12a18f84-062c-4a67-8310-bf114af051ea | |
TF_VAR_email_address_contact_us: ${{ vars.STAGING_CONTACT_US_EMAIL }} | |
TF_VAR_email_address_support: ${{ vars.STAGING_SUPPORT_EMAIL }} | |
jobs: | |
terragrunt-plan: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
# Setup Terraform, Terragrunt, and Conftest | |
- name: Setup terraform tools | |
uses: cds-snc/terraform-tools-setup@v1 | |
env: | |
CONFTEST_VERSION: ${{env.CONFTEST_VERSION}} | |
TERRAFORM_VERSION: ${{env.TERRAFORM_VERSION}} | |
TERRAGRUNT_VERSION: ${{env.TERRAGRUNT_VERSION}} | |
- uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # tag=v2.10.4 | |
id: filter | |
with: | |
filters: | | |
alarms: | |
- 'aws/alarms/**' | |
- 'env/cloud/alarms/**' | |
app: | |
- 'aws/app/**' | |
- 'env/cloud/app/**' | |
cognito: | |
- 'aws/cognito/**' | |
- 'env/cloud/cognito/**' | |
common: | |
- '.github/workflows/terragrunt-plan-staging.yml' | |
- 'env/common/**' | |
- 'env/terragrunt.hcl' | |
dynamodb: | |
- 'aws/dynamodb/**' | |
- 'env/cloud/dynamodb/**' | |
ecr: | |
- 'aws/ecr/**' | |
- 'env/cloud/ecr/**' | |
hosted_zone: | |
- 'aws/hosted_zone/**' | |
- 'env/cloud/hosted_zone/**' | |
kms: | |
- 'aws/kms/**' | |
- 'env/cloud/kms/**' | |
load_balancer: | |
- 'aws/load_balancer/**' | |
- 'env/cloud/load_balancer/**' | |
load_testing: | |
- 'aws/load_testing/**' | |
- 'env/cloud/load_testing/**' | |
network: | |
- 'aws/network/**' | |
- 'env/cloud/network/**' | |
rds: | |
- 'aws/rds/**' | |
- 'env/cloud/rds/**' | |
redis: | |
- 'aws/redis/**' | |
- 'env/cloud/redis/**' | |
sns: | |
- 'aws/sns/**' | |
- 'env/cloud/sns/**' | |
sqs: | |
- 'aws/sqs/**' | |
- 'env/cloud/sqs/**' | |
pr_review: | |
- 'aws/pr_review/**' | |
- 'env/cloud/pr_review/**' | |
# No dependencies | |
- name: Terragrunt plan ecr | |
if: ${{ steps.filter.outputs.ecr == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/ecr" | |
comment-delete: "true" | |
comment-title: "Staging: ecr" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan hosted_zone | |
if: ${{ steps.filter.outputs.hosted_zone == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/hosted_zone" | |
comment-delete: "true" | |
comment-title: "Staging: hosted_zone" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan kms | |
if: ${{ steps.filter.outputs.kms == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/kms" | |
comment-delete: "true" | |
comment-title: "Staging: kms" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan sqs | |
if: ${{ steps.filter.outputs.sqs == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/sqs" | |
comment-delete: "true" | |
comment-title: "Staging: sqs" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan sns | |
if: ${{ steps.filter.outputs.sns == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/sns" | |
comment-delete: "true" | |
comment-title: "Staging: sns" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Install Cognito Lambda deps | |
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/cognito/lambda/deps.sh install | |
- name: Terragrunt plan cognito | |
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/cognito" | |
comment-delete: "true" | |
comment-title: "Staging: cognito" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Remove Cognito Lambda deps | |
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/cognito/lambda/deps.sh delete | |
# Depends on kms | |
- name: Terragrunt plan network | |
if: ${{ steps.filter.outputs.network == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/network" | |
comment-delete: "true" | |
comment-title: "Staging: network" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan dynamodb | |
if: ${{ steps.filter.outputs.dynamodb == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/dynamodb" | |
comment-delete: "true" | |
comment-title: "Staging: dynamodb" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on network | |
- name: Terragrunt plan load_balancer | |
if: ${{ steps.filter.outputs.load_balancer == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/load_balancer" | |
comment-delete: "true" | |
comment-title: "Staging: load_balancer" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan redis | |
if: ${{ steps.filter.outputs.redis == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/redis" | |
comment-delete: "true" | |
comment-title: "Staging: redis" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan rds | |
if: ${{ steps.filter.outputs.rds == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/rds" | |
comment-delete: "true" | |
comment-title: "Staging: rds" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on everything | |
- name: Install Lambda deps | |
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/app/lambda/deps.sh install | |
- name: Terragrunt plan app | |
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/app" | |
comment-delete: "true" | |
comment-title: "Staging: app" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Remove Lambda deps | |
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/app/lambda/deps.sh delete | |
- name: Terragrunt plan alarms | |
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/alarms" | |
comment-delete: "true" | |
comment-title: "Staging: alarms" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Build Load Testing Lambda Container | |
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: aws/load_testing/lambda | |
run: docker build -t load_testing_lambda:latest . | |
- name: Terragrunt plan load_testing | |
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/load_testing" | |
comment-delete: "true" | |
comment-title: "Staging: load_testing" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan pr_review | |
if: ${{ steps.filter.outputs.pr_review == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@7f4ce4a4bdffaba639d32a45272804e37a569408 # tag=v3.0.6 | |
with: | |
directory: "env/cloud/pr_review" | |
comment-delete: "true" | |
comment-title: "Staging: pr_review" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" |