Non-Prod AWS Deployment - Specific Environment #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Non-Prod AWS Deployment - Specific Environment | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Environment to deploy to' | |
| required: true | |
| type: choice | |
| options: | |
| - pipeline | |
| - dev | |
| - staging | |
| Apply: | |
| description: 'Apply Terraform changes' | |
| required: true | |
| default: false | |
| type: boolean | |
| permissions: | |
| id-token: write | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: aws/non-prod-infra | |
| jobs: | |
| plan: | |
| name: Plan - ${{ inputs.environment }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials via OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::975050265283:role/GHA-CodeBuild-Service-Role | |
| aws-region: eu-west-2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.10.4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: Install Checkov | |
| run: pip3 install checkov==3.2.365 | |
| - name: Initialize Terraform | |
| run: ./run.sh ${{ inputs.environment }} init | |
| - name: Run Terraform validation and checkov | |
| run: make check ${{ inputs.environment }} | |
| - name: Run Terraform plan | |
| id: plan | |
| run: make plan ${{ inputs.environment }} | |
| apply: | |
| name: Apply - ${{ inputs.environment }} | |
| needs: plan | |
| if: ${{ github.event.inputs.Apply == 'true' }} | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment == 'pipeline' && 'Pipeline' || inputs.environment == 'dev' && 'Dev' || inputs.environment == 'staging' && 'Staging' }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials via OIDC | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::975050265283:role/GHA-CodeBuild-Service-Role | |
| aws-region: eu-west-2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.10.4 | |
| - name: Initialize Terraform | |
| run: ./run.sh ${{ inputs.environment }} init | |
| - name: Run Terraform plan | |
| id: plan | |
| run: make plan ${{ inputs.environment }} | |
| - name: Run Terraform apply | |
| run: make apply ${{ inputs.environment }} |