Skip to content

Merge pull request #8766 from ministryofjustice/date-1734106831 #1575

Merge pull request #8766 from ministryofjustice/date-1734106831

Merge pull request #8766 from ministryofjustice/date-1734106831 #1575

---
name: core-vpc-development-deployment
on:
push:
branches:
- main
paths:
- 'environments-networks/*-development.json'
- '.github/workflows/core-vpc-development-deployment.yml'
- 'terraform/environments/**/networking.auto.tfvars.json'
- 'terraform/environments/**/subnet-share.tf'
- '!terraform/environments/core-*/**'
- 'terraform/environments/core-vpc/**'
- 'terraform/modules/core-monitoring/**'
- 'terraform/modules/dns-zone/**'
- 'terraform/modules/dns-zone-extend/**'
- 'terraform/modules/vpc-tgw-routing/**'
- 'terraform/modules/vpc-nacls/**'
- 'terraform/modules/ram-resource-share/**'
- 'terraform/modules/core-vpc-tgw-routes/**'
- '.github/workflows/reusable_terraform_plan_apply.yml'
- '!**.md'
pull_request:
branches:
- main
paths:
- 'environments-networks/*-development.json'
- '.github/workflows/core-vpc-development-deployment.yml'
- 'terraform/environments/**/networking.auto.tfvars.json'
- 'terraform/environments/**/subnet-share.tf'
- '!terraform/environments/core-*/**'
- 'terraform/environments/core-vpc/**'
- 'terraform/modules/core-monitoring/**'
- 'terraform/modules/dns-zone/**'
- 'terraform/modules/dns-zone-extend/**'
- 'terraform/modules/vpc-tgw-routing/**'
- 'terraform/modules/vpc-nacls/**'
- 'terraform/modules/ram-resource-share/**'
- 'terraform/modules/core-vpc-tgw-routes/**'
- '.github/workflows/reusable_terraform_plan_apply.yml'
- '!**.md'
workflow_dispatch:
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
defaults:
run:
shell: bash
env:
AWS_REGION: "eu-west-2"
ENVIRONMENT_MANAGEMENT: ${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}
TF_ENV: "development"
jobs:
core-vpc-development-deployment-plan-apply:
uses: ./.github/workflows/reusable_terraform_plan_apply.yml
with:
working-directory: "terraform/environments/core-vpc"
environment: development
secrets:
modernisation_platform_environments: "${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}"
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
member-account-ram-association:
runs-on: [ ubuntu-latest ]
if: github.event.ref == 'refs/heads/main'
needs: [ core-vpc-development-deployment-plan-apply ]
steps:
- name: Checkout Repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set Account Number
run: |
ACCOUNT_NUMBER=$(jq -r -e '.modernisation_platform_account_id' <<< $ENVIRONMENT_MANAGEMENT)
echo "::add-mask::$ACCOUNT_NUMBER"
echo ACCOUNT_NUMBER=$ACCOUNT_NUMBER >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: "arn:aws:iam::${{ env.ACCOUNT_NUMBER }}:role/github-actions-apply"
role-session-name: githubactionsrolesession
aws-region: ${{ env.AWS_REGION }}
- name: Run RAM association if needed
run: bash scripts/get-applications-and-run-ram.sh ${TF_ENV}
- name: Slack failure notification
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
webhook-type: incoming-webhook
payload: |
{"blocks":[{"type": "section","text": {"type": "mrkdwn","text": ":no_entry: Failed GitHub Action:"}},{"type": "section","fields":[{"type": "mrkdwn","text": "*Workflow:*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|${{ github.workflow }}>"},{"type": "mrkdwn","text": "*Job:*\n${{ github.job }}"},{"type": "mrkdwn","text": "*Repo:*\n${{ github.repository }}"}]}]}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
if: ${{ failure() }}