Bump terraform-aws-modules/vpc/aws from 5.0.0 to 5.5.1 in /terraform/20-app #1081
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request Workflow | |
| on: | |
| pull_request: | |
| branches: | |
| - "*" | |
| env: | |
| AWS_REGION: "eu-west-2" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build_base: | |
| name: Build base env | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.base_ref }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Build base env | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform apply:layer 20-app ci-$SHORT_SHA | |
| shell: zsh {0} | |
| unit_test_cloud_front_functions: | |
| name: Unit test cloud front functions | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| defaults: | |
| run: | |
| working-directory: ./src/public-api-cloud-front-viewer-request | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: NPM Install | |
| run: npm ci --no-audit --no-fund | |
| - name: Unit tests | |
| run: npm run test:ci | |
| - name: Cache unit test summary | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: public-api-cloud-front-viewer-request-coverage-summary | |
| path: ./src/public-api-cloud-front-viewer-request/coverage/coverage-summary.json | |
| - name: Cache unit test report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: public-api-cloud-front-viewer-request-coverage-report | |
| path: ./src/public-api-cloud-front-viewer-request/junit.xml | |
| unit_test_lambda_functions: | |
| name: Unit test lambda functions | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| defaults: | |
| run: | |
| working-directory: ./src/lambda-producer-handler | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: NPM Install | |
| run: npm ci --no-audit --no-fund | |
| - name: Unit tests | |
| run: npm run test:ci | |
| - name: Cache unit test summary | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: lambda-producer-coverage-summary | |
| path: ./src/lambda-producer-handler/coverage/coverage-summary.json | |
| - name: Cache unit test report | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: lambda-producer-coverage-report | |
| path: ./src/lambda-producer-handler/junit.xml | |
| unit_test_report: | |
| name: Unit test coverage report | |
| runs-on: ubuntu-latest | |
| needs: ["unit_test_cloud_front_functions", "unit_test_lambda_functions"] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| pull-requests: write | |
| steps: | |
| - name: Download test coverage | |
| uses: actions/download-artifact@v3 | |
| with: | |
| path: ./reports | |
| - name: Unit test report | |
| uses: ukhsa-internal/jest-coverage-comment-action@v1 | |
| with: | |
| multiple-files: | | |
| public-api-cloud-front-viewer-request, ./reports/public-api-cloud-front-viewer-request-coverage-summary/coverage-summary.json | |
| lambda-producer, ./reports/lambda-producer-coverage-summary/coverage-summary.json | |
| multiple-junitxml-files: | | |
| public-api-cloud-front-viewer-request, ./reports/public-api-cloud-front-viewer-request-coverage-report/junit.xml | |
| lambda-producer, ./reports/lambda-producer-coverage-report/junit.xml | |
| title: unit test coverage report | |
| terraform_plan: | |
| name: Terraform plan | |
| runs-on: ubuntu-latest | |
| needs: | |
| [ | |
| "build_base", | |
| "unit_test_cloud_front_functions", | |
| "unit_test_lambda_functions", | |
| ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Terraform plan | |
| run: | | |
| source uhd.sh | |
| uhd terraform init | |
| uhd terraform plan:layer 10-account test | |
| uhd terraform plan:layer 20-app ci-$SHORT_SHA | |
| shell: zsh {0} | |
| terraform_apply: | |
| name: Terraform apply | |
| runs-on: ubuntu-latest | |
| needs: ["build_base", "terraform_plan"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Terraform apply | |
| run: | | |
| source uhd.sh | |
| uhd terraform init | |
| uhd terraform apply:layer 10-account test | |
| uhd terraform apply:layer 20-app ci-$SHORT_SHA | |
| shell: zsh {0} | |
| push_docker_images: | |
| name: Push docker images | |
| runs-on: ubuntu-latest | |
| needs: ["terraform_apply"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Pull / push docker images | |
| run: | | |
| source uhd.sh | |
| uhd docker ecr:login | |
| uhd docker pull | |
| uhd docker ecr:login test | |
| uhd docker push test ci-$SHORT_SHA | |
| shell: zsh {0} | |
| restart_services: | |
| name: Restart services | |
| runs-on: ubuntu-latest | |
| needs: ["push_docker_images"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Terraform output | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform output:layer 20-app ci-$SHORT_SHA | |
| shell: zsh {0} | |
| - name: Configure AWS credentials for ECS | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_ECS_ROLE_TEST }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-chaining: true | |
| - name: Restart ECS services | |
| run: | | |
| source uhd.sh | |
| uhd ecs restart-services | |
| shell: zsh {0} | |
| - name: Redeploy lambda functions | |
| run: | | |
| source uhd.sh | |
| uhd lambda redeploy-functions | |
| shell: zsh {0} | |
| terraform_destroy: | |
| name: Terraform destroy | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: ["restart_services"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-terraform | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Terraform destroy | |
| run: | | |
| source uhd.sh | |
| uhd terraform init:layer 20-app | |
| uhd terraform destroy:layer 20-app ci-$SHORT_SHA | |
| shell: zsh {0} | |
| clean_up_remaining_resources: | |
| name: Clean up remaining resources | |
| runs-on: ubuntu-latest | |
| if: ${{ always() }} | |
| needs: ["terraform_destroy"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials for tooling account | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_TERRAFORM_ROLE }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: ./.github/actions/setup-zsh | |
| - uses: ./.github/actions/short-sha | |
| - name: Configure AWS credentials for test account | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.UHD_ECS_ROLE_TEST }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-chaining: true | |
| - name: Delete secrets | |
| run: | | |
| source uhd.sh | |
| uhd secrets delete-all-secrets ci-$SHORT_SHA | |
| shell: zsh {0} |