Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy tf #17225

Closed
wants to merge 7 commits into from
Closed

Deploy tf #17225

wants to merge 7 commits into from
+20 −37

Conversation

bethbeza
Copy link
Collaborator

Workflow file was updated with deprecation check,

@bethbeza bethbeza requested a review from a team as a code owner January 30, 2025 18:38
devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/actions/trivy/action.yml Outdated
exit-code: 1
ignore-unfixed: true
vuln-type: os,library
severity: LOW,MEDIUM,HIGH,CRITICAL
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't need to check for LOW.

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/actions/trivy/action.yml Outdated
ignore-unfixed: true
vuln-type: os,library
severity: LOW,MEDIUM,HIGH,CRITICAL
#MOVED LOCATION
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for this comment

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml
@@ -3,18 +3,15 @@ name: Deploy Terraform
on:
push:
branches:
- main
- master
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've migrated from master to main,

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml Outdated
- name: Collect Terraform stats

uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

replace with: uses: ./.github/actions/terraform-stats

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml Outdated
uses: josiahsiegel/terraform-stats@68b8cbe42c494333fbf6f8d90ac86da1fb69dcc2
## DevSecOps - Aquia (Replace) - uses: ./.github/actions/terraform-stats
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for this comment anymore.

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Run Deprecation Check
run: ./scripts/check_deprecations.sh
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This script needs to be added to this PR

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml
@@ -96,25 +93,7 @@ jobs:
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need this step to auth to Azure

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/prepare_deployment_branch.yaml Outdated
@@ -28,17 +28,15 @@ jobs:

- name: "Create branch '${{ env.BRANCH_NAME }}' to contain the changes for the deployment on ${{ env.DEPLOYMENT_DATE }}"

uses: JosiahSiegel/remote-branch-action@dbe7a2138eb064fbfdb980abee918091a7501fbe
## DevSecOps - Aquia (Replace) - uses: ./.github/actions/remote-branch-action
uses: ./.github/actions/remote-branch-action
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be uses: ./.github/actions/remote-branch to correspond to the directory name in the repo

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/prepare_deployment_branch.yaml Outdated

with:
branch: "${{ env.BRANCH_NAME }}"

- name: "Prepare a Pull Request from ${{ env.BRANCH_NAME }} into production branch"
id: pr

uses: JosiahSiegel/reliable-pull-request-action@ae8d0c88126329ee363a35392793d0bc94cb82e7
## DevSecOps - Aquia (Replace) - uses: ./.github/actions/reliable-pull-request-action
uses: ./.github/actions/reliable-pull-request-action
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be uses: ./.github/actions/reliable-pull-request to correspond to directory name in the repo

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml
- production
paths:
- '**.tf'

env:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need this env var to auth to Azure

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml
@@ -43,21 +51,8 @@ jobs:
steps:
- name: Check Out Changes
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
- name: Connect to VPN and login to Azure
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need this step to authenticate TF to Azure

devopsmatt
devopsmatt reviewed Jan 30, 2025
View reviewed changes
.github/workflows/deploy_terraform.yml
terraform fmt -recursive
terraform plan -out ${{ needs.pre_job.outputs.env_name }}-tf.plan
terraform apply -input=false -no-color -lock-timeout=600s -auto-approve ${{ needs.pre_job.outputs.env_name }}-tf.plan
terraform apply -input=false -no-color -lock-timeout=600s -auto-approve
Copy link
Collaborator

@devopsmatt devopsmatt Jan 30, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see some sanity and lint checks in here:
terraform workspace select -or-create ${{ needs.pre_job.outputs.env_name }}
terraform fmt -check -recursive # if this fails, run: 'tf fmt -recursive' and push again

terraform validate

We also need tf plan here and corresponding tfplan file in apply:
terraform plan -out ${{ needs.pre_job.outputs.env_name }}-tf.plan
terraform apply -input=false -no-color -lock-timeout=600s -auto-approve ${{ needs.pre_job.outputs.env_name }}-tf.plan

@devopsmatt devopsmatt marked this pull request as draft January 30, 2025 20:57
@devopsmatt
Copy link
Collaborator

Handled elsewhere, closing.

@devopsmatt devopsmatt closed this Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devopsmatt devopsmatt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bethbeza @devopsmatt