diff --git a/.github/actions/terraform-apply/action.yml b/.github/actions/terraform-apply/action.yml new file mode 100644 index 0000000..8a2f91c --- /dev/null +++ b/.github/actions/terraform-apply/action.yml @@ -0,0 +1,42 @@ +name: Run Terraform apply on every applicable directory +description: 'Terraform apply' +inputs: + APP_NAME: + required: true + description: 'The name of the application' + TF_DIRECTORY: + required: true + description: 'The directory to run Terraform apply on' + TF_WORKSPACE: + required: true + description: 'The Terraform workspace to use' + +runs: + using: 'composite' + steps: + - name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: 1.9.2 + + - name: Upload Configuration + uses: hashicorp/tfc-workflows-github/actions/upload-configuration@v1.0.0 + id: apply-upload + with: + workspace: ${{ inputs.TF_WORKSPACE }} + directory: ${{ inputs.TF_DIRECTORY }} + + - name: Create Apply Run + uses: hashicorp/tfc-workflows-github/actions/create-run@v1.0.0 + id: apply-run + with: + workspace: ${{ env.TF_WORKSPACE }} + configuration_version: ${{ steps.apply-upload.outputs.configuration_version_id }} + + - name: Apply + uses: hashicorp/tfc-workflows-github/actions/apply-run@v1.0.0 + if: fromJSON(steps.apply-run.outputs.payload).data.attributes.actions.IsConfirmable + id: apply + with: + run: ${{ steps.apply-run.outputs.run_id }} + comment: "Apply Run from GitHub Actions CI ${{ github.sha }}" diff --git a/.github/workflows/infra-deploy.yml b/.github/workflows/infra-deploy.yml new file mode 100644 index 0000000..c421a77 --- /dev/null +++ b/.github/workflows/infra-deploy.yml @@ -0,0 +1,117 @@ +name: Infrastructure Deploy + +on: + push: + branches: + - main + paths: + - '_infra/credentials/**/*.tf' + - '_infra/global/**/*.tf' + - 'apps/backend/_infra/prod/storage/**/*.tf' + - 'apps/backend/_infra/prod/compute/**/*.tf' + +env: + TF_API_TOKEN: "${{ secrets.TERRAFORM_API_TOKEN }}" + TF_CLOUD_ORGANIZATION: ${{ secrets.TERRAFORM_CLOUD_ORGANIZATION }} + TF_VAR_organization: "\"${{ secrets.TERRAFORM_CLOUD_ORGANIZATION }}\"" + +jobs: + apply-credentials: + runs-on: ubuntu-latest + + outputs: + infraChanged: ${{ steps.infra-changed.outputs.any_changed }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Check if infra files changed + id: infra-changed + uses: tj-actions/changed-files@v44 + with: + files: | + _infra/credentials/**/*.tf + + - name: Run terraform apply + if: ${{ steps.infra-changed.outputs.any_changed == 'true' }} + uses: ./.github/actions/terraform-apply + with: + APP_NAME: 'App Credentials' + TF_DIRECTORY: '_infra/credentials' + TF_WORKSPACE: 'snipcode-credentials' + + apply-global: + runs-on: ubuntu-latest + + outputs: + infraChanged: ${{ steps.infra-changed.outputs.any_changed }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Check if infra files changed + id: infra-changed + uses: tj-actions/changed-files@v44 + with: + files: | + _infra/global/**/*.tf + + - name: Run terraform apply + if: ${{ steps.infra-changed.outputs.any_changed == 'true' }} + uses: ./.github/actions/terraform-apply + with: + APP_NAME: 'App Global' + TF_DIRECTORY: '_infra/global' + TF_WORKSPACE: 'snipcode-global-prod' + + apply-backend-storage: + runs-on: ubuntu-latest + + outputs: + infraChanged: ${{ steps.infra-changed.outputs.any_changed }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Check if infra files changed + id: infra-changed + uses: tj-actions/changed-files@v44 + with: + files: | + apps/backend/_infra/prod/storage/**/*.tf + + - name: Run terraform apply + if: ${{ steps.infra-changed.outputs.any_changed == 'true' }} + uses: ./.github/actions/terraform-apply + with: + APP_NAME: 'Backend Storage' + TF_DIRECTORY: 'apps/backend/_infra/prod/storage' + TF_WORKSPACE: 'snipcode-backend-storage-prod' + + apply-backend-compute: + runs-on: ubuntu-latest + + outputs: + infraChanged: ${{ steps.infra-changed.outputs.any_changed }} + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Check if infra files changed + id: infra-changed + uses: tj-actions/changed-files@v44 + with: + files: | + apps/backend/_infra/prod/compute/**/*.tf + + - name: Run terraform apply + if: ${{ steps.infra-changed.outputs.any_changed == 'true' }} + uses: ./.github/actions/terraform-apply + with: + APP_NAME: 'Backend Compute' + TF_DIRECTORY: 'apps/backend/_infra/prod/compute' + TF_WORKSPACE: 'snipcode-backend-compute-prod'