🚀 Terraform Deploy (Personal Environment) - dvsa/des-workflow-actions GitHub Wiki
Description
This reusable workflow is used for deployments of the backend to a personal environment so that the devs can test new features and DevOps can test new resource integrations. It uses this reusable workflow to run the Terraform actions for each component. A matrix is used for each component deployment so that we can run a plan and an apply or destroy. Each job runs on an EC2 instance, which will have been set up using this action.
Workflow Triggers
On Workflow Call
This workflow is called from the des-terraform repository when a manual deploy of a personal environment is run. The caller workflow also runs on a daily schedule in the evening to destroy all personal environments that are present in a des-personal-envs variable (stored in AWS Secrets Manager). This workflow can be run to exclude (or include) a dev from the list to ensure the environment is not destroyed overnight. You can also exclude the dev by setting the exclude-from-destruction-list input to true.
Environment Variables
| Name | Description |
|---|---|
| PERSONAL_DB_CNAME_SUFFIX | The suffix of the DNS record that maps to the TARS replica and Results databases |
| PERSONAL_DB_USERNAME_SUFFIX | The suffix of the username to assume to perform actions on the TARS replica and Results databases |
| RESULTS_DB_PASSWORD | The password of the user for the Results database |
| TARS_DB_PASSWORD | The password of the user for the TARS replica database |
| TARS_REFDATA_USER_PASSWORD | The password of the ref-data user for the TARS replica database |
Inputs
| Name | Description | Options |
|---|---|---|
| branch | The Terraform branch to deploy | N/A |
| aws-account | The AWS account to deploy to | N/A |
| tf-environment | The Terraform environment to deploy to | andys | rhys | ryan | john | marc |
| tf-action | The Terraform action to take | apply | destroy |
| initialise-results-db | Whether to initialise the results database | true | false |
| load-dynamodb-test-data | Whether to load the DynamoDB test data | true | false |
| dynamodb-test-data-branch | The branch for the DynamoDB test data | N/A |
Artefacts
- A plan is uploaded for each component to the summary.
Notes
- Requires the secrets AWS_NONPROD_ACCOUNT_ID, DVSA_AWS_REGION, GH_TOKEN, AWS_ROLE_NONPROD, RESULTS_DB_REPO_KEY, & TEST_DATA_JOURNAL_REPO_KEY to be set up in the caller repository.
- Because of the dependency issue between the API and DRS components (caused by ref-data service), the API component needs to be run first with a targeted apply on destroy. On apply, there is a
first_runflag that will commit certain resources to eliminate the dependency issue.