From 1b546f1d0037427a8f9236d1a3c773bd493cb6d7 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 30 Jun 2025 11:46:06 -0500 Subject: [PATCH 1/5] Plan production on PR, rename some workflows --- .github/workflows/draft-release.yml | 23 ------------ ...ull-request.yml => pull-request-label.yml} | 0 .../pull-request-plan-production.yml | 37 +++++++++++++++++++ ...ests.yml => pull-request-python-tests.yml} | 0 .github/workflows/release-draft.yml | 23 ++++++++++++ ...ease-published.yml => release-publish.yml} | 2 +- 6 files changed, 61 insertions(+), 24 deletions(-) delete mode 100644 .github/workflows/draft-release.yml rename .github/workflows/{label-pull-request.yml => pull-request-label.yml} (100%) create mode 100644 .github/workflows/pull-request-plan-production.yml rename .github/workflows/{python-tests.yml => pull-request-python-tests.yml} (100%) create mode 100644 .github/workflows/release-draft.yml rename .github/workflows/{release-published.yml => release-publish.yml} (96%) diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml deleted file mode 100644 index 99724a2..0000000 --- a/.github/workflows/draft-release.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Draft Release - -on: - push: - branches: - - main - -permissions: - contents: read - -jobs: - draft-release: - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 - with: - commitish: main - latest: true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/label-pull-request.yml b/.github/workflows/pull-request-label.yml similarity index 100% rename from .github/workflows/label-pull-request.yml rename to .github/workflows/pull-request-label.yml diff --git a/.github/workflows/pull-request-plan-production.yml b/.github/workflows/pull-request-plan-production.yml new file mode 100644 index 0000000..cfe5307 --- /dev/null +++ b/.github/workflows/pull-request-plan-production.yml @@ -0,0 +1,37 @@ +name: Plan Production Environment + +on: + pull_request: + types: [opened, synchronize, reopened] + branches: [ "**" ] + +jobs: + get-tg-versions: + permissions: + contents: read + uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-versions.yml@0.2.0 + + build-matrix: + permissions: + contents: read + uses: launchbynttdata/launch-workflows/.github/workflows/reusable-github-matrix-tg.yml@0.2.0 + with: + platform_environment: production + + call-terragrunt-plan: + needs: [get-tg-versions, build-matrix] + permissions: + contents: read + id-token: write + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} + + uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-plan-only.yml@feature/plan-only-workflow + with: + git_branch: ${{ github.head_ref }} + tf_version: ${{ needs.get-tg-versions.outputs.tf_version }} + tg_version: ${{ needs.get-tg-versions.outputs.tg_version }} + region: ${{ matrix.terragrunt_environment.region }} + env_id: ${{ matrix.terragrunt_environment.instance }} + secrets: inherit diff --git a/.github/workflows/python-tests.yml b/.github/workflows/pull-request-python-tests.yml similarity index 100% rename from .github/workflows/python-tests.yml rename to .github/workflows/pull-request-python-tests.yml diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml new file mode 100644 index 0000000..b4a7f82 --- /dev/null +++ b/.github/workflows/release-draft.yml @@ -0,0 +1,23 @@ +name: Draft Release + +on: + push: + branches: + - main + +permissions: + contents: read + +jobs: + draft-release: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 + with: + commitish: main + latest: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-publish.yml similarity index 96% rename from .github/workflows/release-published.yml rename to .github/workflows/release-publish.yml index 62121a5..1c05b3d 100644 --- a/.github/workflows/release-published.yml +++ b/.github/workflows/release-publish.yml @@ -29,7 +29,7 @@ jobs: uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-deploy.yml@0.2.0 with: - git_branch: ${{ github.head_ref }} + git_branch: ${{ github.ref }} tf_version: ${{ needs.get-tg-versions.outputs.tf_version }} tg_version: ${{ needs.get-tg-versions.outputs.tg_version }} environment: ${{ matrix.terragrunt_environment.environment }} From 7a967e5d4a728cc8a7a63970fffe5ef37051cab6 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 30 Jun 2025 11:56:03 -0500 Subject: [PATCH 2/5] Add missing environment input --- .github/workflows/pull-request-plan-production.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pull-request-plan-production.yml b/.github/workflows/pull-request-plan-production.yml index cfe5307..7609ae2 100644 --- a/.github/workflows/pull-request-plan-production.yml +++ b/.github/workflows/pull-request-plan-production.yml @@ -32,6 +32,7 @@ jobs: git_branch: ${{ github.head_ref }} tf_version: ${{ needs.get-tg-versions.outputs.tf_version }} tg_version: ${{ needs.get-tg-versions.outputs.tg_version }} + environment: ${{ matrix.terragrunt_environment.environment }} region: ${{ matrix.terragrunt_environment.region }} env_id: ${{ matrix.terragrunt_environment.instance }} secrets: inherit From d111739bfd403c2c1a2b8e5720b57795f19bcebd Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 30 Jun 2025 12:18:02 -0500 Subject: [PATCH 3/5] Pass assume_role_arn --- .github/workflows/pull-request-plan-production.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pull-request-plan-production.yml b/.github/workflows/pull-request-plan-production.yml index 7609ae2..5a996a4 100644 --- a/.github/workflows/pull-request-plan-production.yml +++ b/.github/workflows/pull-request-plan-production.yml @@ -32,6 +32,7 @@ jobs: git_branch: ${{ github.head_ref }} tf_version: ${{ needs.get-tg-versions.outputs.tf_version }} tg_version: ${{ needs.get-tg-versions.outputs.tg_version }} + assume_role_arn: "arn:aws:iam::159247424670:role/github-actions-deploy-role" environment: ${{ matrix.terragrunt_environment.environment }} region: ${{ matrix.terragrunt_environment.region }} env_id: ${{ matrix.terragrunt_environment.instance }} From 255f940332f84224488307495abacfdfe2c09c7b Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 30 Jun 2025 12:39:23 -0500 Subject: [PATCH 4/5] Update actions check frequency while testing --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c766b7e..329ee5b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,7 +3,7 @@ updates: - package-ecosystem: "github-actions" directory: "/" schedule: - interval: "weekly" + interval: "daily" - package-ecosystem: "uv" directory: "/" schedule: From e7e457d53f309a4f5f493daf7f56ecbb9c86a2e8 Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Mon, 30 Jun 2025 12:39:58 -0500 Subject: [PATCH 5/5] Add plan to production on PR --- .github/workflows/pull-request-plan-production.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pull-request-plan-production.yml b/.github/workflows/pull-request-plan-production.yml index 5a996a4..2f9bdf8 100644 --- a/.github/workflows/pull-request-plan-production.yml +++ b/.github/workflows/pull-request-plan-production.yml @@ -27,7 +27,7 @@ jobs: fail-fast: false matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} - uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-plan-only.yml@feature/plan-only-workflow + uses: launchbynttdata/launch-workflows/.github/workflows/reusable-terragrunt-plan-only.yml@0.3.0 with: git_branch: ${{ github.head_ref }} tf_version: ${{ needs.get-tg-versions.outputs.tf_version }}