Validation Rules Engine #1955
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Terraform CI Deploy | |
on: | |
pull_request: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
paths-filter: | |
runs-on: ubuntu-latest | |
outputs: | |
operations: ${{ steps.filter.outputs.operations }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
operations: | |
- 'operations/environments/pr/**' | |
- 'operations/template/**' | |
terraform-deploy: | |
name: PR Infrastructure Deploy | |
needs: paths-filter | |
uses: ./.github/workflows/terraform-deploy_reusable.yml | |
if: needs.paths-filter.outputs.operations == 'true' | |
with: | |
ENVIRONMENT: pr | |
TERRAFORM_DIRECTORY: operations/environments/pr | |
TERRAFORM_INIT_PARAMETERS: -backend-config="key=pr_${{ github.event.number }}.tfstate" | |
TERRAFORM_APPLY_PARAMETERS: -var="pr_number=${{ github.event.number }}" | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
terraform-deploy-skip: # runs when the PR doesn't have any changes that require the PR deploy; this ensures we get the appropriate required PR checks | |
name: PR Infrastructure Deploy # this name must match the above `terraform-deploy` job's name | |
needs: paths-filter | |
uses: ./.github/workflows/terraform-deploy_reusable-skip.yml | |
if: needs.paths-filter.outputs.operations != 'true' | |
pr-deploy: | |
name: PR Application Deploy | |
needs: | |
- terraform-deploy | |
- paths-filter | |
uses: ./.github/workflows/deploy_reusable.yml | |
if: needs.paths-filter.outputs.operations == 'true' | |
with: | |
ENVIRONMENT: pr | |
REPO: trusted-intermediary-router | |
REPO_DOCS: trusted-intermediary-docs | |
APP: ${{ needs.terraform-deploy.outputs.APP }} | |
REGISTRY: ${{ needs.terraform-deploy.outputs.REGISTRY }} | |
secrets: | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
pr-deploy-skip: # runs when the PR doesn't have any changes that require the PR deploy; this ensures we get the appropriate required PR checks | |
name: PR Application Deploy # this name must match the above `pr-deploy` job's name | |
needs: | |
- paths-filter | |
uses: ./.github/workflows/deploy_reusable-skip.yml | |
if: needs.paths-filter.outputs.operations != 'true' | |
destroy-environment: | |
name: Destroy PR Environment | |
environment: | |
name: pr | |
needs: | |
- pr-deploy | |
- paths-filter | |
if: needs.paths-filter.outputs.operations == 'true' && always() | |
runs-on: ubuntu-latest | |
env: | |
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
ARM_USE_OIDC: true | |
permissions: | |
id-token: write | |
contents: read | |
defaults: | |
run: | |
working-directory: operations/environments/pr | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Terraform Init | |
id: init | |
run: terraform init -backend-config="key=pr_${{ github.event.number }}.tfstate" | |
- name: Terraform Destroy | |
run: terraform destroy -auto-approve -input=false -var="pr_number=${{ github.event.number }}" |