diff --git a/workflow-templates/im-deploy-tf-manual-apply.yml b/workflow-templates/im-deploy-tf-manual-apply.yml index 8eb926a..0c8ed88 100644 --- a/workflow-templates/im-deploy-tf-manual-apply.yml +++ b/workflow-templates/im-deploy-tf-manual-apply.yml @@ -1,4 +1,4 @@ -# Workflow Code: InsaneHamster_v52 DO NOT REMOVE +# Workflow Code: InsaneHamster_v53 DO NOT REMOVE # Purpose: # Deploys the terraform from a specified root module at a # specified when someone kicks off the workflow manually. @@ -149,25 +149,13 @@ jobs: # RUNS_ON_GROUP@dev qa stage prod: 'dynamic-runners' # TODO: Uncomment if you are deploying to Managed SQL Server as it requires a region specific runner # RUNS_ON_GROUP@stage-secondary prod-secondary: 'dynamic-runners-secondary' # TODO: Uncomment if you are deploying to Managed SQL Server as it requires a region specific runner - # Each env has their own stakeholder approval environment. If no required reviewers are set for - # that environment, the workflow will continue without requiring anyone to approve the deployment. - stakeholder-approval: - needs: [set-vars] - runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners - environment: '${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }} Stakeholder Approval' # Use inputs context because env context is not available to environment: - steps: - - name: Approval Received - run: echo "Stakeholder approval was received" - tf-plan: - needs: [set-vars, stakeholder-approval] + needs: [set-vars] runs-on: im-linux # runs-on: # TODO: Delete if you don't deploy to Managed SQL Server # labels: im-linux # group: ${{ needs.set-vars.outputs.RUNS_ON_GROUP }} # TODO: Uncomment if you are deploying to Managed SQL Server as it requires a region specific runner environment: ${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }} - env: - PAGERDUTY_WINDOW_IN_MIN: 30 # TODO: Verify the length of your PD Maintenance Window defaults: run: @@ -190,16 +178,6 @@ jobs: with: deploy-key-info: ${{ env.SSH_DEPLOY_KEY_INFO }} - - name: Open a PagerDuty Maintenance Window - id: open-window - uses: im-open/open-pagerduty-maintenance-window@v1.3 - with: - pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret - description: '${{ env.DEPLOYMENT_DESC }}' - minutes: ${{ env.PAGERDUTY_WINDOW_IN_MIN }} - service-id: ${{ vars.PAGERDUTY_SERVICE_ID }} # This is an env-level variable - #service-ids: '' # TODO: Provide a comma separated list if there are multiple ids. 'PD01,PD02,PD03' - - name: AZ Login uses: azure/login@v2 with: @@ -281,12 +259,24 @@ jobs: az cache purge az account clear + # Each env has their own stakeholder approval environment. If no required reviewers are set for + # that environment, the workflow will continue without requiring anyone to approve the deployment. + stakeholder-approval: + needs: [set-vars, tf-plan] + runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners + environment: '${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }} Stakeholder Approval' # Use inputs context because env context is not available to environment: + steps: + - name: Approval Received + run: echo "Stakeholder approval was received" + # This job targets the Terraform Approval environment. This will break the workflow and give one of the # required reviewers for this environment a chance to look at the plan in the previous job and approve it. tf-plan-manual-approval: needs: [set-vars, tf-plan] runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners environment: 'Terraform Approval' # TODO: Add required reviewers to this environment in GitHub. This should be anyone who can review a terraform plan and proceed with the deployment + env: + PAGERDUTY_WINDOW_IN_MIN: 30 # TODO: Verify the length of your PD Maintenance Window steps: - name: Approval Received run: echo "Approval on the tf plan was received" @@ -374,9 +364,26 @@ jobs: id: init run: terraform init + - name: Open a PagerDuty Maintenance Window + id: open-window + uses: im-open/open-pagerduty-maintenance-window@v1.3 + with: + pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret + description: '${{ env.DEPLOYMENT_DESC }}' + minutes: ${{ env.PAGERDUTY_WINDOW_IN_MIN }} + service-id: ${{ vars.PAGERDUTY_SERVICE_ID }} # This is an env-level variable + #service-ids: '' # TODO: Provide a comma separated list if there are multiple ids. 'PD01,PD02,PD03' + - name: Terraform Apply run: terraform apply -auto-approve -no-color -lock-timeout=90s -input=false ./plans/tfplan + + - name: Close the PagerDuty Maintenance Window + uses: im-open/close-pagerduty-maintenance-window@v1.2 + with: + pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret + maintenance-window-id: ${{ needs.tf-plan.outputs.maintenance_window_id }} + - name: Annotate App Insights uses: im-open/create-app-insights-annotation@v1.0 continue-on-error: true @@ -410,12 +417,6 @@ jobs: az cache purge az account clear - - name: Close the PagerDuty Maintenance Window - uses: im-open/close-pagerduty-maintenance-window@v1.2 - with: - pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret - maintenance-window-id: ${{ needs.tf-plan.outputs.maintenance_window_id }} - # This job utilizes a reusable workflow which will: # 1 - Update the deployment board based on the workflow conclusion # 2 - Post a deployment status in the repo owner's Teams channel (connected to the MS_TEAMS_URI secret)