QoL Updates to 'im-deploy-tf-manual-apply.tf'

workflow-templates/im-deploy-tf-manual-apply.yml

@@ -1,4 +1,4 @@
-# Workflow Code: InsaneHamster_v52    DO NOT REMOVE
+# Workflow Code: InsaneHamster_v53    DO NOT REMOVE
 # Purpose:
 #    Deploys the terraform from a specified root module at a
 #    specified when someone kicks off the workflow manually.
@@ -149,25 +149,13 @@ jobs:
           # RUNS_ON_GROUP@dev qa stage prod: 'dynamic-runners' # TODO: Uncomment if you are deploying to Managed SQL Server as it requires a region specific runner
           # RUNS_ON_GROUP@stage-secondary prod-secondary: 'dynamic-runners-secondary' # TODO: Uncomment if you are deploying to Managed SQL Server as it requires a region specific runner
 
-  # Each env has their own stakeholder approval environment.  If no required reviewers are set for
-  # that environment, the workflow will continue without requiring anyone to approve the deployment.
-  stakeholder-approval:
-    needs: [set-vars]
-    runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners
-    environment: '${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }} Stakeholder Approval' # Use inputs context because env context is not available to environment:
-    steps:
-      - name: Approval Received
-        run: echo "Stakeholder approval was received"
-
   tf-plan:
-    needs: [set-vars, stakeholder-approval]
+    needs: [set-vars]
     runs-on: im-linux
     # runs-on: # TODO: Delete if you don't deploy to Managed SQL Server
     #   labels: im-linux
     #   group: ${{ needs.set-vars.outputs.RUNS_ON_GROUP }} # TODO: Uncomment if you are deploying to Managed SQL Server as it requires a region specific runner
     environment: ${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }}
-    env:
-      PAGERDUTY_WINDOW_IN_MIN: 30 # TODO: Verify the length of your PD Maintenance Window
 
     defaults:
       run:
@@ -190,16 +178,6 @@ jobs:
         with:
           deploy-key-info: ${{ env.SSH_DEPLOY_KEY_INFO }}
 
-      - name: Open a PagerDuty Maintenance Window
-        id: open-window
-        uses: im-open/open-pagerduty-maintenance-window@v1.3
-        with:
-          pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret
-          description: '${{ env.DEPLOYMENT_DESC }}'
-          minutes: ${{ env.PAGERDUTY_WINDOW_IN_MIN }}
-          service-id: ${{ vars.PAGERDUTY_SERVICE_ID }} # This is an env-level variable
-          #service-ids: '' # TODO: Provide a comma separated list if there are multiple ids. 'PD01,PD02,PD03'
-
       - name: AZ Login
         uses: azure/login@v2
         with:
@@ -281,12 +259,24 @@ jobs:
           az cache purge
           az account clear
 
+  # Each env has their own stakeholder approval environment.  If no required reviewers are set for
+  # that environment, the workflow will continue without requiring anyone to approve the deployment.
+  stakeholder-approval:
+    needs: [set-vars, tf-plan]
+    runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners
+    environment: '${{ needs.set-vars.outputs.GITHUB_SECRETS_ENVIRONMENT }} Stakeholder Approval' # Use inputs context because env context is not available to environment:
+    steps:
+      - name: Approval Received
+        run: echo "Stakeholder approval was received"
+
   # This job targets the Terraform Approval environment.  This will break the workflow and give one of the
   # required reviewers for this environment a chance to look at the plan in the previous job and approve it.
   tf-plan-manual-approval:
     needs: [set-vars, tf-plan]
     runs-on: ubuntu-latest # Force this to run on github-hosted runner by using a tag that does not exist on self-hosted runners
     environment: 'Terraform Approval' # TODO: Add required reviewers to this environment in GitHub.  This should be anyone who can review a terraform plan and proceed with the deployment
+    env:
+      PAGERDUTY_WINDOW_IN_MIN: 30 # TODO: Verify the length of your PD Maintenance Window
     steps:
       - name: Approval Received
         run: echo "Approval on the tf plan was received"
@@ -374,9 +364,26 @@ jobs:
         id: init
         run: terraform init
 
+      - name: Open a PagerDuty Maintenance Window
+        id: open-window
+        uses: im-open/open-pagerduty-maintenance-window@v1.3
+        with:
+          pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret
+          description: '${{ env.DEPLOYMENT_DESC }}'
+          minutes: ${{ env.PAGERDUTY_WINDOW_IN_MIN }}
+          service-id: ${{ vars.PAGERDUTY_SERVICE_ID }} # This is an env-level variable
+          #service-ids: '' # TODO: Provide a comma separated list if there are multiple ids. 'PD01,PD02,PD03'
+
       - name: Terraform Apply
         run: terraform apply -auto-approve -no-color -lock-timeout=90s -input=false ./plans/tfplan
 
+
+      - name: Close the PagerDuty Maintenance Window
+        uses: im-open/close-pagerduty-maintenance-window@v1.2
+        with:
+          pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret
+          maintenance-window-id: ${{ needs.tf-plan.outputs.maintenance_window_id }}
+
       - name: Annotate App Insights
         uses: im-open/create-app-insights-annotation@v1.0
         continue-on-error: true
@@ -410,12 +417,6 @@ jobs:
           az cache purge
           az account clear
 
-      - name: Close the PagerDuty Maintenance Window
-        uses: im-open/close-pagerduty-maintenance-window@v1.2
-        with:
-          pagerduty-api-key: ${{ secrets.PAGERDUTY_API_KEY }} # This is an org-level secret
-          maintenance-window-id: ${{ needs.tf-plan.outputs.maintenance_window_id }}
-
   # This job utilizes a reusable workflow which will:
   #  1 - Update the deployment board based on the workflow conclusion
   #  2 - Post a deployment status in the repo owner's Teams channel (connected to the MS_TEAMS_URI secret)