Skip to content
Deploy - Sandbox

NDR-373 | tikn2 | skip_main_deployment = false #1499

Sign in to view logs

NDR-373 | tikn2 | skip_main_deployment = false

NDR-373 | tikn2 | skip_main_deployment = false #1499

Workflow file for this run

.github/workflows/deploy-sandbox.yml at 3557b78
name: "Deploy - Sandbox"
run-name: "${{ github.event.inputs.git_ref }} | ${{ github.event.inputs.sandbox_name }} | skip_main_deployment = ${{ github.event.inputs.skip_main_deployment }}"
on:
workflow_dispatch:
inputs:
git_ref:
description: "Branch, tag or SHA to deploy"
required: true
type: "string"
sandbox_name:
description: "Sandbox name [a-z0-9]{1,7}"
required: true
type: "string"
skip_main_deployment:
description: "Skip main deployment"
required: true
type: "boolean"
default: false
permissions:
pull-requests: write
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
validate_inputs:
name: Validate Inputs
runs-on: ubuntu-latest
environment: development
steps:
- name: Validate sandbox name
run: |
if ! [[ "$SANDBOX_NAME" =~ ^[a-z0-9]{1,7}$ ]]; then
echo "Sandbox name must match [a-z0-9]{1,7} (lowercase letters and digits only, 1-7 chars)."
exit 1
fi
env:
SANDBOX_NAME: ${{ github.event.inputs.sandbox_name }}
terraform_plan_apply_base_iam:
name: Terraform Plan/Apply (base_iam)
runs-on: ubuntu-latest
needs: validate_inputs
environment: development
steps:
- name: Checkout branch
uses: actions/checkout@v6
with:
ref: ${{ github.event.inputs.git_ref}}
- name: Apply base_iam
uses: ./.github/actions/tf-plan-apply
with:
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/dev-github-bootstrap
bucket_prefix: "dev"
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_region: ${{ vars.AWS_REGION }}
working_directory: "./base_iam" # Use separate base_iam directory
workspace: ${{ github.event.inputs.sandbox_name }}
tf_vars_file: ${{ vars.TF_VARS_FILE }}
tf_extra_args: "-var aws_account_id=${{ secrets.AWS_ACCOUNT_ID }}"
terraform_plan_apply_main:
name: Terraform Plan/Apply (main)
if: ${{ !inputs.skip_main_deployment }}
runs-on: ubuntu-latest
needs: terraform_plan_apply_base_iam
environment: development
steps:
- name: Checkout main
uses: actions/checkout@v6
with:
ref: main
- name: Apply Main
uses: ./.github/actions/tf-plan-apply
with:
# use newly created role
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
bucket_prefix: "dev"
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_region: ${{ vars.AWS_REGION }}
workspace: ${{ github.event.inputs.sandbox_name }}
tf_vars_file: ${{ vars.TF_VARS_FILE }}
terraform_plan_apply_branch:
name: Terraform Plan/Apply (branch)
if: ${{ always() && github.event.inputs.git_ref != 'main' && needs.validate_inputs.result == 'success' && needs.terraform_plan_apply_base_iam.result == 'success' && (needs.terraform_plan_apply_main.result == 'success' || needs.terraform_plan_apply_main.result == 'skipped') }}
runs-on: ubuntu-latest
needs: [validate_inputs, terraform_plan_apply_base_iam, terraform_plan_apply_main]
environment: development
steps:
- name: Checkout Branch
uses: actions/checkout@v6
with:
ref: ${{ github.event.inputs.git_ref}}
- name: Apply Branch
uses: ./.github/actions/tf-plan-apply
with:
# use newly created role
aws_assume_role: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ github.event.inputs.sandbox_name}}-github-actions-role
bucket_prefix: "dev"
aws_account_id: ${{ secrets.AWS_ACCOUNT_ID }}
aws_region: ${{ vars.AWS_REGION }}
workspace: ${{ github.event.inputs.sandbox_name }}
tf_vars_file: ${{ vars.TF_VARS_FILE }}