Merge pull request #23 from WalletConnect/fix/cached_target_cleanup #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Infra - Plan | ||
|
Check failure on line 1 in .github/workflows/ci-plan-infra.yml
|
||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| version: | ||
| description: 'The image version to use in the ECS task definition' | ||
| type: string | ||
| default: 'latest' | ||
| stage: | ||
| description: 'The environment to plan against' | ||
| type: string | ||
| required: true | ||
| stage-url: | ||
| description: 'The URL of the environment' | ||
| type: string | ||
| required: true | ||
| grafana-workspace-name: | ||
| description: 'The name of the Grafana workspace for the monitoring deployment' | ||
| type: string | ||
| default: ${{ vars.GRAFANA_WORKSPACE_NAME }} | ||
| tf-directory: | ||
| description: 'The directory containing the Terraform files' | ||
| type: string | ||
| default: ${{ vars.TF_DIRECTORY }} | ||
| tf-variables: | ||
| description: 'The values of the dynamic Terraform variables' | ||
| type: string | ||
| default: '' | ||
| aws-region: | ||
| description: 'The AWS region to deploy to' | ||
| type: string | ||
| default: ${{ vars.AWS_REGION }} | ||
| aws-role-monitoring-arn: | ||
| description: 'The ARN of the AWS role to assume for the monitoring deployment' | ||
| type: string | ||
| default: ${{ vars.AWS_ROLE_MONITORING }} | ||
| run-label: | ||
| description: 'The run label to use for the actions' | ||
| type: string | ||
| default: 'ubuntu-latest' | ||
| secrets: | ||
| TF_API_TOKEN: | ||
| required: true | ||
| ANTHROPIC_API_KEY: | ||
| required: false | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
| pull-requests: write | ||
| concurrency: deploy-${{ inputs.stage }} | ||
| env: | ||
| TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }} | ||
| TF_WORKSPACE: wl-${{ inputs.stage }} | ||
| jobs: | ||
| plan: | ||
| name: Plan `${{ inputs.stage }}` | ||
| runs-on: ${{ inputs.run-label }} | ||
| environment: | ||
| name: ${{ inputs.stage }} | ||
| url: ${{ inputs.stage-url }} | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v6 | ||
| with: | ||
| submodules: recursive | ||
| token: ${{ secrets.PRIVATE_SUBMODULE_ACCESS_TOKEN || github.token }} | ||
| - name: Configure AWS Credentials for Monitoring account | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ inputs.aws-role-monitoring-arn }} | ||
| aws-region: ${{ inputs.aws-region }} | ||
| - name: Create Grafana key | ||
| id: grafana-get-key | ||
| uses: WalletConnect/ci_workflows/.github/actions/grafana-key@main | ||
| with: | ||
| workspace-name: ${{ inputs.grafana-workspace-name }} | ||
| key-prefix: ${{ github.event.repository.name }} | ||
| - name: Setup Terraform | ||
| uses: hashicorp/setup-terraform@v3 | ||
| with: | ||
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | ||
| - name: Cache Terraform data | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: ${{ inputs.tf-directory }}/.terraform | ||
| key: terraform-${{ hashFiles('${{ inputs.tf-directory }}/.terraform.lock.hcl') }} | ||
| - name: Init Terraform | ||
| working-directory: ${{ inputs.tf-directory }} | ||
| run: terraform init -no-color | ||
| - name: Configure Terraform Variables | ||
| uses: WalletConnect/ci_workflows/.github/actions/tf-vars@main | ||
| with: | ||
| infra-directory: ${{ inputs.tf-directory }} | ||
| variables: | | ||
| image_version:${{ inputs.version }} | ||
| grafana_auth:${{ steps.grafana-get-key.outputs.key }} | ||
| ${{ inputs.tf-variables }} | ||
| - name: Plan ${{ inputs.stage }} | ||
| working-directory: ${{ inputs.tf-directory }} | ||
| run: | | ||
| set -o pipefail | ||
| terraform plan -no-color 2>&1 | tee /tmp/plan_output.txt | ||
| - name: Upload Plan Output | ||
| if: always() && github.event_name == 'pull_request' | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: terraform-plan-${{ inputs.stage }} | ||
| path: /tmp/plan_output.txt | ||
| retention-days: 1 | ||
| - name: Claude AI Review | ||
| if: github.event_name == 'pull_request' && secrets.ANTHROPIC_API_KEY != '' | ||
| continue-on-error: true | ||
| uses: WalletConnect/actions/claude/terraform-plan-review@master | ||
| with: | ||
| anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }} | ||
| terraform_plan_file: /tmp/plan_output.txt | ||
| - name: Delete Grafana key | ||
| if: ${{ always() }} | ||
| uses: WalletConnect/actions/aws/grafana/delete-key/@2.5.4 | ||
| with: | ||
| workspace-id: ${{ steps.grafana-get-key.outputs.workspace-id }} | ||
| key-name: ${{ steps.grafana-get-key.outputs.key-name }} | ||
