Terragrunt #523
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Terragrunt' | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| branches: [ "main" ] | |
| paths: | |
| - "tf/**" | |
| - ".github/workflows/terragrunt.yml" | |
| - ".mise/config.toml" | |
| push: | |
| branches: [ "main" ] | |
| paths: | |
| - "tf/**" | |
| - ".github/workflows/terragrunt.yml" | |
| - ".mise/config.toml" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| env: | |
| working_dir: 'tf/deployment' | |
| TG_NON_INTERACTIVE: 'true' | |
| permissions: {} | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install 1Password CLI | |
| uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2 | |
| with: | |
| version: 2.30.3 | |
| - name: Setup Mise | |
| uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2 | |
| - name: Check Formatting | |
| run: terragrunt hcl format --check --diff | |
| - name: Check terraform fmt | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_DEV_ENV }} | |
| ENVIRONMENT: dev | |
| run: mise run tf fmt -- -diff -check | |
| plan: | |
| runs-on: ubuntu-latest | |
| if: github.ref != 'refs/heads/main' | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install 1Password CLI | |
| uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2 | |
| with: | |
| version: 2.30.3 | |
| - name: Setup Mise | |
| uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2 | |
| - name: Plan Shared | |
| working-directory: ${{ env.working_dir }}/modules/shared | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }} | |
| ENVIRONMENT: prod | |
| run: mise run tf:plan | |
| - name: Plan Dev | |
| working-directory: ${{ env.working_dir }}/modules/scoped | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_DEV_ENV }} | |
| ENVIRONMENT: dev | |
| run: mise run tf:plan | |
| - name: Plan Prod | |
| working-directory: ${{ env.working_dir }}/modules/scoped | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }} | |
| ENVIRONMENT: prod | |
| run: | | |
| mise run tf:init | |
| mise run tf:plan | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Install 1Password CLI | |
| uses: 1password/install-cli-action@9a0c9dd934086b7ab1d90115d455bda1c53c2bdb # v2.0.2 | |
| with: | |
| version: 2.30.3 | |
| - name: Setup Mise | |
| uses: immich-app/devtools/actions/use-mise@dab18118da6476e8237ac94080fd937983fecd42 # use-mise-action-v1.1.2 | |
| - name: Deploy Shared | |
| working-directory: ${{ env.working_dir }}/modules/shared | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }} | |
| ENVIRONMENT: prod | |
| run: mise run tf:apply | |
| - name: Deploy Dev | |
| working-directory: ${{ env.working_dir }}/modules/scoped | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_DEV_ENV }} | |
| ENVIRONMENT: dev | |
| run: mise run tf:apply | |
| - name: Deploy Prod | |
| working-directory: ${{ env.working_dir }}/modules/scoped | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_TF_PROD_ENV }} | |
| ENVIRONMENT: prod | |
| run: | | |
| mise run tf:init | |
| mise run tf:apply |