fix: add HealthyHostCount alarms to App, IdP, API #4110
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Terragrunt plan STAGING" | |
| on: | |
| pull_request: | |
| branches: | |
| - "develop" | |
| paths: | |
| - "aws/**" | |
| - "env/common/**" | |
| - "env/cloud/**" | |
| - "idp/**" | |
| - "lambda-code/**" | |
| - ".github/workflows/terragrunt-plan-staging.yml" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| env: | |
| APP_ENV: staging | |
| APP_DOMAINS: ${{ vars.STAGING_APP_DOMAINS }} | |
| API_DOMAIN: ${{ vars.STAGING_API_DOMAIN }} | |
| IDP_DOMAIN: ${{ vars.STAGING_IDP_DOMAIN }} | |
| AWS_ACCOUNT_ID: ${{ vars.STAGING_AWS_ACCOUNT_ID }} | |
| AWS_REGION: ca-central-1 | |
| CONFTEST_VERSION: 0.46.0 | |
| TERRAFORM_VERSION: 1.9.2 | |
| TERRAGRUNT_VERSION: 0.63.2 | |
| TF_INPUT: false | |
| # API | |
| FF_API: true | |
| TF_VAR_zitadel_application_key: ${{ secrets.STAGING_ZITADEL_APPLICATION_KEY }} | |
| # App | |
| TF_VAR_ecs_secret_token: ${{ secrets.STAGING_TOKEN_SECRET }} | |
| TF_VAR_recaptcha_secret: ${{ secrets.STAGING_RECAPTCHA_SITE_SECRET }} | |
| TF_VAR_recaptcha_public: 6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY | |
| TF_VAR_notify_callback_bearer_token: ${{ secrets.STAGING_GC_NOTIFY_CALLBACK_BEARER_TOKEN }} | |
| TF_VAR_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }} | |
| TF_VAR_freshdesk_api_key: ${{ secrets.STAGING_FRESHDESK_API_KEY }} | |
| TF_VAR_sentry_api_key: ${{ secrets.STAGING_SENTRY_API_KEY }} | |
| TF_VAR_rds_connector_db_password: ${{ secrets.STAGING_DB_PASSWORD_RDS_CONNECTOR }} | |
| TF_VAR_rds_db_password: ${{ secrets.STAGING_DB_PASSWORD }} | |
| TF_VAR_slack_webhook: ${{ secrets.STAGING_SLACK_WEBHOOK }} | |
| TF_VAR_opsgenie_api_key: ${{ secrets.STAGING_OPSGENIE_API_KEY }} | |
| TF_VAR_gc_temp_token_template_id: b6885d06-d10a-422a-973f-05e274d9aa86 | |
| TF_VAR_gc_template_id: 8d597a1b-a1d6-4e3c-8421-042a2b4158b7 | |
| TF_VAR_cognito_code_template_id: 12a18f84-062c-4a67-8310-bf114af051ea | |
| TF_VAR_email_address_contact_us: ${{ vars.STAGING_CONTACT_US_EMAIL }} | |
| TF_VAR_email_address_support: ${{ vars.STAGING_SUPPORT_EMAIL }} | |
| TF_VAR_zitadel_provider: ${{ vars.STAGING_ZITADEL_PROVIDER }} | |
| TF_VAR_zitadel_administration_key: ${{ secrets.STAGING_ZITADEL_ADMINISTRATION_KEY }} | |
| # IdP | |
| FF_IDP: true | |
| TF_VAR_idp_database_cluster_admin_username: ${{ secrets.STAGING_IDP_DATABASE_CLUSTER_ADMIN_USERNAME }} | |
| TF_VAR_idp_database_cluster_admin_password: ${{ secrets.STAGING_IDP_DATABASE_CLUSTER_ADMIN_PASSWORD }} | |
| TF_VAR_zitadel_admin_password: ${{ secrets.STAGING_ZITADEL_ADMIN_PASSWORD }} | |
| TF_VAR_zitadel_admin_username: ${{ secrets.STAGING_ZITADEL_ADMIN_USERNAME }} | |
| TF_VAR_zitadel_database_name: ${{ secrets.STAGING_ZITADEL_DATABASE_NAME }} | |
| TF_VAR_zitadel_database_user_password: ${{ secrets.STAGING_ZITADEL_DATABASE_USER_PASSWORD }} | |
| TF_VAR_zitadel_database_user_username: ${{ secrets.STAGING_ZITADEL_DATABASE_USER_USERNAME }} | |
| TF_VAR_zitadel_secret_key: ${{ secrets.STAGING_ZITADEL_SECRET_KEY }} | |
| jobs: | |
| detect-lambda-changes: | |
| if: ${{ ! startsWith(github.head_ref , 'release-please--') }} | |
| runs-on: ubuntu-latest | |
| outputs: | |
| lambda-to-rebuild: ${{ steps.filter.outputs.changes }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Filter | |
| id: filter | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| with: | |
| filters: .github/lambda-filter.yml | |
| test-lambda-code: | |
| needs: detect-lambda-changes | |
| if: needs.detect-lambda-changes.outputs.lambda-to-rebuild != '[]' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Test Lambda code | |
| uses: ./.github/workflows/test-lambda-code | |
| with: | |
| lambda-directory: lambda-code/${{ matrix.image }} | |
| lambda-name: ${{ matrix.image }} | |
| build-lambda-images: | |
| needs: detect-lambda-changes | |
| if: needs.detect-lambda-changes.outputs.lambda-to-rebuild != '[]' | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: ${{ fromJSON(needs.detect-lambda-changes.outputs.lambda-to-rebuild) }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Build Lambda images | |
| uses: ./.github/workflows/build-lambda-images | |
| with: | |
| lambda-directory: lambda-code/${{ matrix.image }} | |
| lambda-name: ${{ matrix.image }} | |
| build-idp-image: | |
| if: ${{ ! startsWith(github.head_ref , 'release-please--') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| - name: Build IdP image | |
| working-directory: idp | |
| run: | | |
| make build | |
| terragrunt-plan: | |
| if: ${{ ! startsWith(github.head_ref , 'release-please--') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| # Setup Terraform, Terragrunt, and Conftest | |
| - name: Setup terraform tools | |
| uses: cds-snc/terraform-tools-setup@v1 | |
| - name: Configure AWS credentials using OIDC | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-plan | |
| role-session-name: TFPlan | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: filter | |
| with: | |
| filters: .github/module-filter.yml | |
| # No dependencies | |
| - name: Terragrunt plan ecr | |
| if: steps.filter.outputs.ecr == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/ecr" | |
| comment-delete: "true" | |
| comment-title: "Staging: ecr" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan hosted_zone | |
| if: steps.filter.outputs.hosted_zone == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/hosted_zone" | |
| comment-delete: "true" | |
| comment-title: "Staging: hosted_zone" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan kms | |
| if: steps.filter.outputs.kms == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/kms" | |
| comment-delete: "true" | |
| comment-title: "Staging: kms" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan oidc_roles | |
| if: steps.filter.outputs.oidc_roles == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/oidc_roles" | |
| comment-delete: "true" | |
| comment-title: "Staging: oidc_roles" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan sqs | |
| if: steps.filter.outputs.sqs == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/sqs" | |
| comment-delete: "true" | |
| comment-title: "Staging: sqs" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan secrets | |
| if: steps.filter.outputs.secrets == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/secrets" | |
| comment-delete: "true" | |
| comment-title: "Staging: secrets" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan s3 | |
| if: steps.filter.outputs.s3 == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/s3" | |
| comment-delete: "true" | |
| comment-title: "Staging: s3" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| # Depends on S3 | |
| - name: Terragrunt plan file_scanning | |
| if: steps.filter.outputs.file_scanning == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/file_scanning" | |
| comment-delete: "true" | |
| comment-title: "Staging: file_scanning" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| # Depends on kms | |
| - name: Terragrunt plan sns | |
| if: steps.filter.outputs.sns == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/sns" | |
| comment-delete: "true" | |
| comment-title: "Staging: sns" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan cognito | |
| if: steps.filter.outputs.cognito == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/cognito" | |
| comment-delete: "true" | |
| comment-title: "Staging: cognito" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan network | |
| if: steps.filter.outputs.network == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/network" | |
| comment-delete: "true" | |
| comment-title: "Staging: network" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan dynamodb | |
| if: steps.filter.outputs.dynamodb == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/dynamodb" | |
| comment-delete: "true" | |
| comment-title: "Staging: dynamodb" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| # Depends on network | |
| - name: Terragrunt plan load_balancer | |
| if: steps.filter.outputs.load_balancer == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/load_balancer" | |
| comment-delete: "true" | |
| comment-title: "Staging: load_balancer" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan redis | |
| if: steps.filter.outputs.redis == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/redis" | |
| comment-delete: "true" | |
| comment-title: "Staging: redis" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan rds | |
| if: steps.filter.outputs.rds == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/rds" | |
| comment-delete: "true" | |
| comment-title: "Staging: rds" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan idp | |
| if: steps.filter.outputs.idp == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/idp" | |
| comment-delete: "true" | |
| comment-title: "Staging: idp" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| # Depends on everything | |
| - name: Terragrunt plan app | |
| if: steps.filter.outputs.app == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/app" | |
| comment-delete: "true" | |
| comment-title: "Staging: app" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan api | |
| if: steps.filter.outputs.api == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/api" | |
| comment-delete: "true" | |
| comment-title: "Staging: api" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan lambdas | |
| if: steps.filter.outputs.lambdas == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/lambdas" | |
| comment-delete: "true" | |
| comment-title: "Staging: lambdas" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan alarms | |
| if: steps.filter.outputs.alarms == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/alarms" | |
| comment-delete: "true" | |
| comment-title: "Staging: alarms" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan load_testing | |
| if: steps.filter.outputs.load_testing == 'true' | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/load_testing" | |
| comment-delete: "true" | |
| comment-title: "Staging: load_testing" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" | |
| - name: Terragrunt plan pr_review | |
| uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2 | |
| with: | |
| directory: "env/cloud/pr_review" | |
| comment-delete: "true" | |
| comment-title: "Staging: pr_review" | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| terragrunt: "true" |