fix: async issue with lambda notification logic #2443
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Terragrunt plan STAGING" | |
on: | |
pull_request: | |
branches: | |
- "develop" | |
paths: | |
- "aws/**" | |
- "env/common/**" | |
- "env/cloud/**" | |
- ".github/workflows/terragrunt-plan-staging.yml" | |
permissions: | |
id-token: write | |
contents: read | |
pull-requests: write | |
env: | |
APP_ENV: staging | |
APP_DOMAINS: ${{ vars.STAGING_APP_DOMAINS }} | |
AWS_ACCOUNT_ID: ${{ vars.STAGING_AWS_ACCOUNT_ID }} | |
AWS_REGION: ca-central-1 | |
CONFTEST_VERSION: 0.46.0 | |
TERRAFORM_VERSION: 1.6.6 | |
TERRAGRUNT_VERSION: 0.54.8 | |
TF_INPUT: false | |
TF_VAR_ecs_secret_token: ${{ secrets.STAGING_TOKEN_SECRET }} | |
TF_VAR_recaptcha_secret: ${{secrets.STAGING_RECAPTCHA_SITE_SECRET}} | |
TF_VAR_notify_callback_bearer_token: ${{ secrets.STAGING_GC_NOTIFY_CALLBACK_BEARER_TOKEN }} | |
TF_VAR_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }} | |
TF_VAR_freshdesk_api_key: ${{ secrets.STAGING_FRESHDESK_API_KEY }} | |
TF_VAR_recaptcha_public: 6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY | |
TF_VAR_rds_db_password: ${{ secrets.STAGING_DB_PASSWORD }} | |
TF_VAR_slack_webhook: ${{ secrets.STAGING_SLACK_WEBHOOK }} | |
TF_VAR_opsgenie_api_key: ${{ secrets.STAGING_OPSGENIE_API_KEY }} | |
TF_VAR_gc_temp_token_template_id: b6885d06-d10a-422a-973f-05e274d9aa86 | |
TF_VAR_gc_template_id: 8d597a1b-a1d6-4e3c-8421-042a2b4158b7 | |
TF_VAR_cognito_code_template_id: 12a18f84-062c-4a67-8310-bf114af051ea | |
TF_VAR_email_address_contact_us: ${{ vars.STAGING_CONTACT_US_EMAIL }} | |
TF_VAR_email_address_support: ${{ vars.STAGING_SUPPORT_EMAIL }} | |
jobs: | |
terragrunt-plan: | |
if: ${{!startsWith(github.head_ref , 'release-please--')}} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0 | |
# https://github.com/jlumbroso/free-disk-space/tree/54081f138730dfa15788a46383842cd2f914a1be#example | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@main | |
with: | |
# this might remove tools that are actually needed, | |
# if set to "true" but frees about 6 GB | |
tool-cache: false | |
# all of these default to true, but feel free to set to | |
# "false" if necessary for your workflow | |
android: true | |
dotnet: true | |
haskell: true | |
large-packages: true | |
docker-images: true | |
swap-storage: true | |
# Setup Terraform, Terragrunt, and Conftest | |
- name: Setup terraform tools | |
uses: cds-snc/terraform-tools-setup@v1 | |
- name: Configure AWS credentials using OIDC | |
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 | |
with: | |
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-plan | |
role-session-name: TFPlan | |
aws-region: ${{ env.AWS_REGION }} | |
- uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # tag=v2.10.4 | |
id: filter | |
with: | |
filters: | | |
alarms: | |
- 'aws/alarms/**' | |
- 'env/cloud/alarms/**' | |
app: | |
- 'aws/app/**' | |
- 'env/cloud/app/**' | |
cognito: | |
- 'aws/cognito/**' | |
- 'env/cloud/cognito/**' | |
common: | |
- '.github/workflows/terragrunt-plan-staging.yml' | |
- 'env/common/**' | |
- 'env/terragrunt.hcl' | |
dynamodb: | |
- 'aws/dynamodb/**' | |
- 'env/cloud/dynamodb/**' | |
ecr: | |
- 'aws/ecr/**' | |
- 'env/cloud/ecr/**' | |
hosted_zone: | |
- 'aws/hosted_zone/**' | |
- 'env/cloud/hosted_zone/**' | |
kms: | |
- 'aws/kms/**' | |
- 'env/cloud/kms/**' | |
lambdas: | |
- 'aws/lambdas/**' | |
- 'env/cloud/lambdas/**' | |
load_balancer: | |
- 'aws/load_balancer/**' | |
- 'env/cloud/load_balancer/**' | |
load_testing: | |
- 'aws/load_testing/**' | |
- 'env/cloud/load_testing/**' | |
network: | |
- 'aws/network/**' | |
- 'env/cloud/network/**' | |
oidc_roles: | |
- 'aws/oidc_roles/**' | |
- 'env/cloud/oidc_roles/**' | |
rds: | |
- 'aws/rds/**' | |
- 'env/cloud/rds/**' | |
redis: | |
- 'aws/redis/**' | |
- 'env/cloud/redis/**' | |
s3: | |
- 'aws/s3/**' | |
- 'env/cloud/s3/**' | |
file_scanning: | |
- 'aws/file_scanning/**' | |
- 'env/cloud/file_scanning/**' | |
secrets: | |
- 'aws/secrets/**' | |
- 'env/cloud/secrets/**' | |
sns: | |
- 'aws/sns/**' | |
- 'env/cloud/sns/**' | |
sqs: | |
- 'aws/sqs/**' | |
- 'env/cloud/sqs/**' | |
# No dependencies | |
- name: Terragrunt plan ecr | |
if: ${{ steps.filter.outputs.ecr == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/ecr" | |
comment-delete: "true" | |
comment-title: "Staging: ecr" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan hosted_zone | |
if: ${{ steps.filter.outputs.hosted_zone == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/hosted_zone" | |
comment-delete: "true" | |
comment-title: "Staging: hosted_zone" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan kms | |
if: ${{ steps.filter.outputs.kms == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/kms" | |
comment-delete: "true" | |
comment-title: "Staging: kms" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan oidc_roles | |
if: ${{ steps.filter.outputs.oidc_roles == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/oidc_roles" | |
comment-delete: "true" | |
comment-title: "Staging: oidc_roles" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan sqs | |
if: ${{ steps.filter.outputs.sqs == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/sqs" | |
comment-delete: "true" | |
comment-title: "Staging: sqs" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan secrets | |
if: ${{ steps.filter.outputs.secrets == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/secrets" | |
comment-delete: "true" | |
comment-title: "Staging: secrets" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan s3 | |
if: ${{ steps.filter.outputs.s3 == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/s3" | |
comment-delete: "true" | |
comment-title: "Staging: s3" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on S3 | |
- name: Terragrunt plan file_scanning | |
if: ${{ steps.filter.outputs.file_scanning == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/file_scanning" | |
comment-delete: "true" | |
comment-title: "Staging: file_scanning" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on kms | |
- name: Terragrunt plan sns | |
if: ${{ steps.filter.outputs.sns == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/sns" | |
comment-delete: "true" | |
comment-title: "Staging: sns" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Install Cognito Lambda deps | |
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/cognito/lambda/deps.sh install | |
- name: Terragrunt plan cognito | |
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/cognito" | |
comment-delete: "true" | |
comment-title: "Staging: cognito" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Remove Cognito Lambda deps | |
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/cognito/lambda/deps.sh delete | |
- name: Terragrunt plan network | |
if: ${{ steps.filter.outputs.network == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/network" | |
comment-delete: "true" | |
comment-title: "Staging: network" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan dynamodb | |
if: ${{ steps.filter.outputs.dynamodb == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/dynamodb" | |
comment-delete: "true" | |
comment-title: "Staging: dynamodb" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on network | |
- name: Terragrunt plan load_balancer | |
if: ${{ steps.filter.outputs.load_balancer == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/load_balancer" | |
comment-delete: "true" | |
comment-title: "Staging: load_balancer" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan redis | |
if: ${{ steps.filter.outputs.redis == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/redis" | |
comment-delete: "true" | |
comment-title: "Staging: redis" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan rds | |
if: ${{ steps.filter.outputs.rds == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/rds" | |
comment-delete: "true" | |
comment-title: "Staging: rds" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
# Depends on everything | |
- name: Terragrunt plan app | |
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/app" | |
comment-delete: "true" | |
comment-title: "Staging: app" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Install Lambda deps | |
if: ${{ steps.filter.outputs.lambdas == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/lambdas/code/deps.sh install | |
- name: Terragrunt plan lambdas | |
if: ${{ steps.filter.outputs.lambdas == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/lambdas" | |
comment-delete: "true" | |
comment-title: "Staging: lambdas" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Remove Lambda deps | |
if: ${{ steps.filter.outputs.lambdas == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/lambdas/code/deps.sh delete | |
- name: Install Lambda Alarms deps | |
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/alarms/lambda/deps.sh install | |
- name: Terragrunt plan alarms | |
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/alarms" | |
comment-delete: "true" | |
comment-title: "Staging: alarms" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Remove Lambda Alarms deps | |
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }} | |
run: ./aws/alarms/lambda/deps.sh delete | |
- name: Build Load Testing Lambda Container | |
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }} | |
working-directory: aws/load_testing/lambda | |
run: docker build -t load_testing_lambda:latest . | |
- name: Terragrunt plan load_testing | |
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }} | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/load_testing" | |
comment-delete: "true" | |
comment-title: "Staging: load_testing" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" | |
- name: Terragrunt plan pr_review | |
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7 | |
with: | |
directory: "env/cloud/pr_review" | |
comment-delete: "true" | |
comment-title: "Staging: pr_review" | |
github-token: "${{ secrets.GITHUB_TOKEN }}" | |
terragrunt: "true" |