Skip to content

fix: async issue with lambda notification logic #2443

fix: async issue with lambda notification logic

fix: async issue with lambda notification logic #2443

name: "Terragrunt plan STAGING"
on:
pull_request:
branches:
- "develop"
paths:
- "aws/**"
- "env/common/**"
- "env/cloud/**"
- ".github/workflows/terragrunt-plan-staging.yml"
permissions:
id-token: write
contents: read
pull-requests: write
env:
APP_ENV: staging
APP_DOMAINS: ${{ vars.STAGING_APP_DOMAINS }}
AWS_ACCOUNT_ID: ${{ vars.STAGING_AWS_ACCOUNT_ID }}
AWS_REGION: ca-central-1
CONFTEST_VERSION: 0.46.0
TERRAFORM_VERSION: 1.6.6
TERRAGRUNT_VERSION: 0.54.8
TF_INPUT: false
TF_VAR_ecs_secret_token: ${{ secrets.STAGING_TOKEN_SECRET }}
TF_VAR_recaptcha_secret: ${{secrets.STAGING_RECAPTCHA_SITE_SECRET}}
TF_VAR_notify_callback_bearer_token: ${{ secrets.STAGING_GC_NOTIFY_CALLBACK_BEARER_TOKEN }}
TF_VAR_notify_api_key: ${{ secrets.STAGING_NOTIFY_API_KEY }}
TF_VAR_freshdesk_api_key: ${{ secrets.STAGING_FRESHDESK_API_KEY }}
TF_VAR_recaptcha_public: 6LfJDN4eAAAAAGvdRF7ZnQ7ciqdo1RQnQDFmh0VY
TF_VAR_rds_db_password: ${{ secrets.STAGING_DB_PASSWORD }}
TF_VAR_slack_webhook: ${{ secrets.STAGING_SLACK_WEBHOOK }}
TF_VAR_opsgenie_api_key: ${{ secrets.STAGING_OPSGENIE_API_KEY }}
TF_VAR_gc_temp_token_template_id: b6885d06-d10a-422a-973f-05e274d9aa86
TF_VAR_gc_template_id: 8d597a1b-a1d6-4e3c-8421-042a2b4158b7
TF_VAR_cognito_code_template_id: 12a18f84-062c-4a67-8310-bf114af051ea
TF_VAR_email_address_contact_us: ${{ vars.STAGING_CONTACT_US_EMAIL }}
TF_VAR_email_address_support: ${{ vars.STAGING_SUPPORT_EMAIL }}
jobs:
terragrunt-plan:
if: ${{!startsWith(github.head_ref , 'release-please--')}}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
# https://github.com/jlumbroso/free-disk-space/tree/54081f138730dfa15788a46383842cd2f914a1be#example
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
# all of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: true
swap-storage: true
# Setup Terraform, Terragrunt, and Conftest
- name: Setup terraform tools
uses: cds-snc/terraform-tools-setup@v1
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/forms-terraform-plan
role-session-name: TFPlan
aws-region: ${{ env.AWS_REGION }}
- uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # tag=v2.10.4
id: filter
with:
filters: |
alarms:
- 'aws/alarms/**'
- 'env/cloud/alarms/**'
app:
- 'aws/app/**'
- 'env/cloud/app/**'
cognito:
- 'aws/cognito/**'
- 'env/cloud/cognito/**'
common:
- '.github/workflows/terragrunt-plan-staging.yml'
- 'env/common/**'
- 'env/terragrunt.hcl'
dynamodb:
- 'aws/dynamodb/**'
- 'env/cloud/dynamodb/**'
ecr:
- 'aws/ecr/**'
- 'env/cloud/ecr/**'
hosted_zone:
- 'aws/hosted_zone/**'
- 'env/cloud/hosted_zone/**'
kms:
- 'aws/kms/**'
- 'env/cloud/kms/**'
lambdas:
- 'aws/lambdas/**'
- 'env/cloud/lambdas/**'
load_balancer:
- 'aws/load_balancer/**'
- 'env/cloud/load_balancer/**'
load_testing:
- 'aws/load_testing/**'
- 'env/cloud/load_testing/**'
network:
- 'aws/network/**'
- 'env/cloud/network/**'
oidc_roles:
- 'aws/oidc_roles/**'
- 'env/cloud/oidc_roles/**'
rds:
- 'aws/rds/**'
- 'env/cloud/rds/**'
redis:
- 'aws/redis/**'
- 'env/cloud/redis/**'
s3:
- 'aws/s3/**'
- 'env/cloud/s3/**'
file_scanning:
- 'aws/file_scanning/**'
- 'env/cloud/file_scanning/**'
secrets:
- 'aws/secrets/**'
- 'env/cloud/secrets/**'
sns:
- 'aws/sns/**'
- 'env/cloud/sns/**'
sqs:
- 'aws/sqs/**'
- 'env/cloud/sqs/**'
# No dependencies
- name: Terragrunt plan ecr
if: ${{ steps.filter.outputs.ecr == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/ecr"
comment-delete: "true"
comment-title: "Staging: ecr"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan hosted_zone
if: ${{ steps.filter.outputs.hosted_zone == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/hosted_zone"
comment-delete: "true"
comment-title: "Staging: hosted_zone"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan kms
if: ${{ steps.filter.outputs.kms == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/kms"
comment-delete: "true"
comment-title: "Staging: kms"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan oidc_roles
if: ${{ steps.filter.outputs.oidc_roles == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/oidc_roles"
comment-delete: "true"
comment-title: "Staging: oidc_roles"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan sqs
if: ${{ steps.filter.outputs.sqs == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/sqs"
comment-delete: "true"
comment-title: "Staging: sqs"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan secrets
if: ${{ steps.filter.outputs.secrets == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/secrets"
comment-delete: "true"
comment-title: "Staging: secrets"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan s3
if: ${{ steps.filter.outputs.s3 == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/s3"
comment-delete: "true"
comment-title: "Staging: s3"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
# Depends on S3
- name: Terragrunt plan file_scanning
if: ${{ steps.filter.outputs.file_scanning == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/file_scanning"
comment-delete: "true"
comment-title: "Staging: file_scanning"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
# Depends on kms
- name: Terragrunt plan sns
if: ${{ steps.filter.outputs.sns == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/sns"
comment-delete: "true"
comment-title: "Staging: sns"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Install Cognito Lambda deps
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/cognito/lambda/deps.sh install
- name: Terragrunt plan cognito
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/cognito"
comment-delete: "true"
comment-title: "Staging: cognito"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Remove Cognito Lambda deps
if: ${{ steps.filter.outputs.cognito == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/cognito/lambda/deps.sh delete
- name: Terragrunt plan network
if: ${{ steps.filter.outputs.network == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/network"
comment-delete: "true"
comment-title: "Staging: network"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan dynamodb
if: ${{ steps.filter.outputs.dynamodb == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/dynamodb"
comment-delete: "true"
comment-title: "Staging: dynamodb"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
# Depends on network
- name: Terragrunt plan load_balancer
if: ${{ steps.filter.outputs.load_balancer == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/load_balancer"
comment-delete: "true"
comment-title: "Staging: load_balancer"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan redis
if: ${{ steps.filter.outputs.redis == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/redis"
comment-delete: "true"
comment-title: "Staging: redis"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan rds
if: ${{ steps.filter.outputs.rds == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/rds"
comment-delete: "true"
comment-title: "Staging: rds"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
# Depends on everything
- name: Terragrunt plan app
if: ${{ steps.filter.outputs.app == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/app"
comment-delete: "true"
comment-title: "Staging: app"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Install Lambda deps
if: ${{ steps.filter.outputs.lambdas == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/lambdas/code/deps.sh install
- name: Terragrunt plan lambdas
if: ${{ steps.filter.outputs.lambdas == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/lambdas"
comment-delete: "true"
comment-title: "Staging: lambdas"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Remove Lambda deps
if: ${{ steps.filter.outputs.lambdas == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/lambdas/code/deps.sh delete
- name: Install Lambda Alarms deps
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/alarms/lambda/deps.sh install
- name: Terragrunt plan alarms
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/alarms"
comment-delete: "true"
comment-title: "Staging: alarms"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Remove Lambda Alarms deps
if: ${{ steps.filter.outputs.alarms == 'true' || steps.filter.outputs.common == 'true' }}
run: ./aws/alarms/lambda/deps.sh delete
- name: Build Load Testing Lambda Container
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }}
working-directory: aws/load_testing/lambda
run: docker build -t load_testing_lambda:latest .
- name: Terragrunt plan load_testing
if: ${{ steps.filter.outputs.load_testing == 'true' || steps.filter.outputs.common == 'true' }}
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/load_testing"
comment-delete: "true"
comment-title: "Staging: load_testing"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"
- name: Terragrunt plan pr_review
uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
with:
directory: "env/cloud/pr_review"
comment-delete: "true"
comment-title: "Staging: pr_review"
github-token: "${{ secrets.GITHUB_TOKEN }}"
terragrunt: "true"