Support plan mode deployment

.github/workflows/deploy_tre.yml

@@ -16,6 +16,11 @@ on:  # yamllint disable-line rule:truthy
         type: environment
         default: CICD
         required: true
+      DEPLOY_MODE:
+        description: The deployment mode to use (plan or apply)
+        type: string
+        default: apply
+        required: true
 
 # This will prevent multiple runs of this entire workflow.
 # We should NOT cancel in progress runs as that can destabilize the environment.
@@ -38,6 +43,7 @@ jobs:
       environmentName: ${{ github.event.inputs.environment || 'CICD' }}
       E2E_TESTS_NUMBER_PROCESSES: 1
       DEVCONTAINER_TAG: 'latest'
+      DEPLOY_MODE: ${{ github.event.inputs.DEPLOY_MODE }}
     secrets:
       AAD_TENANT_ID: ${{ secrets.AAD_TENANT_ID }}
       ACR_NAME: ${{ secrets.ACR_NAME }}

devops/scripts/terraform_wrapper.sh

@@ -5,7 +5,7 @@ set -e
 function usage() {
     cat <<USAGE
 
-    Usage: $0 [-g | --mgmt-resource-group-name ]  [-s | --mgmt-storage-account-name] [-n | --state-container-name] [-k | --key] [-c | --cmd] [-l | --logfile]
+    Usage: $0 [-g | --mgmt-resource-group-name ]  [-s | --mgmt-storage-account-name] [-n | --state-container-name] [-k | --key] [-c | --cmd] [-l | --logfile] [-d | --deploy-mode]
 
     Options:
         -g, --mgmt-resource-group-name      Management resource group name
@@ -14,6 +14,7 @@ function usage() {
         -k, --key                           Key
         -c, --cmd                           Command to execute
         -l, --logfile                       Log file to write output to
+        -d, --deploy-mode                   Deployment mode (plan or apply)
 USAGE
     exit 1
 }
@@ -49,6 +50,10 @@ while [ "$1" != "" ]; do
         shift
         tf_logfile=$1
         ;;
+    -d | --deploy-mode)
+        shift
+        deploy_mode=$1
+        ;;
     *)
         usage
         ;;
@@ -91,18 +96,31 @@ if [[ -z ${tf_logfile+x} ]]; then
     echo -e "No logfile provided, using ${tf_logfile}\n"
 fi
 
+if [[ -z ${deploy_mode+x} ]]; then
+    deploy_mode="apply"
+    echo -e "No deploy mode provided, using ${deploy_mode}\n"
+fi
+
 terraform init -input=false -backend=true -reconfigure \
     -backend-config="resource_group_name=${mgmt_resource_group_name}" \
     -backend-config="storage_account_name=${mgmt_storage_account_name}" \
     -backend-config="container_name=${container_name}" \
     -backend-config="key=${key}"
 
+if [[ ${DEPLOY_MODE} == "plan" ]]; then
+    tf_command="terraform plan -out=tfplan && terraform show -json tfplan > plan_output.json"
+fi
+
 RUN_COMMAND=1
 while [ $RUN_COMMAND = 1 ]
 do
     RUN_COMMAND=0
     TF_CMD="$tf_command"
 
+    if [ "$deploy_mode" == "plan" ]; then
+        TF_CMD="terraform plan -out=tfplan && terraform show -json tfplan > plan_output.json"
+    fi
+
     script -c "$TF_CMD" "$tf_logfile"
 
     # upload the log file?
@@ -128,3 +146,6 @@ do
 done
 
 
+if [ "$deploy_mode" == "plan" ]; then
+    echo "Terraform plan output saved to plan_output.json"
+fi

docs/tre-admins/setup-instructions/manual-deployment.md

@@ -71,6 +71,52 @@ Open your browser and navigate to the `/api/docs` route of the API:  `https://<a
 
 ![Swagger UI](../../assets/quickstart_swaggerui.png)
 
+
+## Using the DEPLOY_MODE variable
+
+The `DEPLOY_MODE` variable allows you to control whether the deployment runs in 'plan' mode or 'apply' mode. In 'plan' mode, the terraform plan is generated and can be reviewed before applying. In 'apply' mode, the terraform plan is applied directly.
+
+### Setting the DEPLOY_MODE variable
+
+To set the `DEPLOY_MODE` variable, use the following commands:
+
+```bash
+export DEPLOY_MODE=plan
+```
+
+or
+
+```bash
+export DEPLOY_MODE=apply
+```
+
+### Example usage
+
+To run the deployment in 'plan' mode:
+=======
+## Using the `DEPLOY_MODE` variable
+
+To use the `DEPLOY_MODE` variable, follow these steps:
+
+1. Set the `DEPLOY_MODE` variable to either `plan` or `apply` depending on your desired deployment mode.
+2. Run the deployment command with the `DEPLOY_MODE` variable set.
+
+Example:
+```bash
+export DEPLOY_MODE=plan
+make all
+```
+
+To run the deployment in 'apply' mode:
+
+```bash
+export DEPLOY_MODE=apply
+make all
+```
+=======
+When `DEPLOY_MODE` is set to `plan`, the deployment script will execute the terraform plan without applying it, allowing you to review the changes before deciding to apply them. When `DEPLOY_MODE` is set to `apply`, the deployment script will execute the terraform plan and apply the changes automatically.
+
+
 ## Next steps
 
 * [Configure Shared Services](configuring-shared-services.md)

docs/tre-admins/setup-instructions/workflows.md

@@ -148,7 +148,50 @@ Configure variables used in the deployment workflow:
 | `FIREWALL_SKU` | Optional. The SKU of the Azure Firewall instance. Default value is `Standard`. Allowed values [`Basic`, `Standard`, `Premium`]. See [Azure Firewall SKU feature comparison](https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku). |
 | `APP_GATEWAY_SKU` | Optional. The SKU of the Application Gateway. Default value is `Standard_v2`. Allowed values [`Standard_v2`, `WAF_v2`] |
 
+### Using the DEPLOY_MODE variable
+
+The `DEPLOY_MODE` variable allows you to control whether the deployment runs in 'plan' mode or 'apply' mode. In 'plan' mode, the terraform plan is generated and can be reviewed before applying. In 'apply' mode, the terraform plan is applied directly.
+
+### Setting the DEPLOY_MODE variable
+
+To set the `DEPLOY_MODE` variable, use the following commands:
+
+```bash
+export DEPLOY_MODE=plan
+```
+
+or
+
+```bash
+export DEPLOY_MODE=apply
+```
+
+### Example usage
+
+To run the deployment in 'plan' mode:
+
+```bash
+export DEPLOY_MODE=plan
+make all
+```
+
+To run the deployment in 'apply' mode:
+
+```bash
+export DEPLOY_MODE=apply
+make all
+```
 
 ### Deploy the TRE using the workflow
 
 With all the repository secrets set, you can trigger a workflow run by pushing to develop/main of your fork, or by dispatching the workflow manually.
+
+To use the `DEPLOY_MODE` variable, follow these steps:
+
+1. Go to the "Actions" tab of your GitHub repository.
+2. Select the `deploy_tre.yml` workflow from the list of workflows.
+3. Click on the "Run workflow" button.
+4. In the "DEPLOY_MODE" input field, enter either `plan` or `apply` depending on your desired deployment mode.
+5. Click on the "Run workflow" button to start the deployment.
+
+When `DEPLOY_MODE` is set to `plan`, the workflow will execute the terraform plan without applying it, allowing you to review the changes before deciding to apply them. When `DEPLOY_MODE` is set to `apply`, the workflow will execute the terraform plan and apply the changes automatically.