From e4b91f0e072c1e5dd1d24015cab3a7c1a1f601bf Mon Sep 17 00:00:00 2001 From: Chris Taylor Date: Thu, 29 Jan 2026 10:15:29 -0600 Subject: [PATCH] feat: add fine-grained pre/post commands to terragrunt workflows --- .../reusable-terragrunt-deploy-aws.yml | 127 +++++++++++------ .../reusable-terragrunt-deploy-azure.yml | 117 ++++++++++------ ...usable-terragrunt-deploy-ephemeral-aws.yml | 130 +++++++++++------- ...sable-terragrunt-destroy-ephemeral-aws.yml | 75 +++++----- .../reusable-terragrunt-plan-only-aws.yml | 79 ++++++----- .../reusable-terragrunt-plan-only-azure.yml | 65 +++++---- 6 files changed, 362 insertions(+), 231 deletions(-) diff --git a/.github/workflows/reusable-terragrunt-deploy-aws.yml b/.github/workflows/reusable-terragrunt-deploy-aws.yml index 1ef1438..da92972 100644 --- a/.github/workflows/reusable-terragrunt-deploy-aws.yml +++ b/.github/workflows/reusable-terragrunt-deploy-aws.yml @@ -4,49 +4,74 @@ on: workflow_call: inputs: git_branch: - description: 'Branch triggering this destroy.' + description: "Branch triggering this destroy." required: true type: string tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string + description: "Version of Terraform to utilize" + required: true + default: "1.5.5" + type: string tg_version: - description: 'Version of Terragrunt to utilize' + description: "Version of Terragrunt to utilize" required: true - default: '0.54.11' + default: "0.54.11" type: string gh_environment: - description: 'GitHub Environment to deploy to (e.g. test, production). If not supplied, will be set from the environment input.' + description: "GitHub Environment to deploy to (e.g. test, production). If not supplied, will be set from the environment input." required: false type: string environments_root: - description: 'Root folder containing all environments' + description: "Root folder containing all environments" required: false - default: 'platform' + default: "platform" type: string environment: - description: 'Environment (subfolder of environments_root, e.g. test) to deploy' + description: "Environment (subfolder of environments_root, e.g. test) to deploy" required: true type: string region: - description: 'Region within the environment (e.g. us-east-1) to deploy' + description: "Region within the environment (e.g. us-east-1) to deploy" required: true type: string env_id: - description: 'Instance within the region (e.g. 000) to deploy.' + description: "Instance within the region (e.g. 000) to deploy." required: true type: string - extra_setup_commands: - description: 'Extra setup commands to run prior to executing Terragrunt.' + before_plan_commands: + description: "Commands to run prior to executing Terragrunt plan." + required: false + type: string + default: "" + before_deploy_commands: + description: "Commands to run prior to executing Terragrunt apply." + required: false + type: string + default: "" + before_shared_commands: + description: "Commands to run prior to both Terragrunt plan and apply. These are applied after before_plan_commands and before_deploy_commands." + required: false + type: string + default: "" + after_plan_commands: + description: "Commands to run after executing Terragrunt plan." + required: false + type: string + default: "" + after_deploy_commands: + description: "Commands to run after executing Terragrunt apply." + required: false + type: string + default: "" + after_shared_commands: + description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands." required: false type: string - default: '' + default: "" permissions: - id-token: write - contents: read + id-token: write + contents: read jobs: deploy: @@ -73,45 +98,57 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | - set -x - echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" - echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" + set -x + echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" + echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" - name: Plan id: plan uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} + AWS_REGION: ${{ inputs.region }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_plan_commands }} + INPUT_PRE_EXEC_2: | + ${{ inputs.before_shared_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_plan_commands }} + INPUT_POST_EXEC_1: | + ${{ inputs.after_shared_commands }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} + TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" - name: Deploy uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} + AWS_REGION: ${{ inputs.region }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_deploy_commands }} + INPUT_PRE_EXEC_2: | + ${{ inputs.before_shared_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_deploy_commands }} + INPUT_POST_EXEC_1: | + ${{ inputs.after_shared_commands }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} + TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" diff --git a/.github/workflows/reusable-terragrunt-deploy-azure.yml b/.github/workflows/reusable-terragrunt-deploy-azure.yml index 328e82b..d5885bb 100644 --- a/.github/workflows/reusable-terragrunt-deploy-azure.yml +++ b/.github/workflows/reusable-terragrunt-deploy-azure.yml @@ -4,41 +4,66 @@ on: workflow_call: inputs: git_branch: - description: 'Branch triggering this destroy.' + description: "Branch triggering this destroy." required: true type: string tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string + description: "Version of Terraform to utilize" + required: true + default: "1.5.5" + type: string tg_version: - description: 'Version of Terragrunt to utilize' + description: "Version of Terragrunt to utilize" required: true - default: '0.77.22' + default: "0.77.22" type: string environments_root: - description: 'Root folder containing all environments' + description: "Root folder containing all environments" required: false - default: 'platform' + default: "platform" type: string environment: - description: 'Environment (subfolder of environments_root, e.g. test) to deploy' + description: "Environment (subfolder of environments_root, e.g. test) to deploy" required: true type: string region: - description: 'Region within the environment (e.g. eastus2) to deploy' + description: "Region within the environment (e.g. eastus2) to deploy" required: true type: string env_id: - description: 'Instance within the region (e.g. 000) to deploy.' + description: "Instance within the region (e.g. 000) to deploy." required: true type: string - extra_setup_commands: - description: 'Extra setup commands to run prior to executing Terragrunt.' + before_plan_commands: + description: "Commands to run prior to executing Terragrunt plan." + required: false + type: string + default: "" + before_deploy_commands: + description: "Commands to run prior to executing Terragrunt apply." + required: false + type: string + default: "" + before_shared_commands: + description: "Commands to run prior to both Terragrunt plan and apply. These are applied after before_plan_commands and before_deploy_commands." + required: false + type: string + default: "" + after_plan_commands: + description: "Commands to run after executing Terragrunt plan." + required: false + type: string + default: "" + after_deploy_commands: + description: "Commands to run after executing Terragrunt apply." + required: false + type: string + default: "" + after_shared_commands: + description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands." required: false type: string - default: '' + default: "" secrets: TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID: required: true @@ -78,39 +103,51 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | - set -x - repo=$(echo "${{ github.repository }}" | cut -d "/" -f 2) - echo "SYSTEM_TAGS={\"Organization\":\"${{ github.repository_owner }}\",\"Repository\":\"$repo\",\"Branch\":\"${{ inputs.git_branch }}\",\"CommitHash\":\"${{ github.sha }}\"}" >> "$GITHUB_OUTPUT" + set -x + repo=$(echo "${{ github.repository }}" | cut -d "/" -f 2) + echo "SYSTEM_TAGS={\"Organization\":\"${{ github.repository_owner }}\",\"Repository\":\"$repo\",\"Branch\":\"${{ inputs.git_branch }}\",\"CommitHash\":\"${{ github.sha }}\"}" >> "$GITHUB_OUTPUT" - name: Plan id: plan uses: gruntwork-io/terragrunt-action@v3 env: - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} - ARM_USE_OIDC: true - TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_plan_commands }} + INPUT_PRE_EXEC_2: | + ${{ inputs.before_shared_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_plan_commands }} + INPUT_POST_EXEC_1: | + ${{ inputs.after_shared_commands }} + ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} + ARM_USE_OIDC: true + TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} with: - tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "plan -out=${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" - name: Deploy uses: gruntwork-io/terragrunt-action@v3 env: - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} - ARM_USE_OIDC: true - TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_deploy_commands }} + INPUT_PRE_EXEC_2: | + ${{ inputs.before_shared_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_deploy_commands }} + INPUT_POST_EXEC_1: | + ${{ inputs.after_shared_commands }} + ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} + ARM_USE_OIDC: true + TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} with: - tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "apply ${{ inputs.environment }}-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" diff --git a/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml b/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml index 501dacd..090a1fa 100644 --- a/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml +++ b/.github/workflows/reusable-terragrunt-deploy-ephemeral-aws.yml @@ -3,45 +3,69 @@ on: workflow_call: inputs: git_branch: - description: 'Branch triggering this deploy.' + description: "Branch triggering this deploy." required: true type: string tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string + description: "Version of Terraform to utilize" + required: true + default: "1.5.5" + type: string tg_version: - description: 'Version of Terragrunt to utilize' + description: "Version of Terragrunt to utilize" required: true - default: '0.54.11' + default: "0.54.11" type: string assume_role_arn: - description: 'ARN of the role to assume prior to Terragrunt invocation. Terragrunt may use this role to assume other roles if configured to do so.' + description: "ARN of the role to assume prior to Terragrunt invocation. Terragrunt may use this role to assume other roles if configured to do so." required: true type: string region: - description: 'Region within the environment (e.g. us-east-1) to deploy' + description: "Region within the environment (e.g. us-east-1) to deploy" required: true type: string environments_root: - description: 'Root folder containing all environments' + description: "Root folder containing all environments" required: false - default: 'platform' + default: "platform" type: string env_id: - description: 'Instance within the region (e.g. 000) to deploy.' + description: "Instance within the region (e.g. 000) to deploy." required: true type: string - extra_setup_commands: - description: 'Extra setup commands to run prior to executing Terragrunt.' + before_plan_commands: + description: "Commands to run prior to executing Terragrunt plan." required: false type: string - default: '' - + default: "" + before_deploy_commands: + description: "Commands to run prior to executing Terragrunt apply." + required: false + type: string + default: "" + before_shared_commands: + description: "Commands to run prior to both Terragrunt plan and apply. These are applied after before_plan_commands and before_deploy_commands." + required: false + type: string + default: "" + after_plan_commands: + description: "Commands to run after executing Terragrunt plan." + required: false + type: string + default: "" + after_deploy_commands: + description: "Commands to run after executing Terragrunt apply." + required: false + type: string + default: "" + after_shared_commands: + description: "Commands to run after both Terragrunt plan and apply. These are applied after after_plan_commands and after_deploy_commands." + required: false + type: string + default: "" permissions: - id-token: write - contents: read + id-token: write + contents: read jobs: deploy: @@ -61,48 +85,60 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | - set -x - echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" - echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" + set -x + echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" + echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" - name: Plan id: plan uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} - GIT_BRANCH: ${{ inputs.git_branch }} + AWS_REGION: ${{ inputs.region }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_plan_commands }} + INPUT_PRE_EXEC_2: | + ${{ inputs.before_shared_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_plan_commands }} + INPUT_POST_EXEC_1: | + ${{ inputs.after_shared_commands }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} + TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} + GIT_BRANCH: ${{ inputs.git_branch }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: '${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'plan -out=ephemeral-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + tg_dir: "${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "plan -out=ephemeral-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" - name: Deploy id: deploy uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} - GIT_BRANCH: ${{ inputs.git_branch }} + AWS_REGION: ${{ inputs.region }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_deploy_commands }} + INPUT_PRE_EXEC_2: | + ${{ inputs.before_shared_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_deploy_commands }} + INPUT_POST_EXEC_1: | + ${{ inputs.after_shared_commands }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} + TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} + GIT_BRANCH: ${{ inputs.git_branch }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: '${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'apply ephemeral-${{ inputs.region }}-${{ inputs.env_id }}.tfplan' + tg_dir: "${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "apply ephemeral-${{ inputs.region }}-${{ inputs.env_id }}.tfplan" diff --git a/.github/workflows/reusable-terragrunt-destroy-ephemeral-aws.yml b/.github/workflows/reusable-terragrunt-destroy-ephemeral-aws.yml index 7ab5e70..c04063e 100644 --- a/.github/workflows/reusable-terragrunt-destroy-ephemeral-aws.yml +++ b/.github/workflows/reusable-terragrunt-destroy-ephemeral-aws.yml @@ -3,45 +3,50 @@ on: workflow_call: inputs: git_branch: - description: 'Branch triggering this destroy.' + description: "Branch triggering this destroy." required: true type: string tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string + description: "Version of Terraform to utilize" + required: true + default: "1.5.5" + type: string tg_version: - description: 'Version of Terragrunt to utilize' + description: "Version of Terragrunt to utilize" required: true - default: '0.54.11' + default: "0.54.11" type: string assume_role_arn: - description: 'ARN of the role to assume prior to Terragrunt invocation. Terragrunt may use this role to assume other roles if configured to do so.' + description: "ARN of the role to assume prior to Terragrunt invocation. Terragrunt may use this role to assume other roles if configured to do so." required: true type: string region: - description: 'Region within the sandbox environment (e.g. us-east-1) to destroy' + description: "Region within the sandbox environment (e.g. us-east-1) to destroy" required: true type: string environments_root: - description: 'Root folder containing all environments' + description: "Root folder containing all environments" required: false - default: 'platform' + default: "platform" type: string env_id: - description: 'Instance within the region (e.g. 000) to destroy.' + description: "Instance within the region (e.g. 000) to destroy." required: true type: string - extra_setup_commands: - description: 'Extra setup commands to run prior to executing Terragrunt.' + before_destroy_commands: + description: "Commands to run prior to executing Terragrunt destroy." + required: false + type: string + default: "" + after_destroy_commands: + description: "Commands to run after executing Terragrunt destroy." required: false type: string - default: '' + default: "" permissions: - id-token: write - contents: read + id-token: write + contents: read jobs: destroy: @@ -61,27 +66,29 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | - set -x - echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" - echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" + set -x + echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" + echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" - name: Destroy uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} - GIT_BRANCH: ${{ inputs.git_branch }} + AWS_REGION: ${{ inputs.region }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_destroy_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_destroy_commands }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} + TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} + GIT_BRANCH: ${{ inputs.git_branch }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: '${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'destroy' + tg_dir: "${{ inputs.environments_root }}/sandbox/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "destroy" diff --git a/.github/workflows/reusable-terragrunt-plan-only-aws.yml b/.github/workflows/reusable-terragrunt-plan-only-aws.yml index fc25c54..892013d 100644 --- a/.github/workflows/reusable-terragrunt-plan-only-aws.yml +++ b/.github/workflows/reusable-terragrunt-plan-only-aws.yml @@ -4,49 +4,54 @@ on: workflow_call: inputs: git_branch: - description: 'Branch triggering this plan' + description: "Branch triggering this plan" required: true type: string tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string + description: "Version of Terraform to utilize" + required: true + default: "1.5.5" + type: string tg_version: - description: 'Version of Terragrunt to utilize' + description: "Version of Terragrunt to utilize" required: true - default: '0.54.11' + default: "0.54.11" type: string assume_role_arn: - description: 'ARN of the role to assume prior to Terragrunt invocation. Terragrunt may use this role to assume other roles if configured to do so.' - required: true - type: string + description: "ARN of the role to assume prior to Terragrunt invocation. Terragrunt may use this role to assume other roles if configured to do so." + required: true + type: string environments_root: - description: 'Root folder containing all environments' + description: "Root folder containing all environments" required: false - default: 'platform' + default: "platform" type: string environment: - description: 'Environment (subfolder of environments_root, e.g. test) to plan' + description: "Environment (subfolder of environments_root, e.g. test) to plan" required: true type: string region: - description: 'Region within the environment (e.g. us-east-1) to plan' + description: "Region within the environment (e.g. us-east-1) to plan" required: true type: string env_id: - description: 'Instance within the region (e.g. 000) to plan' + description: "Instance within the region (e.g. 000) to plan" required: true type: string - extra_setup_commands: - description: 'Extra setup commands to run prior to executing Terragrunt.' + before_plan_commands: + description: "Commands to run prior to executing Terragrunt plan." + required: false + type: string + default: "" + after_plan_commands: + description: "Commands to run after executing Terragrunt plan." required: false type: string - default: '' + default: "" permissions: - id-token: write - contents: read + id-token: write + contents: read jobs: plan: @@ -66,27 +71,29 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | - set -x - echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" - echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" - echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" + set -x + echo "TF_VAR_organization_tag=${{ github.repository_owner }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_repository_tag=$(echo "${{ github.repository }}" | cut -d "/" -f 2)" >> "$GITHUB_OUTPUT" + echo "TF_VAR_commit_hash_tag=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "TF_VAR_branch_tag=${{ inputs.git_branch }}" >> "$GITHUB_OUTPUT" - name: Plan id: plan uses: gruntwork-io/terragrunt-action@aee21a7df999be8b471c2a8564c6cd853cb674e1 env: - AWS_REGION: ${{ inputs.region }} - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} - TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} - TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} - TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} + AWS_REGION: ${{ inputs.region }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_plan_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_plan_commands }} + TF_VAR_organization_tag: ${{ steps.set-tags.outputs.TF_VAR_organization_tag }} + TF_VAR_repository_tag: ${{ steps.set-tags.outputs.TF_VAR_repository_tag }} + TF_VAR_commit_hash_tag: ${{ steps.set-tags.outputs.TF_VAR_commit_hash_tag }} + TF_VAR_branch_tag: ${{ steps.set-tags.outputs.TF_VAR_branch_tag }} with: tf_version: ${{ inputs.tf_version }} tg_version: ${{ inputs.tg_version }} - tg_dir: '${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'plan' + tg_dir: "${{ inputs.environments_root }}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "plan" diff --git a/.github/workflows/reusable-terragrunt-plan-only-azure.yml b/.github/workflows/reusable-terragrunt-plan-only-azure.yml index eacf68a..68f91f5 100644 --- a/.github/workflows/reusable-terragrunt-plan-only-azure.yml +++ b/.github/workflows/reusable-terragrunt-plan-only-azure.yml @@ -4,41 +4,46 @@ on: workflow_call: inputs: git_branch: - description: 'Branch triggering this plan' + description: "Branch triggering this plan" required: true type: string tf_version: - description: 'Version of Terraform to utilize' - required: true - default: '1.5.5' - type: string + description: "Version of Terraform to utilize" + required: true + default: "1.5.5" + type: string tg_version: - description: 'Version of Terragrunt to utilize' + description: "Version of Terragrunt to utilize" required: true - default: '0.77.22' + default: "0.77.22" type: string environments_root: - description: 'Root folder containing all environments' + description: "Root folder containing all environments" required: false - default: 'platform' + default: "platform" type: string environment: - description: 'Environment (subfolder of environments_root, e.g. test) to plan' + description: "Environment (subfolder of environments_root, e.g. test) to plan" required: true type: string region: - description: 'Region within the environment (e.g. eastus2) to plan' + description: "Region within the environment (e.g. eastus2) to plan" required: true type: string env_id: - description: 'Instance within the region (e.g. 000) to plan' + description: "Instance within the region (e.g. 000) to plan" required: true type: string - extra_setup_commands: - description: 'Extra setup commands to run prior to executing Terragrunt.' + before_plan_commands: + description: "Commands to run prior to executing Terragrunt plan." + required: false + type: string + default: "" + after_plan_commands: + description: "Commands to run after executing Terragrunt plan." required: false type: string - default: '' + default: "" secrets: TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID: required: true @@ -78,23 +83,25 @@ jobs: - name: "Set default Terraform Tags" id: set-tags run: | - set -x - repo=$(echo "${{ github.repository }}" | cut -d "/" -f 2) - echo "SYSTEM_TAGS={\"Organization\":\"${{ github.repository_owner }}\",\"Repository\":\"$repo\",\"Branch\":\"${{ inputs.git_branch }}\",\"CommitHash\":\"${{ github.sha }}\"}" >> "$GITHUB_OUTPUT" + set -x + repo=$(echo "${{ github.repository }}" | cut -d "/" -f 2) + echo "SYSTEM_TAGS={\"Organization\":\"${{ github.repository_owner }}\",\"Repository\":\"$repo\",\"Branch\":\"${{ inputs.git_branch }}\",\"CommitHash\":\"${{ github.sha }}\"}" >> "$GITHUB_OUTPUT" - name: Plan id: plan uses: gruntwork-io/terragrunt-action@v3 env: - INPUT_PRE_EXEC_0: | - sudo apt update -yqq && sudo apt install python3 -yqq - INPUT_PRE_EXEC_1: | - ${{ inputs.extra_setup_commands }} - ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} - ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} - ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} - ARM_USE_OIDC: true - TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} + INPUT_PRE_EXEC_0: | + sudo apt update -yqq && sudo apt install python3 -yqq + INPUT_PRE_EXEC_1: | + ${{ inputs.before_plan_commands }} + INPUT_POST_EXEC_0: | + ${{ inputs.after_plan_commands }} + ARM_CLIENT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_CLIENT_ID }} + ARM_SUBSCRIPTION_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_SUBSCRIPTION_ID }} + ARM_TENANT_ID: ${{ secrets.TERRAGRUNT_DEPLOY_AZURE_TENANT_ID }} + ARM_USE_OIDC: true + TF_VAR_system_tags: ${{ steps.set-tags.outputs.SYSTEM_TAGS }} with: - tg_dir: '${{inputs.environments_root}}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}' - tg_command: 'plan' + tg_dir: "${{inputs.environments_root}}/${{ inputs.environment }}/${{ inputs.region }}/${{ inputs.env_id }}" + tg_command: "plan"