Aesthetic improvements to release workflows (#215)

* Clean up release-process.md * Rename shared Github Action workflows in noun-action.yml format, so when sorted alphabetically common workflows are grouped together. * Use the Terraform cli to create a plan via dflook/terraform-plan, which should produce a nicer PR comment than the prior manual approach. * Fix working directories * Remove unnecessary testing pr branch * Pass credentials as env vars
GSA-TTS · Jun 19, 2024 · 5c819f1 · 5c819f1
1 parent 3f5540e
commit 5c819f1
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 46 deletions.
diff --git a/.github/workflows/_build-docker-image.yml → .github/workflows/_docker-build-image.yml b/.github/workflows/_build-docker-image.yml → .github/workflows/_docker-build-image.yml
diff --git a/.github/workflows/_create-pr-to-branch.yml → .github/workflows/_pr-create.yml b/.github/workflows/_create-pr-to-branch.yml → .github/workflows/_pr-create.yml
diff --git a/.github/workflows/_terraform-plan-pr-comment.yml b/.github/workflows/_terraform-plan-pr-comment.yml
@@ -7,12 +7,14 @@ on:
         required: true
         type: string
 
-env:
-  DEPLOY_ENV: ${{ inputs.deploy-env }}
-
 jobs:
   terraform:
     runs-on: ubuntu-latest
+    env:
+      DEPLOY_ENV: ${{ inputs.deploy-env }}
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -53,8 +55,8 @@ jobs:
 
       - name: Initialize Terraform CDK configuration
         shell: bash
+        working-directory: infra
         run: |
-          cd infra
           pnpm cdktf get
           pnpm build:tsc
 
@@ -67,39 +69,20 @@ jobs:
         run: |
           cf api https://api.fr.cloud.gov
 
-      - name: Show Terraform plan
-        id: show_plan
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        shell: bash
-        run: |
-          output=$(DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf diff --no-color --app "npx ts-node src/index.ts")
-          echo "${output}"
-          echo "stdout<<nEOFn" >> $GITHUB_OUTPUT
-          echo "${output}" >> $GITHUB_OUTPUT
-          echo "nEOFn" >> $GITHUB_OUTPUT
+      - name: Synthesize Terraform configuration
         working-directory: infra
+        run: |
+          DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf synth
 
-      - name: Find Comment
-        uses: peter-evans/find-comment@v3
-        id: find_comment
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          comment-author: 'github-actions[bot]'
-          body-includes: '<!-- terraform-plan-comment -->'
+      - name: Get Terraform stack name
+        id: get_stack_name
+        working-directory: infra
+        run: |
+          DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf output --outputs-file outputs.json
+          echo "stack_name=$(jq -r 'keys[0]' outputs.json)" >> $GITHUB_OUTPUT
 
-      - name: Create or update PR comment with Terraform plan
-        uses: peter-evans/create-or-update-comment@v4
+      - name: Create Terraform plan
+        uses: dflook/terraform-plan@v1
         with:
-          comment-id: ${{ steps.find_comment.outputs.comment-id }}
-          issue-number: ${{ github.event.pull_request.number }}
-          token: ${{ secrets.GITHUB_TOKEN }}
-          repository: ${{ github.repository }}
-          body: |
-            <!-- terraform-plan-comment -->
-            **Terraform Plan**
-            ```terraform
-            ${{ steps.show_plan.outputs.stdout }}
-            ```
-          edit-mode: replace
+          path: infra/cdktf.out/stacks/${{ steps.get_stack_name.outputs.stack_name }}
+          label: ${{ steps.get_stack_name.outputs.stack_name }}
diff --git a/.github/workflows/_apply-terraform.yml → .github/workflows/_terraform_apply.yml b/.github/workflows/_apply-terraform.yml → .github/workflows/_terraform_apply.yml
@@ -53,8 +53,8 @@ jobs:
 
       - name: Initialize Terraform CDK configuration
         shell: bash
+        working-directory: infra
         run: |
-          cd infra
           pnpm cdktf get
           pnpm build:tsc
 
@@ -68,7 +68,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         shell: bash
+        working-directory: infra
         run: |
-          cd infra
           cf api https://api.fr.cloud.gov
           DEPLOY_ENV=${DEPLOY_ENV} pnpm cdktf deploy --auto-approve
diff --git a/.github/workflows/add-terraform-plan-to-pr.yml b/.github/workflows/add-terraform-plan-to-pr.yml
@@ -1,4 +1,4 @@
-name: Add Terraform CDK plan as comment on pull request
+name: Post Terraform plan to PR comment
 
 on:
   pull_request:

diff --git a/.github/workflows/create-pr-to-staging.yml b/.github/workflows/create-pr-to-staging.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   create-pr-to-staging:
-    uses: ./.github/workflows/_create-pr-to-branch.yml
+    uses: ./.github/workflows/_pr-create.yml
     secrets: inherit
     with:
       base: staging
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -9,20 +9,20 @@ on:
 
 jobs:
   build-image-doj:
-    uses: ./.github/workflows/_build-docker-image.yml
+    uses: ./.github/workflows/_docker-build-image.yml
     secrets: inherit
     with:
       app-name: doj-demo
 
   build-image-spotlight:
-    uses: ./.github/workflows/_build-docker-image.yml
+    uses: ./.github/workflows/_docker-build-image.yml
     secrets: inherit
     with:
       app-name: spotlight
 
   deploy:
     needs: [build-image-doj, build-image-spotlight]
-    uses: ./.github/workflows/_apply-terraform.yml
+    uses: ./.github/workflows/_terraform-apply.yml
     secrets: inherit
     with:
       deploy-env: ${{ github.ref_name }}
diff --git a/documents/release-process.md b/documents/release-process.md
@@ -3,12 +3,12 @@
 There are currently two environments:
 
 - `main` (dev, main branch, CI/CD)
-- `staging` (manually deployed via a release tag)
+- `staging` (staging branch, merge via release PR)
 
 ## Overview
 
-To promote continuous integration, the 10x Forms Platform uses trunk-based development. In trunk-based development, we collaborate on code in a single, mainline branch.
+To promote continuous integration, the 10x Forms Platform uses trunk-based development. In trunk-based development, we collaborate in a single, mainline branch.
 
 Deployments are managed by Terraform CDK. On merge to main, the [../.github/workflows/deploy.yml](../.github/workflows/deploy.yml) Github Action workflow builds Docker images for each app in the repository, pushes them to [ghcr.io](https://github.com/orgs/GSA-TTS/packages?repo_name=atj-platform), and deploys to the dev environment (`gsa-tts-10x-atj-dev`).
 
-When commits are made to main, the [../.github/workflows/create-pr-to-staging.yml](../.github/workflows/create-pr-to-staging.yml) workflow creates a PR to deploy to the staging environment, if it doesn't already exist.
+When commits are made to main, the [../.github/workflows/create-pr-to-staging.yml](../.github/workflows/create-pr-to-staging.yml) workflow creates a PR to merge from `main` to the `staging` branch, if it doesn't already exist. On merge, the staging environment will be deployed.