replaced hardcoded variables with environment variables

.github/workflows/deploy-production.yml

@@ -41,6 +41,20 @@ jobs:
     runs-on: ubuntu-latest
     environment: production
     if: needs.detect-changes.outputs.deploy-iac == 'true'
+    env:
+      TF_VAR_region: ${{ vars.AWS_REGION }}
+      TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
+      TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
+      TF_VAR_app_env: ${{ vars.APP_ENV }}
+      TF_VAR_db_encrypted_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
+      TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
+      TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
+      TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
+      TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
+      TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
+      TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
+      TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
+      TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
     steps:
     - uses: actions/checkout@v4
 
@@ -136,6 +150,20 @@ jobs:
     runs-on: ubuntu-latest
     environment: production
     if: needs.detect-changes.outputs.deploy-backend == 'true'
+    env:
+      TF_VAR_region: ${{ vars.AWS_REGION }}
+      TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
+      TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
+      TF_VAR_app_env: ${{ vars.APP_ENV }}
+      TF_VAR_db_encrypted_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
+      TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
+      TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
+      TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
+      TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
+      TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
+      TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
+      TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
+      TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
     steps:
     - uses: actions/checkout@v4
 

.github/workflows/deploy-staging.yml

@@ -7,7 +7,7 @@ concurrency:
 on:
   push:
     branches:
-    - main
+    - add-tf-iac
 
 permissions:
   id-token: write   # This is required for requesting the JWT
@@ -43,6 +43,20 @@ jobs:
     runs-on: ubuntu-latest
     environment: staging
     if: needs.detect-changes.outputs.deploy-iac == 'true'
+    env:
+      TF_VAR_region: ${{ vars.AWS_REGION }}
+      TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
+      TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
+      TF_VAR_app_env: ${{ vars.APP_ENV }}
+      TF_VAR_db_encrypted_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
+      TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
+      TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
+      TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
+      TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
+      TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
+      TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
+      TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
+      TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
     steps:
     - uses: actions/checkout@v4
 
@@ -138,6 +152,20 @@ jobs:
     runs-on: ubuntu-latest
     environment: staging
     if: needs.detect-changes.outputs.deploy-backend == 'true'
+    env:
+      TF_VAR_region: ${{ vars.AWS_REGION }}
+      TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
+      TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
+      TF_VAR_app_env: ${{ vars.APP_ENV }}
+      TF_VAR_db_encrypted_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
+      TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
+      TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
+      TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
+      TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
+      TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
+      TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
+      TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
+      TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
     steps:
     - uses: actions/checkout@v4
 

.github/workflows/validate.yml

@@ -43,6 +43,20 @@ jobs:
     runs-on: ubuntu-latest
     environment: staging
     if: needs.detect-changes.outputs.validate-iac == 'true'
+    env:
+      TF_VAR_region: ${{ vars.AWS_REGION }}
+      TF_VAR_environment: ${{ vars.ENV_SHORT_NAME }}
+      TF_VAR_name_prefix: "tb-${{ vars.PROJECT_SHORT_NAME }}-${{ vars.ENV_SHORT_NAME }}"
+      TF_VAR_app_env: ${{ vars.APP_ENV }}
+      TF_VAR_db_encrypted_secret: ${{ vars.DB_ENCRYPTED_SECRET }}
+      TF_VAR_frontend_url: ${{ vars.FRONTEND_URL }}
+      TF_VAR_fxa_secret: ${{ vars.FXA_SECRET }}
+      TF_VAR_google_oauth_secret: ${{ vars.GOOGLE_OAUTH_SECRET }}
+      TF_VAR_log_level: ${{ vars.LOG_LEVEL }}
+      TF_VAR_short_base_url: ${{ vars.SHORT_BASE_URL }}
+      TF_VAR_smtp_secret: ${{ vars.SMTP_SECRET }}
+      TF_VAR_zoom_callback: ${{ vars.ZOOM_CALLBACK }}
+      TF_VAR_zoom_secret: ${{ vars.zoom_secret }}
     steps:
     - uses: actions/checkout@v4
 

tofu/environments/prod/data-store/cache/terragrunt.hcl

@@ -33,9 +33,9 @@ dependency "backend" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/prod/data-store/database/terragrunt.hcl

@@ -41,9 +41,9 @@ dependency "backend" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/prod/network/vpc/terragrunt.hcl

@@ -13,9 +13,9 @@ terraform {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/prod/services/backend-infra/terragrunt.hcl

@@ -28,9 +28,9 @@ dependency "vpc" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/prod/services/backend-service/terragrunt.hcl

@@ -43,12 +43,24 @@ dependency "database" {
   }
 }
 
+dependency "cache" {
+  config_path = "../../data-store/cache"
+
+  mock_outputs_allowed_terraform_commands = ["init", "validate", "plan"]
+  mock_outputs = {
+    redis_endpoint = "mockcache.serverless.use1.cache.amazonaws.com"
+  }
+}
+
 locals {
-  project          = include.root.locals.project
-  environment      = include.env.locals.environment
-  short_name       = include.root.locals.short_name
-  name_prefix      = "tb-${include.root.locals.short_name}-${include.env.locals.environment}"
-  region           = include.env.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
+  //project          = include.root.locals.project
+  //environment      = include.env.locals.environment
+  short_name = include.root.locals.short_name
+  //name_prefix      = "tb-${include.root.locals.short_name}-${include.env.locals.environment}"
+  //region           = include.env.locals.region
   project_tags     = include.root.locals.tags
   environment_tags = include.env.locals.tags
   tags             = "${merge(local.project_tags, local.environment_tags)}"
@@ -63,17 +75,19 @@ inputs = {
   security_group      = dependency.backend-infra.outputs.security_group_id
   ecs_cluster         = dependency.backend-infra.outputs.cluster_id
   task_execution_role = dependency.vpc.outputs.ecs_execution_role
-  frontend_url        = "https://${local.project}.day"
-  short_base_url      = "https://${local.short_name}.day"
-  app_env             = local.environment
-  sentry_dsn          = "https://5dddca3ecc964284bb8008bc2beef808@o4505428107853824.ingest.sentry.io/4505428124827648"
-  zoom_auth_callback  = "https://${local.project}.day/api/v1/zoom/callback"
+  frontend_url        = get_env("frontend_url")   //"https://${local.project}.day"
+  short_base_url      = get_env("short_base_url") //"https://${local.short_name}.day"
+  app_env             = get_env("app_env")        //local.environment
+  sentry_dsn          = get_env("sentry_dsn")     //"https://5dddca3ecc964284bb8008bc2beef808@o4505428107853824.ingest.sentry.io/4505428124827648"
+  zoom_auth_callback  = get_env("zoom_callback")  //"https://${local.project}.day/api/v1/zoom/callback"
   short_name          = local.short_name
   database_secret     = dependency.database.outputs.db_secret
-  db_enc_secret       = "arn:aws:secretsmanager:us-east-1:768512802988:secret:tb-apmt-production-db-secret-xcaWVh"
-  smtp_secret         = "arn:aws:secretsmanager:us-east-1:768512802988:secret:staging/appointment/socketlabs-UYmjaC"
-  google_oauth_secret = "arn:aws:secretsmanager:us-east-1:768512802988:secret:tb-apmt-production-google-cal-oauth-8x5LUO"
-  zoom_secret         = "arn:aws:secretsmanager:us-east-1:768512802988:secret:staging/appointment/zoom-S862zi"
-  fxa_secret          = "arn:aws:secretsmanager:us-east-1:768512802988:secret:prod/appointment/fxa-lRA3qx"
+  db_enc_secret       = get_env("db_enc_secret")       //"arn:aws:secretsmanager:us-east-1:768512802988:secret:tb-apmt-production-db-secret-xcaWVh"
+  smtp_secret         = get_env("smtp_secret")         //"arn:aws:secretsmanager:us-east-1:768512802988:secret:staging/appointment/socketlabs-UYmjaC"
+  google_oauth_secret = get_env("google_oauth_secret") //"arn:aws:secretsmanager:us-east-1:768512802988:secret:tb-apmt-production-google-cal-oauth-8x5LUO"
+  zoom_secret         = get_env("zoom_secret")         //"arn:aws:secretsmanager:us-east-1:768512802988:secret:staging/appointment/zoom-S862zi"
+  fxa_secret          = get_env("fxa_secret")          //"arn:aws:secretsmanager:us-east-1:768512802988:secret:prod/appointment/fxa-lRA3qx"
+  redis_endpoint      = dependency.cache.outputs.endpoint
+  log_level           = get_env("log_level")
   tags                = local.tags
 }

tofu/environments/prod/services/frontend/terragrunt.hcl

@@ -24,9 +24,9 @@ dependency "backend" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/stage/data-store/cache/terragrunt.hcl

@@ -33,9 +33,9 @@ dependency "backend" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/stage/data-store/database/terragrunt.hcl

@@ -42,9 +42,9 @@ dependency "backend" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/stage/network/vpc/terragrunt.hcl

@@ -13,9 +13,9 @@ terraform {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags

tofu/environments/stage/services/backend-infra/terragrunt.hcl

@@ -28,9 +28,9 @@ dependency "vpc" {
 }
 
 locals {
-  environment = include.environment.locals.environment
-  name_prefix = "tb-${include.root.locals.short_name}-${include.environment.locals.environment}"
-  region      = include.environment.locals.region
+  environment = get_env("environment")
+  name_prefix = get_env("name_prefix")
+  region      = get_env("region")
 
   project_tags     = include.root.locals.tags
   environment_tags = include.environment.locals.tags