search

cds-snc / forms-terraform

Infrastructure as Code for the GC Forms environment
MIT License
16 stars 7 forks source link

fix: deploy new IdP image if changes #805

Closed patheard closed 2 months ago

patheard commented 2 months ago

Summary

Update the Staging Terraform apply workflow so that a new IdP image is only built, pushed and deployed if there have been changes to the idp folder. This will fix the error we saw where the ECR image deletion policy removed an image that was in use.

Also updates the IdP service to always use the latest available task definition so that both Terraform and the ECS deploy job can manage the same ECS task definition without conflicts.

github-actions[bot] commented 2 months ago

⚠ Terrform update available

Terraform: 1.9.5 (using 1.9.2)
Terragrunt: 0.67.3 (using 0.63.2)
github-actions[bot] commented 2 months ago

Staging: idp

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|---------------------------------------| | update | `module.idp_ecs.aws_ecs_service.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.idp_ecs.aws_ecs_service.this will be updated in-place ~ resource "aws_ecs_service" "this" { id = "arn:aws:ecs:ca-central-1:687401027353:service/idp/zitadel" name = "zitadel" tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } ~ task_definition = "arn:aws:ecs:ca-central-1:687401027353:task-definition/zitadel:1" -> "zitadel" # (15 unchanged attributes hidden) # (5 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener_rule.idp_protocol_version"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.idp_send_email"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.idp_send_email"] WARN - plan.json - main - Missing Common Tags: ["aws_shield_protection.idp"] 23 tests, 19 passed, 4 warnings, 0 failures, 0 exceptions ```
github-actions[bot] commented 2 months ago

Staging: api

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|---------------------------------------| | update | `module.api_ecs.aws_ecs_service.this` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.api_ecs.aws_ecs_service.this will be updated in-place ~ resource "aws_ecs_service" "this" { id = "arn:aws:ecs:ca-central-1:687401027353:service/Forms/forms-api" name = "forms-api" tags = { "CostCentre" = "forms-platform-staging" "Terraform" = "true" } ~ task_definition = "forms-api:26" -> "forms-api" # (15 unchanged attributes hidden) # (4 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh 20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions ```