diff --git a/.github/workflows/ecs_terraform.yaml b/.github/workflows/ecs_terraform.yaml index df60ab9b..604fcece 100644 --- a/.github/workflows/ecs_terraform.yaml +++ b/.github/workflows/ecs_terraform.yaml @@ -5,16 +5,16 @@ on: merge_group: types: - checks_requested - push: - branches: - - main workflow_dispatch: inputs: workspace: - description: "The workspace to terraform against" + description: "Choose terraform workspace for deployment" required: true - type: string - default: "dev" + type: choice + options: + - dev + - demo + default: dev concurrency: group: ${{ github.event.inputs.workspace }}-terraform @@ -25,7 +25,7 @@ permissions: contents: read env: - workspace: dev + workspace: ${{ github.event.inputs.workspace }} jobs: terraform: diff --git a/.github/workflows/terraform_plan.yaml b/.github/workflows/terraform_plan.yaml index 27a95ac4..187c6f2c 100644 --- a/.github/workflows/terraform_plan.yaml +++ b/.github/workflows/terraform_plan.yaml @@ -2,13 +2,22 @@ name: Ad-hoc Terraform Plan run-name: Terraform plan ${{ inputs.workspace }} by @${{ github.actor }} on: + pull_request: + branches: + - shanice/deploy_demo_ecs + merge_group: + types: + - checks_requested workflow_dispatch: inputs: workspace: - description: "The workspace to terraform against" + description: "Choose terraform workspace for deployment" required: true - type: string - default: "dev" + type: choice + options: + - dev + - demo + default: dev concurrency: group: ${{ github.event.inputs.workspace }}-terraform @@ -19,7 +28,7 @@ permissions: contents: read env: - workspace: dev + workspace: ${{ github.event.inputs.workspace }} jobs: terraform: @@ -49,7 +58,6 @@ jobs: - name: Terraform env: - # ACTION: ${{ env.terraform_action }} BUCKET: ${{ secrets.TFSTATE_BUCKET }} DYNAMODB_TABLE: ${{ secrets.TFSTATE_DYNAMODB_TABLE }} REGION: ${{ vars.region }} @@ -60,6 +68,7 @@ jobs: TLS_KEY: ${{ secrets.TLS_KEY}} shell: bash run: | + echo "Deploying to ${{ github.event.inputs.workspace }}..." rm -rf .terraform .terraform.lock.hcl terraform init \ -var-file="$WORKSPACE.tfvars" \ @@ -68,6 +77,12 @@ jobs: -backend-config "region=$REGION" \ || (echo "terraform init failed, exiting..." && exit 1) terraform workspace select "$WORKSPACE" + terraform apply -auto-approve -target=aws_acm_certificate.cloudflare_cert \ + -var-file="$WORKSPACE.tfvars" \ + -var "umls_api_key=${UMLS_API_KEY}" \ + -var "ersd_api_key=${ERSD_API_KEY}" \ + -var "qc_tls_key=${TLS_KEY}" \ + -var "qc_tls_cert=${TLS_CERT}" terraform plan \ -var-file="$WORKSPACE.tfvars" \ -var "umls_api_key=${UMLS_API_KEY}" \ diff --git a/terraform/implementation/ecs/demo.tfvars b/terraform/implementation/ecs/demo.tfvars new file mode 100644 index 00000000..14163b6f --- /dev/null +++ b/terraform/implementation/ecs/demo.tfvars @@ -0,0 +1,3 @@ +owner = "skylight" +project = "qc" +region = "us-east-1" \ No newline at end of file diff --git a/terraform/implementation/ecs/main.tf b/terraform/implementation/ecs/main.tf index a4944302..0c993db8 100644 --- a/terraform/implementation/ecs/main.tf +++ b/terraform/implementation/ecs/main.tf @@ -136,8 +136,8 @@ module "ecs" { resource "aws_db_instance" "qc_db" { allocated_storage = "10" - db_name = var.qc_db_name - identifier = var.db_identifier + db_name = "${var.qc_db_name}_${terraform.workspace}" + identifier = "${var.db_identifier}-${terraform.workspace}" engine = var.db_engine_type engine_version = var.db_engine_version enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"] @@ -152,14 +152,14 @@ resource "aws_db_instance" "qc_db" { # Create a DB subnet group resource "aws_db_subnet_group" "this" { - name = "${var.db_identifier}-subnet-group" + name = "${var.db_identifier}-subnet-group-${terraform.workspace}" subnet_ids = module.vpc.private_subnets } # Create a parameter group to configure Postgres RDS parameters resource "aws_db_parameter_group" "this" { - name = "${var.db_identifier}-pg" + name = "${var.db_identifier}-pg-${terraform.workspace}" family = var.db_family parameter {