Skip to content

Deploy to AWS

Deploy to AWS #143

Workflow file for this run

name: Deploy to AWS
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [ main ]
paths:
- '**.tf'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Runs every Wednesday at 9am (primarly to keep the security.txt updated)
schedule:
- cron: '0 9 * * 3'
jobs:
deploy:
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
# Runs a single command using the runners shell
- name: Configure AWS credentials from Test account
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- name: Install tfenv
run: |
git clone https://github.com/tfutils/tfenv.git ~/.tfenv
echo "$HOME/.tfenv/bin" >> $GITHUB_PATH
- name: Install Terraform
run: |
tfenv install
terraform --version
- name: Init DNS
working-directory: dns/
run: |
terraform init -no-color -input=false
terraform validate -no-color
- name: Deploy DNS
working-directory: dns/
run: |
terraform apply -auto-approve
- name: Init CDN
working-directory: cdn/
run: |
terraform init -no-color -input=false
terraform validate -no-color
- name: Deploy nonprod CDN
working-directory: cdn/
run: |
terraform workspace select nonprod
terraform apply -auto-approve -var="basicauthstring=${{ secrets.BASICAUTHSTRING }}"
- name: Test nonprod CDN
run: |
if curl -I https://vulnerability-reporting.nonprod-service.security.gov.uk/ | grep 401; then
echo 401 returned as expected
else
exit 1
fi
- name: Deploy prod CDN
working-directory: cdn/
run: |
terraform workspace select prod
terraform apply -auto-approve -var="basicauthstring=${{ secrets.BASICAUTHSTRING }}"
- name: Test prod CDN
run: |
if curl -I https://vulnerability-reporting.service.security.gov.uk/ | grep 200; then
echo 200 returned as expected
else
exit 1
fi