Skip to content
[Scheduled] Cycle Secrets

[Scheduled] Cycle Secrets #270

Sign in to view logs

[Scheduled] Cycle Secrets

[Scheduled] Cycle Secrets #270

Workflow file for this run

.github/workflows/scheduled-cycle-secrets.yml at 64a3ab6
name: "[Scheduled] Cycle Secrets"
on:
schedule:
# 1:30AM from Monday to Friday
- cron: "30 1 * * 1-5"
permissions:
id-token: write
contents: read
security-events: none
pull-requests: none
actions: none
checks: none
deployments: none
issues: none
packages: none
repository-projects: none
statuses: none
jobs:
latest_deployed_image:
name: get latest deployed image from training
uses: ./.github/workflows/_latest-deployed-image.yml
with:
workspace: training
terraform_path: environment
secrets: inherit
rotate_secrets_development:
name: rotate secrets for development account
uses: ./.github/workflows/_cycle-secrets.yml
needs:
- latest_deployed_image
with:
account_environment: development
secrets: inherit
terraform_apply_development:
name: development environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_development
- latest_deployed_image
with:
workspace: development
terraform_path: environment
path_to_live: true
apply: true
account_name: development
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets: inherit
rotate_secrets_preproduction:
name: rotate secrets for preproduction account
uses: ./.github/workflows/_cycle-secrets.yml
needs:
- terraform_apply_development
with:
account_environment: preproduction
secrets: inherit
terraform_apply_integration:
name: integration environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_preproduction
- latest_deployed_image
- terraform_apply_development
with:
workspace: integration
terraform_path: environment
path_to_live: true
apply: true
account_name: preproduction
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets: inherit
terraform_apply_training:
name: training environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_preproduction
- latest_deployed_image
- terraform_apply_development
with:
workspace: training
terraform_path: environment
path_to_live: true
apply: true
account_name: preproduction
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets: inherit
terraform_apply_preproduction:
name: preproduction environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_preproduction
- latest_deployed_image
- terraform_apply_development
with:
workspace: preproduction
terraform_path: environment
path_to_live: true
apply: true
account_name: preproduction
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets: inherit
rotate_secrets_production:
name: rotate secrets for production account
uses: ./.github/workflows/_cycle-secrets.yml
needs:
- terraform_apply_preproduction
with:
account_environment: production
secrets: inherit
terraform_apply_production:
name: production environment apply terraform
uses: ./.github/workflows/_run-terraform.yml
needs:
- rotate_secrets_production
- latest_deployed_image
- terraform_apply_preproduction
with:
workspace: production02
terraform_path: environment
path_to_live: true
apply: true
account_name: production
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }}
secrets: inherit
slack_notify_failure:
name: notify of result
uses: ./.github/workflows/_slack-notification.yml
if: ${{ failure() }}
needs:
- terraform_apply_production
with:
success: False
branch: main
account: 515688267891
scheduled_task: "Cycle AWS Secrets"
secrets: inherit