[Scheduled] Cycle Secrets #271
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "[Scheduled] Cycle Secrets" | |
on: | |
schedule: | |
# 1:30AM from Monday to Friday | |
- cron: "30 1 * * 1-5" | |
permissions: | |
id-token: write | |
contents: read | |
security-events: none | |
pull-requests: none | |
actions: none | |
checks: none | |
deployments: none | |
issues: none | |
packages: none | |
repository-projects: none | |
statuses: none | |
jobs: | |
latest_deployed_image: | |
name: get latest deployed image from training | |
uses: ./.github/workflows/_latest-deployed-image.yml | |
with: | |
workspace: training | |
terraform_path: environment | |
secrets: inherit | |
rotate_secrets_development: | |
name: rotate secrets for development account | |
uses: ./.github/workflows/_cycle-secrets.yml | |
needs: | |
- latest_deployed_image | |
with: | |
account_environment: development | |
secrets: inherit | |
terraform_apply_development: | |
name: development environment apply terraform | |
uses: ./.github/workflows/_run-terraform.yml | |
needs: | |
- rotate_secrets_development | |
- latest_deployed_image | |
with: | |
workspace: development | |
terraform_path: environment | |
path_to_live: true | |
apply: true | |
account_name: development | |
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
secrets: inherit | |
rotate_secrets_preproduction: | |
name: rotate secrets for preproduction account | |
uses: ./.github/workflows/_cycle-secrets.yml | |
needs: | |
- terraform_apply_development | |
with: | |
account_environment: preproduction | |
secrets: inherit | |
terraform_apply_integration: | |
name: integration environment apply terraform | |
uses: ./.github/workflows/_run-terraform.yml | |
needs: | |
- rotate_secrets_preproduction | |
- latest_deployed_image | |
- terraform_apply_development | |
with: | |
workspace: integration | |
terraform_path: environment | |
path_to_live: true | |
apply: true | |
account_name: preproduction | |
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
secrets: inherit | |
terraform_apply_training: | |
name: training environment apply terraform | |
uses: ./.github/workflows/_run-terraform.yml | |
needs: | |
- rotate_secrets_preproduction | |
- latest_deployed_image | |
- terraform_apply_development | |
with: | |
workspace: training | |
terraform_path: environment | |
path_to_live: true | |
apply: true | |
account_name: preproduction | |
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
secrets: inherit | |
terraform_apply_preproduction: | |
name: preproduction environment apply terraform | |
uses: ./.github/workflows/_run-terraform.yml | |
needs: | |
- rotate_secrets_preproduction | |
- latest_deployed_image | |
- terraform_apply_development | |
with: | |
workspace: preproduction | |
terraform_path: environment | |
path_to_live: true | |
apply: true | |
account_name: preproduction | |
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
secrets: inherit | |
rotate_secrets_production: | |
name: rotate secrets for production account | |
uses: ./.github/workflows/_cycle-secrets.yml | |
needs: | |
- terraform_apply_preproduction | |
with: | |
account_environment: production | |
secrets: inherit | |
terraform_apply_production: | |
name: production environment apply terraform | |
uses: ./.github/workflows/_run-terraform.yml | |
needs: | |
- rotate_secrets_production | |
- latest_deployed_image | |
- terraform_apply_preproduction | |
with: | |
workspace: production02 | |
terraform_path: environment | |
path_to_live: true | |
apply: true | |
account_name: production | |
container_version: ${{ needs.latest_deployed_image.outputs.image_tag }} | |
secrets: inherit | |
slack_notify_failure: | |
name: notify of result | |
uses: ./.github/workflows/_slack-notification.yml | |
if: ${{ failure() }} | |
needs: | |
- terraform_apply_production | |
with: | |
success: False | |
branch: main | |
account: 515688267891 | |
scheduled_task: "Cycle AWS Secrets" | |
secrets: inherit |