CI/CD and reusable workflows
Here's an overview of what can be accomplished with workflows in reusable-workflows
. Templates for the use cases can be found in the templates directory.
For questions, suggestions or any other feedback, please create a new discussion in the reusable-workflows
repository.
Introduction
Many of the workflows utilize GitHub deployment environments to enforce manual approvals before executing jobs. This helps to reduce the risk of unintended changes and makes it less of a leap of faith to deploy Terraform code. Use the Slack integration to streamline this process.
Build a Docker image and push it to ECR
In your application repository:
- Set up a GitHub deployment environment with a secret named
AWS_ROLE_ARN
. The role must allow you to push the Docker image to your ECR application repository. - Call
docker_build_push.yml
from your own workflow.
Trigger a Terraform apply in another repository
Steps:
- Set up a GitHub deployment environment with a secret named
AWS_ROLE_ARN
in the other repository. - Send a
repository_dispatch
event to another repository. - Set up a workflow in the other repository that triggers on
repository_dispatch
events. As part of this workflow: - Update the image SHA in the other repository.
- Run Terraform with
terraform_plan_apply.yml
on the updated infrastructure code.
Run Terraform for each stack with changed files
Steps:
- Set up multiple GitHub deployment environments with a secret named
AWS_ROLE_ARN
. - Create a job matrix for changed files. The team recommend
dorny/paths-filter
. - For each stack in the matrix, call
terraform_plan_apply.yml
.
This will let you run Terraform for each stack that has changed files, because a GitHub Actions job matrix is like a foreach loop.
You can find an example of this by looking at cd_terraform_matrix.yml
in the repository anders-iac
.
In a pull request
The setup mentioned above can be used for pull requests as well. You just need to set up a calling workflow that runs on pull request events. The plan will be visible in the workflow summary.