.github/workflows/main.yml

name: "[Prod] MAMIP - Infrastructure GitHub Actions"

on:
  workflow_dispatch:
  push:
    tags-ignore:
      - "*.*"
    branches:
      - master

env:
  tf_version: "0.13.5"
  tf_working_dir: "./automation/tf-fargate"
  env: "prod"
  project: "mamip"
  aws_region: "eu-west-1"
  artifacts_bucket: "mamip-artifacts"

jobs:
  terraform:
    name: "Build & Deploy"
    permissions:
      id-token: write
      contents: write
    runs-on: ubuntu-latest
    steps:
      - name: "Checkout"
        uses: actions/checkout@v2

      - name: AWS IAM Assume Role
        uses: aws-actions/configure-aws-credentials@master
        with:
          aws-region: ${{ secrets.REGION }}
          role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
          role-duration-seconds: 1200
          role-session-name: GH-Actions-${{ env.project }}-${{ env.env }}

      # - name: Who Am I?
      #   run: aws sts get-caller-identity

      - name: "Terraform Init"
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: ${{ env.tf_version }}
          tf_actions_subcommand: "init"
          tf_actions_working_dir: ${{ env.tf_working_dir }}
          tf_actions_comment: false
          args: '-backend-config="bucket=${{ secrets.TF_STATE_S3_BUCKET }}" -backend-config="key=mamip/terraform-${{ env.env }}.tfstate"'

      # - name: "Terraform Validate"
      #   uses: hashicorp/terraform-github-actions@master
      #   with:
      #     tf_actions_version: ${{ env.tf_version }}
      #     tf_actions_subcommand: "validate"
      #     tf_actions_working_dir: ${{ env.tf_working_dir }}
      #     tf_actions_comment: false

      - name: "Terraform Plan"
        id: plan
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: ${{ env.tf_version }}
          tf_actions_subcommand: "plan"
          tf_actions_working_dir: ${{ env.tf_working_dir }}
          tf_actions_comment: false
          args: '-var="env=${{ env.env }}" -var="artifacts_bucket=${{ env.artifacts_bucket }}"'

      - name: "Terraform Apply"
        if: steps.plan.outputs.tf_actions_plan_has_changes == 'true'
        uses: hashicorp/terraform-github-actions@master
        with:
          tf_actions_version: ${{ env.tf_version }}
          tf_actions_subcommand: "apply"
          tf_actions_working_dir: ${{ env.tf_working_dir }}
          tf_actions_comment: false
          args: '-var="env=${{ env.env }}"'

      - name: Update runbook artifact
        run: aws s3 cp ./automation/runbook-${{ env.env }}.sh 's3://${{ env.project }}-artifacts/${{ env.env }}/runbook.sh'

      # - name: Login to Amazon ECR
      #   id: login-ecr
      #   uses: aws-actions/amazon-ecr-login@v1

      # - name: Build, tag, and push image to Amazon ECR
      #   env:
      #     ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
      #     ECR_REPOSITORY: mamip-ecr-${{ env.env }}
      #     IMAGE_TAG: ${{ github.sha }}
      #   run: |
      #     docker buildx build --platform=linux/arm64 -t mamip-image ./automation/
      #     docker tag mamip-image $ECR_REGISTRY/$ECR_REPOSITORY
      #     docker push $ECR_REGISTRY/$ECR_REPOSITORY

      - name: Logout of Amazon ECR
        if: always()
        run: docker logout ${{ steps.login-ecr.outputs.registry }}