Skip to main content

Core Workflow (CI/CD)


We use trunk base development in the Modernisation Platform, with all platform infrastructure stored in the modernisation-platform repository.


For our CI/CD pipelines we use GitHub actions.

Workflow files are found here

Terraform workflows

Workflows which create terraform resources in our core accounts and creates new member accounts.

Name Description Terraform location Workflow file
Modernisation Platform account Creates key resources such as S3 state buckets for the platform terraform/modernisation-platform-account Manually run
Environment creation Creates member OUs and accounts terraform/environments new-environment.yml
Core Logging Creates the core logging account resources terraform/environments/core-logging core-logging-deployment.yml
Core Networking Creates the core networking account resources terraform/environments/core-networking core-networking-deployment.yml
Core Security Creates the core security account resources terraform/environments/core-security core-security-deployment.yml
Core Shared Services Creates the core shared services account resources terraform/environments/shared-services core-shared-services-deployment.yml
Core VPC Creates the core VPC resources in the VPC accounts terraform/environments/core-vpc core-vpc-development-deployment.yml,core-vpc-test-deployment.yml,core-vpc-preproduction-deployment.yml,core-vpc-production-deployment.yml
GitHub Terraform Creates the GitHub teams and repositories in GitHub terraform/github terraform-github.yml
PagerDuty Creates PagerDuty teams, users, services and schedules ‘terraform/pagerduty’ terraform-pagerduty.yml

New member file creation workflows

These workflows create the new files needed for new member accounts.

Name Description Workflow file
New environment files Creates new files in the modernisation-platform repository new-environment-files
New member environment files Creates new files in the modernisation-platform-environments repository, also creates the GitHub environments new-member-environment-files

Other workflows

Name Description Workflow file
Check links Checks links are valid in our GitHub pages user guidance check-links.yml
Publish Publishes pages in source to our GitHub pages user guidance publish.yml
Format Code Formats code once a week and raises a PR for review format-code.yml
Labeler Adds labels to our pull requests depending on which folders are changed labeler.yml
OPA Policies Runs Open Policy Agent validation tests against our json files opa-policies.yml
Sheduled Baseline Runs the baseline code across all accounts ensuring security baselines are still in place scheduled-baseline.yml
Terraform Static Code Analysis Runs TFSEC, Checkov and TFlint against all Terraform code terraform-static-analysis.yml
Generate Dependabot File Generates a new dependabot file to add any newly added Terraform folders generate-dependabot-file.yml
Add issues to project On new modernisation-plaform repository issue creation adds the new issue to the Modernisation Platform project add-issues-to-project.yml
Terraform Documentation Generates Terraform module documentation documentation.yml
Scorecards Generates OSSF scorecard security findings and publishes them on the repository security tab in GitHub scorecards.yml
Code Scanning Runs Static Code Analysis and uploads findings and publishes them on the repository code scanning tab in GitHub code-scanning.yml
This page was last reviewed on 6 June 2023. It needs to be reviewed again on 6 December 2023 by the page owner #modernisation-platform .
This page was set to be reviewed before 6 December 2023 by the page owner #modernisation-platform. This might mean the content is out of date.