Deploying Your Infrastructure
Once you have defined your infrastructure as code and pushed your changes to the repository you can now deploy your infrastructure.
Create a pull request
The first step is to create a pull request this will trigger the GitHub actions workflow for your application.
GitHub Actions Workflow
Workflow files are found here and are named after your application.
Depending on what environments you have, some jobs in the workflow may be commented out if they are not needed. They can be uncommented if more enviroments are added or safely removed if not needed.
Any changes to your workflow file will need approval from the Modernisation Platform team.
Here is a high level diagram of what the workflow file does.
Jobs on pull request
- a Terraform plan on the
developmentandtestenvironments (if you have them). - a Terraform apply on the
developmentandtestenvironments (if you have them), which is held until a reviewer from your GitHub team approves the deployment.
Jobs on merging a pull request
- a Terraform plan on the
preproductionandproductionenvironments (if you have them). - a Terraform apply on the
preproductionandproductionenvironments (if you have them), which is held until a reviewer from your GitHub team approves the deployment.
Jobs on a manual trigger
- a Terraform plan on the
developmentandtestenvironments (if you have them), if your action is manually triggered with thedeployaction. - a Terraform apply on the
developmentandtestenvironments (if you have them), if your action was manually triggered with thedeployaction, which is held until a reviewer from your GitHub team approves the deployment. - a Terraform plan destroy on the
developmentandtestenvironments (if you have them), if your action is manually triggered with thedestroyaction. - a Terraform apply destroy on the
developmentandtestenvironments (if you have them), if your action was manually triggered with thedestroyaction, which is held until a reviewer from your GitHub team approves the deployment.
Viewing Terraform plans
- Navigate to the Actions tab in the environments repository.
- Find the relevant workflow run (the name is the name of your pull request or merge commit)
- Click on the
Plan <environment> - <application name>job - Expand the
Terraform plan - <environment>drop down
Approving deployments
The Modernisation Platform uses Terraform Workspaces and GitHub Environments for deployments and approvals to your different environments.
- Navigate to the Actions tab in the environments repository.
- Find the relevant workflow run (the name is the name of your pull request or merge commit)
- Click on the
Review deploymentsbutton - Tick the box and
Approve and deploy - The
Deploy <environment> - <application>job will then run and deploy your infrastructure. Any issues or failures can been seen in this job.
Warning: Once workflows have started please do not cancel them unless it’s an emergency. GitHub actions cancels the workflow immediately, which can cause loss or corruption of the Terraform state leading to loss or duplication of infrastructure.
Checks
Some additional workflow checks will run when you create a pull request, this is to help ensure code on the Modernisation Platform meets the highest quality standards. Some of the checks are required which means you will not be able to merge the pull request until the issue is resolved.
| Check | Description | Required |
|---|---|---|
| Code Formatter | Runs a code formatter and commits any changes back to the branch | No |
| Open Policy Agent (OPA) validation | Runs OPA tests which check the Terraform and prevents certain changes for security reasons. If you want to make a change which is not allowed by the validation, please contact the Modernisation Platform team | Yes |
| Terraform Static Code Analysis | Runs any changes through TFSEC, Checkov and tflint. If any issues are flagged please try to fix them, if there is a valid reason not to fix them they can be ignored with inline ignore comments. | No - but we may make this mandatory at a later date |
More information
For more details information on the workflow and concepts behind it please see the User Workflow concepts guidance. For instructions on how to run a Terraform plan locally see here