Skip to main content

Deploying Your Infrastructure

Once you have defined your infrastructure as code and pushed your changes to the repository you can now deploy your infrastructure.

Create a pull request

The first step is to create a pull request this will trigger the GitHub actions workflow for your application.

GitHub Actions Workflow

Workflow files are found here and are named after your application.

Depending on what environments you have, some jobs in the workflow may be commented out if they are not needed. They can be uncommented if more enviroments are added or safely removed if not needed.

Any changes to your workflow file will need approval from the Modernisation Platform team.

Here is a high level diagram of what the workflow file does.

Environment Workflow

Jobs on pull request

  • a Terraform plan on the development and test environments (if you have them).
  • a Terraform apply on the development and test environments (if you have them), which is held until a reviewer from your GitHub team approves the deployment.

Jobs on merging a pull request

  • a Terraform plan on the preproduction and production environments (if you have them).
  • a Terraform apply on the preproduction and production environments (if you have them), which is held until a reviewer from your GitHub team approves the deployment.

Jobs on a manual trigger

  • a Terraform plan on the development and test environments (if you have them), if your action is manually triggered with the deploy action.
  • a Terraform apply on the development and test environments (if you have them), if your action was manually triggered with the deploy action, which is held until a reviewer from your GitHub team approves the deployment.
  • a Terraform plan destroy on the development and test environments (if you have them), if your action is manually triggered with the destroy action.
  • a Terraform apply destroy on the development and test environments (if you have them), if your action was manually triggered with the destroy action, which is held until a reviewer from your GitHub team approves the deployment.

Viewing Terraform plans

  1. Navigate to the Actions tab in the environments repository.
  2. Find the relevant workflow run (the name is the name of your pull request or merge commit)
  3. Click on the Plan <environment> - <application name> job
  4. Expand the Terraform plan - <environment> drop down

Approving deployments

The Modernisation Platform uses Terraform Workspaces and GitHub Environments for deployments and approvals to your different environments.

  1. Navigate to the Actions tab in the environments repository.
  2. Find the relevant workflow run (the name is the name of your pull request or merge commit)
  3. Click on the Review deployments button
  4. Tick the box and Approve and deploy
  5. The Deploy <environment> - <application> job will then run and deploy your infrastructure. Any issues or failures can been seen in this job.

Warning: Once workflows have started please do not cancel them unless it’s an emergency. GitHub actions cancels the workflow immediately, which can cause loss or corruption of the Terraform state leading to loss or duplication of infrastructure.

Checks

Some additional workflow checks will run when you create a pull request, this is to help ensure code on the Modernisation Platform meets the highest quality standards. Some of the checks are required which means you will not be able to merge the pull request until the issue is resolved.

Check Description Required
Code Formatter Runs a code formatter and commits any changes back to the branch No
Open Policy Agent (OPA) validation Runs OPA tests which check the Terraform and prevents certain changes for security reasons. If you want to make a change which is not allowed by the validation, please contact the Modernisation Platform team Yes
Terraform Static Code Analysis Runs any changes through TFSEC, Checkov and tflint. If any issues are flagged please try to fix them, if there is a valid reason not to fix them they can be ignored with inline ignore comments. No - but we may make this mandatory at a later date

More information

For more details information on the workflow and concepts behind it please see the User Workflow concepts guidance. For instructions on how to run a Terraform plan locally see here

This page was last reviewed on 5 April 2024. It needs to be reviewed again on 5 October 2024 by the page owner #modernisation-platform .
This page was set to be reviewed before 5 October 2024 by the page owner #modernisation-platform. This might mean the content is out of date.