From 3158da09856e6fa5d6d290eb39a91d550fe83227 Mon Sep 17 00:00:00 2001 From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com> Date: Wed, 15 Mar 2023 12:41:25 -0400 Subject: [PATCH] Terraform version bump (#10513) # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --- .github/workflows/dogfood-deploy.yml | 22 +++---------------- .../dogfood/terraform/aws-tf-module/github.tf | 5 +++-- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/.github/workflows/dogfood-deploy.yml b/.github/workflows/dogfood-deploy.yml index 1b9e5c0d23..19ba56594a 100644 --- a/.github/workflows/dogfood-deploy.yml +++ b/.github/workflows/dogfood-deploy.yml @@ -47,7 +47,7 @@ jobs: aws-region: ${{ env.AWS_REGION }} - uses: hashicorp/setup-terraform@633666f66e0061ca3b725c73b2ec20cd13a8fdd1 # v2.0.3 with: - terraform_version: 1.0.4 + terraform_version: 1.3.8 terraform_wrapper: false - name: Terraform Init id: init @@ -64,22 +64,6 @@ jobs: run: terraform plan -no-color continue-on-error: true # first we'll scale everything down and create the new task definitions - - name: Terraform Apply Scale Down - id: apply_scale_down - run: terraform apply -auto-approve - env: - TF_VAR_fleet_min_capacity: 0 - TF_VAR_fleet_max_capacity: 0 - - name: Run migration task - id: run_migrate - run: | - CLUSTER_NAME=$(terraform output -raw ecs_cluster_name) - FAMILY=$(terraform output -raw migrate_task_definition_family) - REVISION=$(terraform output -raw fleet-migration-task-revision) - SUBNET=$(terraform output -raw private_subnet) - SECURITY_GROUP=$(terraform output -raw backend_security_group_id) - echo $CLUSTER_NAME $FAMILY $REVISION $SUBNET $SECURITY_GROUP - aws ecs run-task --cluster "${CLUSTER_NAME}" --task-definition "${FAMILY}":"${REVISION}" --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=["${SUBNET}"],securityGroups=["${SECURITY_GROUP}"]}" - - name: Terraform Apply Scale Up - id: apply_scale_up + - name: Terraform Apply + id: apply run: terraform apply -auto-approve diff --git a/infrastructure/dogfood/terraform/aws-tf-module/github.tf b/infrastructure/dogfood/terraform/aws-tf-module/github.tf index 1781fdfd56..eaca3ac0b6 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/github.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/github.tf @@ -93,8 +93,9 @@ data "aws_iam_policy_document" "gha-permissions" { "dynamodb:*", "kinesis:*", "firehose:*", - "athena:*" + "athena:*", + "glue:*", ] resources = ["*"] } -} \ No newline at end of file +}