Update workflow to use terragrunt

.github/workflows/Terraform.yml

@@ -12,55 +12,73 @@ on:
       - 'terraform/**'
       - '!terraform/readme.md'
       - '.github/workflows/Terraform.yml'
+
+env:
+  # https://github.com/gruntwork-io/terragrunt/issues/616#issuecomment-443834779
+  AWS_SDK_LOAD_CONFIG: true
 
 jobs:
-  terraform:
-    name: Terraform
+  terragrunt:
+    name: 'Terragrunt'
     runs-on: ubuntu-latest
     defaults:
       run:
-        working-directory: terraform/eks
+        working-directory: terraform
     steps:
-    - name: Checkout
-      uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v2
 
-    - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-        aws-region: us-west-2
-        role-to-assume: github-actions-role
-        role-duration-seconds: 900
+      - name: Setup Conda
+        uses: conda-incubator/setup-miniconda@v2
+        with:
+          python-version: 3.8
+          channels: conda-forge,defaults
+          channel-priority: true
+          auto-activate-base: true
+          activate-environment: true
 
-    - name: Setup Terraform
-      uses: hashicorp/setup-terraform@v1
-      with:
-        terraform_version: 0.14.8
+      - name: Print conda env
+        shell: bash -l {0}
+        run: |
+          conda info
+          conda list
 
-    - name: Terraform fmt
-      id: fmt
-      run: terraform fmt -check
+      - name: Install terragrunt
+        shell: bash -l {0}
+        run: |
+          conda install --yes terragrunt
 
-    - name: Test Terraform Init
-      id: test-init
-      run: terraform init -backend=false
+      - name: Configure AWS credentials
+        id: aws-config
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: us-west-2
 
-    - name: Terraform Init
-      if: github.ref == 'refs/heads/main'
-      id: init
-      run: terraform init
+      - name: Terragrunt Format
+        id: fmt
+        shell: bash -l {0}
+        run: terragrunt run-all fmt -check --terragrunt-iam-role ${{ secrets.AWS_ROLE_TO_ASSUME }}
 
-    - name: Terraform Validate
-      id: validate
-      run: terraform validate -no-color
+      - name: Terragrunt Init
+        id: init
+        shell: bash -l {0}
+        run: terragrunt run-all init --terragrunt-iam-role ${{ secrets.AWS_ROLE_TO_ASSUME }}
 
-    - name: Terraform Plan
-      id: plan
-      run: terraform plan -no-color
-      continue-on-error: true
+      - name: Terragrunt Validate
+        id: validate
+        shell: bash -l {0}
+        run: terragrunt run-all validate -no-color --terragrunt-iam-role ${{ secrets.AWS_ROLE_TO_ASSUME }}
 
-    - name: Terraform Apply
-      if: github.ref == 'refs/heads/main'
-      id: apply
-      run: terraform apply -auto-approve
+      - name: Terragrunt Plan
+        id: plan
+        shell: bash -l {0}
+        run: terragrunt run-all plan -no-color --terragrunt-iam-role ${{ secrets.AWS_ROLE_TO_ASSUME }}
+        continue-on-error: true
+
+      - name: Terragrunt Apply
+        if: github.ref == 'refs/heads/main'
+        id: apply
+        shell: bash -l {0}
+        run: terragrunt run-all apply -auto-approve --terragrunt-iam-role ${{ secrets.AWS_ROLE_TO_ASSUME }}