test apply

[ConnorOKane-Kainos]

• testing apply of rulesets

Jira link https://tools.hmcts.net/jira/browse/DTSPO-18474

See PROJ-XXXXXX

Change description

Updating the terraform apply stage and adding push on main

Testing done

Checklist

• commit messages are meaningful and follow good commit message guidelines
• README and other documentation has been updated / added (if needed)
• tests have been updated / new tests has been added (if needed)
• Does this PR introduce a breaking change

🤖AEP PR SUMMARY🤖

.github/workflows/terraform.yaml

• Added a new trigger for pushing to the main branch.
• Updated the Terraform Apply job to run only on push events to the main branch, instead of only on merged pull requests.

[github-actions]

diff

The changes in the .github/workflows/terraform.yaml file generally points towards automation enhancements, particularly focusing on the execution of Terraform scripts during both pull requests to and pushes against the main branch. Below are additional recommendations for improvement:

1. Enhancement of security practices:
   Consider narrowing down the permissions to the minimum required for the job to function. Overly broad permissions can pose a security risk.

   + permissions:
   +   contents: read
   +   issues: write
   - permissions:

2. Optimization of the CI/CD process:
   Introducing caching for Terraform initialization can decrease job execution times and indirectly reduce costs and carbon usage. GitHub Actions supports caching dependencies and other frequently reused files.

   + - name: Cache Terraform modules
   +   uses: actions/cache@v2
   +   with:
   +     path: |
   +       ~/.terraform.d/plugin-cache
   +     key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
   +     restore-keys: |
   +       ${{ runner.os }}-terraform-

3. Cost and Carbon Usage:
   While the mentioned changes might not significantly impact direct costs in GBP, optimizing Terraform operations (e.g., by caching) can lead to lesser compute time, indirectly affecting both cost and carbon footprint. Though hard to quantify in specific numbers without benchmarking, any decrease in runtime translates to minor savings and less energy consumption.

4. Code Readability and Maintenance:
   Adding some comments before critical steps, especially where conditional execution is involved, could enhance readability for new contributors or when revisiting the code later.

   + # Only run Terraform apply on successful merge to main branch
    - if: github.event_name == 'push' && github.ref == 'refs/heads/main'

5. Verification of Workflow Success on Direct Pushes:
   If direct pushes to the main branch are allowed, it might be beneficial to ensure that the main branch is always in a working state. This could include steps for more comprehensive testing.

   + - name: Run Integration Tests
   +   if: github.event_name == 'push'
   +   run: ./run_integration_tests.sh

Implementing the above changes can enhance the security, efficiency, and maintainability of your CI/CD pipeline, contributing to slight cost savings and reduced environmental impact over time. It also ensures a higher degree of code quality and stability.