[CES-534] Use GH runners labels in infra plan and apply workflows (#167)

.github/workflows/infra_apply.yaml

@@ -23,6 +23,11 @@ on:
           type: string
           required: false
           default: ''
+      use_labels:
+        description: Use labels to start the right environment's GitHub runner. If use_labels is true, also use_private_agent must be set to true
+        type: boolean
+        required: false
+        default: false
 
 env:
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
@@ -32,14 +37,14 @@ env:
   ARM_STORAGE_USE_AZUREAD: true
 
 concurrency:
-  group: ${{ github.workflow }}-cd
+  group: ${{ github.workflow }}-${{ inputs.environment }}-cd
   cancel-in-progress: false
 
 jobs:
-
+  
   tf_plan:
     name: 'Terraform Plan'
-    runs-on: ${{ inputs.use_private_agent == true && 'self-hosted' || 'ubuntu-20.04' }}
+    runs-on: ${{ inputs.use_labels && inputs.use_private_agent && inputs.environment || inputs.use_private_agent && 'self-hosted' || 'ubuntu-20.04' }}
     environment: ${{ inputs.override_github_environment == '' && inputs.environment || inputs.override_github_environment}}-ci
     permissions:
       id-token: write
@@ -149,7 +154,7 @@ jobs:
 
           calculate_hash() {
               local module_path="$1"
-              tar -cf - "$module_path" | sha256sum | awk '{ print $1 }'
+              tar --exclude=.* -cvf - "$module_path" | sha256sum | awk '{ print $1 }'
           }
 
           # Iterate over modules listed in the metadata that were sourced from the Terraform registry
@@ -206,7 +211,7 @@ jobs:
 
   tf_apply:
     name: 'Terraform Apply'
-    runs-on: ${{ inputs.use_private_agent == true && 'self-hosted' || 'ubuntu-20.04' }}
+    runs-on: ${{ inputs.use_labels && inputs.use_private_agent && inputs.environment || inputs.use_private_agent && 'self-hosted' || 'ubuntu-20.04' }}
     needs: [tf_plan]
     environment: ${{ inputs.override_github_environment == '' && inputs.environment || inputs.override_github_environment}}-cd
     permissions:

.github/workflows/infra_plan.yaml

@@ -23,6 +23,11 @@ on:
         type: string
         required: false
         default: ''
+      use_labels:
+        description: Use labels to start the right environment's GitHub runner. If use_labels is true, also use_private_agent must be set to true
+        type: boolean
+        required: false
+        default: false
 
 env:
   ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
@@ -34,10 +39,10 @@ env:
 jobs:
   tf_plan:
     name: 'Terraform Plan'
-    runs-on: ${{ inputs.use_private_agent == true && 'self-hosted' || 'ubuntu-20.04' }}
+    runs-on: ${{ inputs.use_labels && inputs.use_private_agent && inputs.environment || inputs.use_private_agent && 'self-hosted' || 'ubuntu-20.04' }}
     environment: ${{ inputs.override_github_environment == '' && inputs.environment || inputs.override_github_environment}}-ci
     concurrency:
-      group: ${{ github.workflow }}-ci
+      group: ${{ github.workflow }}-${{ inputs.environment }}-ci
       cancel-in-progress: false
     permissions:
       id-token: write
@@ -152,7 +157,7 @@ jobs:
 
           calculate_hash() {
               local module_path="$1"
-              tar -cf - "$module_path" | sha256sum | awk '{ print $1 }'
+              tar --exclude=.* -cvf - "$module_path" | sha256sum | awk '{ print $1 }'
           }
 
           # Iterate over modules listed in the metadata that were sourced from the Terraform registry

infra/scripts/lock-modules.sh

@@ -9,7 +9,7 @@ REGISTRY_URL="registry.terraform.io"
 
 calculate_hash() {
     local module_path="$1"
-    tar -cf - "$module_path" | sha256sum | awk '{ print $1 }'
+    tar --exclude=.* -cvf - "$module_path" | sha256sum | awk '{ print $1 }'
 }
 
 # If no arguments are passed, set a default value (e.g., current directory)