Upgrades to AL2023 runtime #50
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Checks and PR stack deploy | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
cloudformation-check: | |
runs-on: ubuntu-latest | |
container: | |
image: us-central1-docker.pkg.dev/phurl-public-docker/github-actions/actions-cfn-lint:latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Lint CloudFormation templates | |
run: | | |
cfn-lint --version | |
cfn-lint --include-checks I --info --non-zero-exit-code error -t template.yaml | |
go-check: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: 1.21 | |
- name: Get tools | |
run: | | |
go install honnef.co/go/tools/cmd/staticcheck@latest | |
curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.18.2 | |
- name: Run Staticcheck | |
run: | | |
staticcheck -f stylish ./... | |
working-directory: ingest-fn | |
- name: Run Gosec | |
run: | | |
gosec -exclude=G304 -verbose text ./... | |
working-directory: ingest-fn | |
- name: Run tests | |
run: | | |
go test -v | |
working-directory: ingest-fn | |
deploy-pr-stack: | |
if: github.event_name == 'pull_request' | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
timeout-minutes: 15 | |
needs: | |
- cloudformation-check | |
- go-check | |
steps: | |
- run: sleep 5 | |
- uses: actions/checkout@v2 | |
- uses: aws-actions/[email protected] | |
with: | |
role-to-assume: ${{ secrets.ACTIONS_ROLE_ARN }} | |
role-duration-seconds: 900 | |
aws-region: eu-west-1 | |
- name: Place SAM config | |
run: | | |
cp .ci/samconfig.toml.template samconfig.toml | |
sed -i -e "s|stack_name = \"{}\"|stack_name = \"GITHUB-Phuurl-img-site-PR-${PRNUM}\"|g" samconfig.toml | |
sed -i -e "s|s3_bucket = \"{}\"|s3_bucket = \"${SAM_BUCKET}\"|g" samconfig.toml | |
sed -i -e "s|s3_prefix = \"{}\"|s3_prefix = \"GITHUB-Phuurl-img-site-PR-${PRNUM}\"|g" samconfig.toml | |
sed -i -e "s|parameter_overrides = \"{}\"|parameter_overrides = \"UploadBucketName=\\\\\"github-phuurl-img-site-pr-upload-${PRNUM}\\\\\" EmailNotificationEnabled=\\\\\"false\\\\\" NotificationEmail=\\\\\"x\\\\\" SiteName=\\\\\"GITHUB-Phuurl-img-site-PR-${PRNUM}\\\\\" NoDomain=\\\\\"true\\\\\" Domain=\\\\\"x\\\\\" CertArn=\\\\\"x\\\\\" CloudFrontRedirectFunctionName=\\\\\"GITHUB_Phuurl_img_site_PR_${PRNUM}_index_redirect_func\\\\\" CloudFrontCachePolicyName=\\\\\"GITHUB-Phuurl-img-site-PR-${PRNUM}-cache-policy\\\\\" CreateUploadIamUser=\\\\\"false\\\\\"\"|g" samconfig.toml | |
sed -i -e "s|tags = \"{}\"|tags = \"project=\\\\\"github\\\\\" repo=\\\\\"img-site\\\\\" pr=\\\\\"${PRNUM}\\\\\"\"|g" samconfig.toml | |
cat samconfig.toml | |
env: | |
PRNUM: ${{ github.event.number }} | |
SAM_BUCKET: ${{ secrets.SAM_BUCKET }} | |
- name: SAM build | |
run: | | |
# Ensure we have the latest SAM CLI | |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
brew install aws-sam-cli | |
# Update Makefile to use Intel for ease | |
sed -i -e "s|linux-arm64|linux-amd64|g" ingest-fn/Makefile | |
sam --version | |
# Attempt build | |
sam build | |
- name: Slack notify | |
run: | | |
curl -X POST -H 'Content-type: application/json' --data "{\"text\": \":shipit: PR deployment for \`Phuurl/img-site/#${PRNUM}\`\"}" ${SLACK_WEBHOOK} | |
env: | |
PRNUM: ${{ github.event.number }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_PR_DEPLOYMENT_WEBHOOK }} | |
continue-on-error: true | |
- name: SAM deploy | |
run: | | |
sam deploy --role-arn ${DEPLOY_ROLE} --config-env ci | |
env: | |
DEPLOY_ROLE: ${{ secrets.DEPLOY_ROLE_ARN }} | |
- name: Upload static assets | |
run: | | |
HostingBucketName=$(aws cloudformation describe-stacks --stack-name "GITHUB-Phuurl-img-site-PR-${PRNUM}" --query "Stacks[0].Outputs[?OutputKey=='HostingBucketName'].OutputValue" --output text --region eu-west-1) | |
aws s3 cp error.html s3://${HostingBucketName}/ | |
aws s3 cp robots.txt s3://${HostingBucketName}/ | |
env: | |
PRNUM: ${{ github.event.number }} | |
- name: Upload input images | |
run: | | |
UploadBucketName=$(aws cloudformation describe-stacks --stack-name "GITHUB-Phuurl-img-site-PR-${PRNUM}" --query "Stacks[0].Outputs[?OutputKey=='UploadBucketName'].OutputValue" --output text --region eu-west-1) | |
aws s3 cp ingest-fn/.test-resources/500x500.png s3://${UploadBucketName}/ | |
aws s3 cp ingest-fn/.test-resources/500x500.jpg s3://${UploadBucketName}/ | |
env: | |
PRNUM: ${{ github.event.number }} |