Skip to content

Merge pull request #246 from chizmw/changeset-release/main #162

Merge pull request #246 from chizmw/changeset-release/main

Merge pull request #246 from chizmw/changeset-release/main #162

---
name: Terraform and Serverless Deployment
# https://github.com/hashicorp/setup-terraform#setup-terraform
# yamllint disable-line rule:truthy
on:
pull_request:
branches: [main]
# only if we've changed terraform/ or botcpdf/ directories
paths:
- botcpdf/**
- data/**
- icons/**
- templates/**
- terraform/**
- www/**
push:
tags:
- '*'
# only allow one workflow to run at a time
concurrency:
group: terraform-matrix
cancel-in-progress: false
permissions:
id-token: write
contents: read
issues: write
pull-requests: write
# set default (empty) env vars (keeps liter happy in IDE)
env:
WORKSPACE: ''
DEPLOY_ENV: ''
jobs:
terraform-matrix:
name: Terraform Matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
aws-account-id:
- 436158765452
session-tag:
- botc-json2pdf
include:
- account-name-prefix: chizography
aws-account-id: 436158765452
aws-deployment-role: botc/deploy_json2pdf
aws-region: eu-west-2
terraform-dir: terraform
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set Workspace Env
# if we're a PR then we user 'dev', otherwise we use 'prod'
# https://support.hashicorp.com/hc/en-us/articles/360043550953-Selecting-a-workspace-when-running-Terraform-in-automation
run: |
if [ -n "${{ github.event.pull_request.head.sha }}" ]; then
echo "WORKSPACE=dev" >> "$GITHUB_ENV"
else
echo "WORKSPACE=prod" >> "$GITHUB_ENV"
fi
# because we know some of our terraform has an external poetry data
# source, we need to install poetry
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Setup Poetry
uses: abatilo/actions-poetry@v2
with:
poetry-version: 1.4.2
- name: Prerelease Version
shell: bash
if: github.event_name == 'pull_request'
run: |
# for convenience we bump the version number (prerelease) if we're a
# PR; we don't care about keeping this, we just _never_ want to have
# a PR with a normal release version number
poetry version prerelease
- name: Run terraform actions
id: run-terraform-actions
# yamllint disable-line rule:line-length
uses: chizmw/[email protected]
with:
# yamllint disable rule:line-length
use-workspaces: true
workspace: ${{ env.WORKSPACE }}
terraform-dir: ${{ matrix.terraform-dir }}
# state-key: ${{ github.repository }}-${{ matrix.aws-account-id }}-${{ matrix.session-tag }}.tfstate
aws-account-id: ${{ matrix.aws-account-id }}
aws-account-name-prefix: ${{ matrix.account-name-prefix }}
aws-session-tag: ${{ matrix.session-tag }}
aws-access-key-id: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_SECRET_ACCESS_KEY }}
aws-deployment-role: ${{ matrix.aws-deployment-role }}
github-token: ${{ secrets.GITHUB_TOKEN }}
aws-region: ${{ matrix.aws-region }}
# if we're in a PR or a tag push, set auto-apply to true
auto-apply: ${{ github.event_name == 'pull_request' || github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
# yamllint enable rule:line-length
linting:
name: Deploy Lambda
runs-on: ubuntu-latest
strategy:
matrix:
include:
- aws-account-name: chizography
aws-account-id: 436158765452
aws-deployment-role: botc/deploy_json2pdf
steps:
- uses: actions/checkout@v4
# do this early so it can fail fast
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
# yamllint disable rule:line-length
aws-access-key-id: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
role-to-assume: arn:aws:iam::${{ matrix.aws-account-id }}:role/${{ matrix.aws-deployment-role }}
role-skip-session-tagging: true
role-duration-seconds: 1800 # 30 minute session
mask-aws-account-id: false
# yamllint enable rule:line-length
- name: Show AWS Credentials
shell: bash
run: |
env |sort |grep AWS
aws sts get-caller-identity
- uses: actions/setup-node@v3
with:
node-version: 16
- name: Set Environment Env
# if we're a PR then we user 'dev', otherwise we use 'prod'
# yamllint disable rule:line-length
run: |
# debug pesky sls
echo "SLS_DEBUG=*" >> "$GITHUB_ENV"
# pull request
if [ -n "${{ github.event.pull_request.head.sha }}" ]; then
echo "DEPLOY_ENV=dev" >> "$GITHUB_ENV"
# push to default branch
elif [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "DEPLOY_ENV=prod" >> "$GITHUB_ENV"
# it's a tag event
elif [ "${{ github.event_name }}" == "push" ] && [[ "${{ github.ref }}" == refs/tags/* ]]; then
echo "DEPLOY_ENV=prod" >> "$GITHUB_ENV"
# no idea what's going on
else
# ::error
echo "::error::Unknown event type: ${{ github.event_name }} ${{ github.ref }}"
exit 66
fi
# yamllint enable rule:line-length
- name: SLS Prep
shell: bash
run: |
npm --version
npm install -g serverless@3
serverless plugin install -n serverless-docker
- name: Debug Matrix
shell: bash
run: |
echo "::notice::aws-account-name: ${{matrix.aws-account-name}}"
echo "::notice::aws-account-id: ${{matrix.aws-account-id}}"
echo "::notice::aws-deployment-role: ${{matrix.aws-deployment-role}}"
echo "::notice::DEPLOY_ENV: ${{env.DEPLOY_ENV}}"
# install python and poetry so we can run the tests
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Setup Poetry
uses: abatilo/actions-poetry@v2
with:
poetry-version: 1.4.2
- name: Prerelease Version
shell: bash
if: github.event_name == 'pull_request'
run: |
# for convenience we bump the version number (prerelease) if we're a
# PR; we don't care about keeping this, we just _never_ want to have
# a PR with a normal release version number
poetry version prerelease
- name: Run Tests
shell: bash
run: |
make test
- name: SLS List Deploy
shell: bash
run: |
sls deploy list
- name: Install AWS RIE
shell: bash
# yamllint disable rule:line-length
run: |
mkdir -p ~/.aws-lambda-rie \
&& curl -Lo ~/.aws-lambda-rie/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie \
&& chmod +x ~/.aws-lambda-rie/aws-lambda-rie
# yamllint enable rule:line-length
- name: SLS Deploy (by env)
shell: bash
# yamllint disable-line rule:line-length
if: github.event_name == 'pull_request' || github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
run: |
sls deploy --stage ${{ env.DEPLOY_ENV }}
- name: Notify Discord
uses: th0th/[email protected]
if: ${{ always() }}
env:
# yamllint disable rule:line-length
DISCORD_WEBHOOK_URL: https://discord.com/api/webhooks/1099136707108020305/r86TwsFW_T3BDX0VOvdcCNVFaGTLTSeVkwS8NikvynVrU-4jZLqq--FlyPVGAmQWJWu9
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_JOB_NAME: Deploy Serverless (${{ env.DEPLOY_ENV }})
GITHUB_JOB_STATUS: ${{ job.status }}