Skip to content
Deploy

Unfudge the worst of it #2

Sign in to view logs

Unfudge the worst of it

Unfudge the worst of it #2

Workflow file for this run

.github/workflows/deploy.yml at af0db75
---
name: Deploy
# https://github.com/hashicorp/setup-terraform#setup-terraform
# yamllint disable-line rule:truthy
on:
pull_request:
branches: [main]
# only if we've changed terraform/ or botcpdf/ directories
paths:
- botcpdf/**
- data/**
- icons/**
- templates/**
- terraform/**
- www/**
push:
tags:
- '*'
# only allow one workflow to run at a time
concurrency:
group: terraform-matrix
cancel-in-progress: false
permissions:
id-token: write
contents: read
issues: write
pull-requests: write
# set default (empty) env vars (keeps liter happy in IDE)
env:
WORKSPACE: ''
DEPLOY_ENV: ''
jobs:
terraform-matrix:
name: Terraform Matrix
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
aws-account-id:
- 436158765452
session-tag:
- botc-json2pdf
include:
- account-name-prefix: chizography
aws-account-id: 436158765452
aws-deployment-role: botc/deploy_json2pdf
aws-region: eu-west-2
terraform-dir: terraform
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Set Workspace Env
# if we're a PR then we user 'dev', otherwise we use 'prod'
# https://support.hashicorp.com/hc/en-us/articles/360043550953-Selecting-a-workspace-when-running-Terraform-in-automation
run: |
if [ -n "${{ github.event.pull_request.head.sha }}" ]; then
echo "WORKSPACE=dev" >> "$GITHUB_ENV"
else
echo "WORKSPACE=prod" >> "$GITHUB_ENV"
fi
# because we know some of our terraform has an external poetry data
# source, we need to install poetry
- name: Setup Poetry
uses: abatilo/actions-poetry@v2
with:
poetry-version: 1.6.1
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version-file: lambda-src/api-render-pdf/pyproject.toml
cache: poetry
- name: Prerelease Version
shell: bash
if: github.event_name == 'pull_request'
run: |
# for convenience we bump the version number (prerelease) if we're a
# PR; we don't care about keeping this, we just _never_ want to have
# a PR with a normal release version number
poetry --directory=lambda-src/api-render-pdf/ version prerelease
- name: Run Tests
shell: bash
run: |
make test
- name: Run terraform actions
id: run-terraform-actions
# yamllint disable-line rule:line-length
uses: chizmw/[email protected]
with:
# yamllint disable rule:line-length
use-workspaces: true
workspace: ${{ env.WORKSPACE }}
terraform-dir: ${{ matrix.terraform-dir }}
# state-key: ${{ github.repository }}-${{ matrix.aws-account-id }}-${{ matrix.session-tag }}.tfstate
aws-account-id: ${{ matrix.aws-account-id }}
aws-account-name-prefix: ${{ matrix.account-name-prefix }}
aws-session-tag: ${{ matrix.session-tag }}
aws-access-key-id: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_SECRET_ACCESS_KEY }}
aws-deployment-role: ${{ matrix.aws-deployment-role }}
github-token: ${{ secrets.GITHUB_TOKEN }}
aws-region: ${{ matrix.aws-region }}
# if we're in a PR or a tag push, set auto-apply to true
auto-apply: ${{ github.event_name == 'pull_request' || github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }}
# yamllint enable rule:line-length
- name: Notify Discord
uses: th0th/[email protected]
if: ${{ always() }}
env:
# yamllint disable rule:line-length
DISCORD_WEBHOOK_URL: https://discord.com/api/webhooks/1099136707108020305/r86TwsFW_T3BDX0VOvdcCNVFaGTLTSeVkwS8NikvynVrU-4jZLqq--FlyPVGAmQWJWu9
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_JOB_NAME: Deploy Serverless (${{ env.DEPLOY_ENV }})
GITHUB_JOB_STATUS: ${{ job.status }}