Merge pull request #283 from chizmw/changeset-release/main #166
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Terraform and Serverless Deployment | |
# https://github.com/hashicorp/setup-terraform#setup-terraform | |
# yamllint disable-line rule:truthy | |
on: | |
pull_request: | |
branches: [mainXXdonotrunthis] | |
# only if we've changed terraform/ or botcpdf/ directories | |
paths: | |
- botcpdf/** | |
- data/** | |
- icons/** | |
- templates/** | |
- terraform/** | |
- www/** | |
push: | |
tags: | |
- '*' | |
# only allow one workflow to run at a time | |
concurrency: | |
group: terraform-matrix | |
cancel-in-progress: false | |
permissions: | |
id-token: write | |
contents: read | |
issues: write | |
pull-requests: write | |
# set default (empty) env vars (keeps liter happy in IDE) | |
env: | |
WORKSPACE: '' | |
DEPLOY_ENV: '' | |
jobs: | |
terraform-matrix: | |
name: Terraform Matrix | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
aws-account-id: | |
- 436158765452 | |
session-tag: | |
- botc-json2pdf | |
include: | |
- account-name-prefix: chizography | |
aws-account-id: 436158765452 | |
aws-deployment-role: botc/deploy_json2pdf | |
aws-region: eu-west-2 | |
terraform-dir: terraform | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Set Workspace Env | |
# if we're a PR then we user 'dev', otherwise we use 'prod' | |
# https://support.hashicorp.com/hc/en-us/articles/360043550953-Selecting-a-workspace-when-running-Terraform-in-automation | |
run: | | |
if [ -n "${{ github.event.pull_request.head.sha }}" ]; then | |
echo "WORKSPACE=dev" >> "$GITHUB_ENV" | |
else | |
echo "WORKSPACE=prod" >> "$GITHUB_ENV" | |
fi | |
# because we know some of our terraform has an external poetry data | |
# source, we need to install poetry | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Setup Poetry | |
uses: abatilo/actions-poetry@v3 | |
with: | |
poetry-version: 1.4.2 | |
- name: Prerelease Version | |
shell: bash | |
if: github.event_name == 'pull_request' | |
run: | | |
# for convenience we bump the version number (prerelease) if we're a | |
# PR; we don't care about keeping this, we just _never_ want to have | |
# a PR with a normal release version number | |
poetry version prerelease | |
- name: Run terraform actions | |
id: run-terraform-actions | |
# yamllint disable-line rule:line-length | |
uses: chizmw/[email protected] | |
with: | |
# yamllint disable rule:line-length | |
use-workspaces: true | |
workspace: ${{ env.WORKSPACE }} | |
terraform-dir: ${{ matrix.terraform-dir }} | |
# state-key: ${{ github.repository }}-${{ matrix.aws-account-id }}-${{ matrix.session-tag }}.tfstate | |
aws-account-id: ${{ matrix.aws-account-id }} | |
aws-account-name-prefix: ${{ matrix.account-name-prefix }} | |
aws-session-tag: ${{ matrix.session-tag }} | |
aws-access-key-id: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_SECRET_ACCESS_KEY }} | |
aws-deployment-role: ${{ matrix.aws-deployment-role }} | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
aws-region: ${{ matrix.aws-region }} | |
# if we're in a PR or a tag push, set auto-apply to true | |
auto-apply: ${{ github.event_name == 'pull_request' || github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} | |
# yamllint enable rule:line-length | |
linting: | |
name: Deploy Lambda | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- aws-account-name: chizography | |
aws-account-id: 436158765452 | |
aws-deployment-role: botc/deploy_json2pdf | |
steps: | |
- uses: actions/checkout@v4 | |
# do this early so it can fail fast | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
# yamllint disable rule:line-length | |
aws-access-key-id: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.CHIZOGRAPHY_GITHUB_AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-2 | |
role-to-assume: arn:aws:iam::${{ matrix.aws-account-id }}:role/${{ matrix.aws-deployment-role }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 1800 # 30 minute session | |
mask-aws-account-id: false | |
# yamllint enable rule:line-length | |
- name: Show AWS Credentials | |
shell: bash | |
run: | | |
env |sort |grep AWS | |
aws sts get-caller-identity | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 16 | |
- name: Set Environment Env | |
# if we're a PR then we user 'dev', otherwise we use 'prod' | |
# yamllint disable rule:line-length | |
run: | | |
# debug pesky sls | |
echo "SLS_DEBUG=*" >> "$GITHUB_ENV" | |
# pull request | |
if [ -n "${{ github.event.pull_request.head.sha }}" ]; then | |
echo "DEPLOY_ENV=dev" >> "$GITHUB_ENV" | |
# push to default branch | |
elif [ "${{ github.event_name }}" == "push" ] && [ "${{ github.ref }}" == "refs/heads/main" ]; then | |
echo "DEPLOY_ENV=prod" >> "$GITHUB_ENV" | |
# it's a tag event | |
elif [ "${{ github.event_name }}" == "push" ] && [[ "${{ github.ref }}" == refs/tags/* ]]; then | |
echo "DEPLOY_ENV=prod" >> "$GITHUB_ENV" | |
# no idea what's going on | |
else | |
# ::error | |
echo "::error::Unknown event type: ${{ github.event_name }} ${{ github.ref }}" | |
exit 66 | |
fi | |
# yamllint enable rule:line-length | |
- name: SLS Prep | |
shell: bash | |
run: | | |
npm --version | |
npm install -g serverless@3 | |
serverless plugin install -n serverless-docker | |
- name: Debug Matrix | |
shell: bash | |
run: | | |
echo "::notice::aws-account-name: ${{matrix.aws-account-name}}" | |
echo "::notice::aws-account-id: ${{matrix.aws-account-id}}" | |
echo "::notice::aws-deployment-role: ${{matrix.aws-deployment-role}}" | |
echo "::notice::DEPLOY_ENV: ${{env.DEPLOY_ENV}}" | |
# install python and poetry so we can run the tests | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.11' | |
- name: Setup Poetry | |
uses: abatilo/actions-poetry@v3 | |
with: | |
poetry-version: 1.4.2 | |
- name: Prerelease Version | |
shell: bash | |
if: github.event_name == 'pull_request' | |
run: | | |
# for convenience we bump the version number (prerelease) if we're a | |
# PR; we don't care about keeping this, we just _never_ want to have | |
# a PR with a normal release version number | |
poetry version prerelease | |
- name: Run Tests | |
shell: bash | |
run: | | |
make test | |
- name: SLS List Deploy | |
shell: bash | |
run: | | |
sls deploy list | |
- name: Install AWS RIE | |
shell: bash | |
# yamllint disable rule:line-length | |
run: | | |
mkdir -p ~/.aws-lambda-rie \ | |
&& curl -Lo ~/.aws-lambda-rie/aws-lambda-rie https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie \ | |
&& chmod +x ~/.aws-lambda-rie/aws-lambda-rie | |
# yamllint enable rule:line-length | |
- name: SLS Deploy (by env) | |
shell: bash | |
# yamllint disable-line rule:line-length | |
if: github.event_name == 'pull_request' || github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
run: | | |
sls deploy --stage ${{ env.DEPLOY_ENV }} | |
- name: Notify Discord | |
uses: th0th/[email protected] | |
if: ${{ always() }} | |
env: | |
# yamllint disable rule:line-length | |
DISCORD_WEBHOOK_URL: https://discord.com/api/webhooks/1099136707108020305/r86TwsFW_T3BDX0VOvdcCNVFaGTLTSeVkwS8NikvynVrU-4jZLqq--FlyPVGAmQWJWu9 | |
GITHUB_ACTOR: ${{ github.actor }} | |
GITHUB_JOB_NAME: Deploy Serverless (${{ env.DEPLOY_ENV }}) | |
GITHUB_JOB_STATUS: ${{ job.status }} |