Skip to content

fix(deploy): aws creds template change_mode to noop #27

fix(deploy): aws creds template change_mode to noop

fix(deploy): aws creds template change_mode to noop #27

Workflow file for this run

name: Deploy Bartholomew Website
on:
push:
branches:
- 'main'
# remove after testing
- 'vdice/ref/oci-deploy'
workflow_dispatch:
inputs:
ref:
description: 'Git ref to deploy from (refs/tags/v* for tag)'
default: 'refs/heads/main'
commit:
description: 'Commit SHA to deploy from (optional)'
# Construct a concurrency group to be shared across workflow runs.
# The default behavior ensures that only one is running at a time, with
# all others queuing and thus not interrupting runs that are in-flight.
concurrency: ${{ github.workflow }}
permissions:
contents: read
id-token: write # Allow the workflow to create a JWT for AWS auth
jobs:
echo-inputs:
runs-on: ubuntu-latest
if: ${{ github.event_name == 'workflow_dispatch' }}
steps:
- name: Echo Inputs
run: |
echo ref: ${{ github.event.inputs.ref }}
echo commit: ${{ github.event.inputs.commit }}
deploy:
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'fermyon' }}
env:
OCI_IMAGE_NAME: bartholomew-docs
steps:
- uses: actions/checkout@v3
- name: Check out specific ref
if: ${{ github.event_name == 'workflow_dispatch' }} && ${{ inputs.ref != ''}}
run: git checkout ${{ inputs.ref }}
- name: Check out specific commit
if: ${{ github.event_name == 'workflow_dispatch' }} && ${{ inputs.commit != ''}}
run: git checkout ${{ inputs.commit }}
- name: Construct OCI image tag
shell: bash
run: |
[[ "${{ github.event_name }}" == "push" ]] && \
echo "IMAGE_TAG=latest" >> $GITHUB_ENV || \
echo "IMAGE_TAG=canary" >> $GITHUB_ENV
- name: Setup Spin
uses: fermyon/actions/spin/setup@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
version: v2.0.1
- name: Configure AWS Credentials for publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_IAM_ROLE }}
role-session-name: ${{ env.OCI_IMAGE_NAME }}
aws-region: ${{ secrets.AWS_REGION_WEBSITES }}
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Publish Spin app
id: push
uses: fermyon/actions/spin/push@v1
with:
registry_reference: ${{ steps.login-ecr.outputs.registry }}/${{ env.OCI_IMAGE_NAME }}:${{ env.IMAGE_TAG }}
manifest_file: docs/spin.toml
- name: Cleanup login
if: ${{ always() }}
run: |
rm -rf /home/runner/fermyon
- name: Install Nomad
env:
NOMAD_VERSION: "1.4.3"
run: |
curl -Os https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip
unzip nomad_${NOMAD_VERSION}_linux_$(dpkg --print-architecture).zip -d /usr/local/bin
chmod +x /usr/local/bin/nomad
- name: Tailscale
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{ secrets.TS_CI_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TS_CI_OAUTH_SECRET }}
tags: tag:ci
- name: Deploy
shell: bash
run: |
export NOMAD_ADDR="${{ secrets.NOMAD_ADDR }}"
export NOMAD_NAMESPACE=websites
nomad run \
-var "region=${{ secrets.AWS_REGION_WEBSITES }}" \
-var "commit_sha=$(git rev-parse HEAD)" \
-var "ecr_ref=${{ steps.login-ecr.outputs.registry }}/${{ env.OCI_IMAGE_NAME }}@${{ steps.push.outputs.digest }}" \
deploy/bartholomew-docs.nomad