-
Notifications
You must be signed in to change notification settings - Fork 23
52 lines (44 loc) · 1.97 KB
/
aws-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
name: Deploy Backend to Product ECS
on:
push:
branches: ["main"]
env:
AWS_REGION: ap-northeast-1
ECR_REPOSITORY: petercat-lambda
ECR_REGISTRY: 654654285942.dkr.ecr.ap-northeast-1.amazonaws.com
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
deploy:
runs-on: ubuntu-latest
environment: production
strategy:
fail-fast: true
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::654654285942:role/Github-OIDC
audience: sts.amazonaws.com
aws-region: ${{ env.AWS_REGION }}
# Build inside Docker containers
- run: sam build --use-container --config-file .aws/petercat-prod.toml
# Prevent prompts and failure when the stack is unchanged
- run: |
sam deploy \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--config-file .aws/petercat-prod.toml \
--parameter-overrides GitHubAppID=${{ secrets.X_GITHUB_APP_ID }} \
GithubAppsClientId=${{ secrets.X_GITHUB_APPS_CLIENT_ID }} \
GithubAppsClientSecret=${{ secrets.X_GITHUB_APPS_CLIENT_SECRET }} \
OpenAIAPIKey=${{ secrets.OPENAI_API_KEY }} \
SupabaseServiceKey=${{ secrets.SUPABASE_SERVICE_KEY }} \
SupabaseUrl=${{ secrets.SUPABASE_URL }} \
TavilyAPIKey=${{ secrets.TAVILY_API_KEY }} \
APIIdentifier=${{ secrets.API_IDENTIFIER }} \
FastAPISecretKey=${{ secrets.FASTAPI_SECRET_KEY }} \
GitHubToken=${{ secrets.X_GITHUB_TOKEN }}