Skip to content

Import secret manager correctly #105

Import secret manager correctly

Import secret manager correctly #105

Workflow file for this run

name: Deploy Application
on:
push:
branches: [main]
paths:
- '.github/workflows/deploy.yml'
- '.github/workflows/push-container.yml'
- 'src/**'
- 'container/**'
- 'template.yml'
- 'package.json'
workflow_dispatch:
env:
AWS_REGISTRY_URI: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com
AWS_REGION: us-east-1
AWS_ROLE_TO_ASSUME: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/coderunner-pipeline-role
REPOSITORY_NAME: coderunner
CLOUDFORMATION_ROLE_ARN: arn:aws:iam::254837279431:role/coderunner-cloudformation-role
CODERUNNER_BUCKET: coderunner-${{ secrets.AWS_ACCOUNT_ID }}
jobs:
unit-test:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v4
- uses: actions/checkout@v4
- name: Run tests
run: |
npm ci
npm run test
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
directory: ./tests/coverage/
token: ${{ secrets.CODECOV_TOKEN }}
push-container:
needs: [unit-test]
uses: ./.github/workflows/push-container.yml
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
deploy:
runs-on: ubuntu-latest
needs: [push-container]
steps:
- uses: actions/checkout@v4
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Set REPOSITORY_URI
run: |
REPOSITORY_URI=$AWS_REGISTRY_URI/$REPOSITORY_NAME
echo "REPOSITORY_URI=$REPOSITORY_URI" >> "$GITHUB_ENV"
- name: Install dependencies
run: |
rm package-lock.json
docker run \
-v $(pwd):/var/task \
-w /var/task \
--entrypoint /bin/bash \
amazon/aws-lambda-nodejs:20 \
-c "npm i --production"
- name: Build and Upload Package
run: |
zip --symlinks -r package.zip ./*
aws s3 cp package.zip s3://${{ env.CODERUNNER_BUCKET }}/package/${{ github.run_id }}.zip
- name: Deploy template.yml
run: |
sam deploy --stack-name coderunner-dev \
--no-fail-on-empty-changeset \
--s3-bucket ${{ env.CODERUNNER_BUCKET }} \
--image-repositories CodeRunnerFunction=$REPOSITORY_URI \
--capabilities CAPABILITY_IAM \
--role-arn ${CLOUDFORMATION_ROLE_ARN} \
--parameter-overrides \
ImageUri=${{ env.REPOSITORY_URI }}:${{ github.run_id }} \
CodeUri=package/${{ github.run_id }}.zip
migrations:
runs-on: ubuntu-latest
needs: [deploy]
steps:
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Run migrations
run: |
aws lambda invoke \
--function-name "MigrationsFunction" \
--cli-binary-format raw-in-base64-out \
-
delete-outdated-image:
runs-on: ubuntu-latest
needs: [deploy]
steps:
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Delete images from ECR Repository
run: |
IMAGE_ID=$(aws ecr describe-images \
--repository-name $REPOSITORY_NAME \
--query "sort_by(imageDetails, &imagePushedAt) | reverse(@) | [1:].{imageId:imageTags[0]}")
for row in $(echo "${IMAGE_ID}" | jq -r '.[] | @base64'); do
_jq() {
echo ${row} | base64 --decode | jq -r ${1}
}
aws ecr batch-delete-image \
--repository-name $REPOSITORY_NAME \
--image-ids imageTag=$(_jq '.imageId')
done