-
Notifications
You must be signed in to change notification settings - Fork 11
140 lines (125 loc) · 4.25 KB
/
deploy_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Deploy A&R-Admin Test
run-name: Deploying ${{ github.ref_name }} to test
on:
push:
tags:
- "*"
workflow_dispatch:
inputs:
releaseTag:
description: "Tag of version to be promoted to test"
required: true
permissions:
id-token: write
contents: read
jobs:
deploy-admin:
runs-on: ubuntu-latest
environment: test
strategy:
max-parallel: 1
matrix:
node-version: [18.x]
defaults:
run:
working-directory: "./"
steps:
### Checkout GitHub Repo
- name: Checkout repo
uses: actions/checkout@v3
- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":"A&R - Deploy Admin Test"}'
### Install if no cache exists ###
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: "yarn"
cache-dependency-path: "./yarn.lock"
- run: yarn install --silent --frozen-lockfile
### Build if no cache exists ###
- name: Cache Admin Build
id: cache-admin-build
uses: actions/cache@v3
with:
path: |
./dist
key: ${{ github.sha }}-dist
- name: Run yarn build
if: steps.cache-admin-build.outputs.cache-hit != 'true'
env:
GH_HASH: ${{ github.sha }}
run: |
sed 's@localConfigEndpoint@'true'@g' src/env.js.template | sed 's@localGHHash@'"$GH_HASH"'@g' > src/env.js
yarn build
### Setup AWS SAM
- name: Setup AWS SAM
uses: aws-actions/setup-sam@v2
with:
use-installer: true
### Assume AWS IAM Role
- name: Get AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}
### SAM Build
- name: Cache SAM Build
id: cache-sam-build
uses: actions/cache@v3
with:
path: |
./.aws-sam
key: ${{ github.sha }}-sam-cache
- name: Run sam build
if: steps.cache-sam-build.outputs.cache-hit != 'true'
run: |
sam build --cached
### Prevent prompts and failure when the stack is unchanged
- name: SAM deploy
env:
STACK_NAME: ${{ vars.AR_ADMIN_STACK_NAME }}
PROJECT_NAME: ${{ vars.AR_ADMIN_PROJECT_NAME }}
DIST_ORIGIN_PATH: "latest"
API_GATEWAY_ID: ${{ vars.AR_API_ID }}
ENV: ${{ vars.ENVIRONMENT_STAGE }}
AWS_REGION: ${{ vars.AWS_REGION }}
API_STAGE: ${{ vars.AR_API_STAGE }}
DOMAIN_NAME: ${{ vars.DOMAIN_NAME }}
AWS_CERTIFICATE_ARN: ${{ vars.AWS_CERTIFICATE_ARN }}
BASE_HREF: ""
run: |
sam deploy --stack-name $STACK_NAME --no-confirm-changeset --no-fail-on-empty-changeset --parameter-overrides \
"ProjectName=$PROJECT_NAME \
DistOriginPath=$DIST_ORIGIN_PATH \
ApiGatewayId=$API_GATEWAY_ID \
Env=$ENV \
AWSRegion=$AWS_REGION \
ApiStage=$API_STAGE \
EnvDomainName=$DOMAIN_NAME \
DomainCertificateArn=$AWS_CERTIFICATE_ARN \
BaseHref=$BASE_HREF"
### Upload dist to S3 ###
- name: Deploy to S3
env:
S3_BUCKET: ${{ vars.AR_ADMIN_PROJECT_NAME }}-${{ vars.ENVIRONMENT_STAGE }}
DIR_NAME: ${{ github.event.release.tag_name }}
WORKING_DIRECTORY: ./
run: |
aws s3 sync dist/$WORKING_DIRECTORY s3://$S3_BUCKET/$DIR_NAME
aws s3 rm s3://$S3_BUCKET/ --recursive --exclude "*" --include "latest/*"
aws s3 sync dist/$WORKING_DIRECTORY s3://$S3_BUCKET/latest/
- name: Invalidate CloudFront
uses: chetan/invalidate-cloudfront-action@v2
env:
DISTRIBUTION: ${{ secrets.DISTRIBUTION }}
PATHS: "/*"
- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":"A&R Deploy Admin Test Complete"}'