-
Notifications
You must be signed in to change notification settings - Fork 11
97 lines (85 loc) · 3.03 KB
/
deploy_test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: Deploy Test
run-name: Deploying ${{ github.ref_name }} to test
on:
push:
tags:
- '*'
workflow_dispatch:
inputs:
releaseTag:
description: "Tag of version to be promoted to test"
required: true
permissions:
id-token: write
contents: read
jobs:
ci:
name: Build and Deploy
runs-on: ubuntu-latest
environment: test
strategy:
matrix:
node-version: [18.x]
defaults:
run:
working-directory: "arSam"
steps:
- name: Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":" A&R API deploy Test"}'
# Tag not found
- name: Tag not found
if: ${{ failure() }}
run: |
echo "::error::Git Tag not found, please double check input"
exit 1
# Setup AWS SAM
- name: Setup AWS SAM
uses: aws-actions/setup-sam@v2
with:
use-installer: true
# Assume AWS IAM Role
- name: Get AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}
# SAM Build
- name: Cache SAM Build
id: cache-sam-build
uses: actions/cache@v3
with:
path: |
**arSam/.aws-sam
key: ${{ github.sha }}-ar-api-sam-cache
- name: Run sam build
if: steps.cache-sam-build.outputs.cache-hit != 'true'
run: |
sam build --cached
# Prevent prompts and failure when the stack is unchanged
- name: SAM deploy
env:
STAGE: ${{ vars.AR_API_STAGE }}
ACCOUNT_ID: ${{ vars.ACCOUNT_ID }}
AWS_ACCOUNT_LIST: ${{ vars.AWS_ACCOUNT_LIST }}
SSO_ISSUER: ${{ vars.SSO_ISSUER }}
SSO_JWKSURI: ${{ vars.SSO_JWKSURI }}
SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}
SSO_ORIGIN: ${{ vars.SSO_ORIGIN }}
S3_BUCKET_DATA: ${{ vars.S3_BUCKET_DATA }}
DATA_REGISTER_NAME_ENDPOINT: ${{ secrets.DATA_REGISTER_NAME_ENDPOINT }}
DATA_REGISTER_NAME_API_KEY: ${{ secrets.DATA_REGISTER_NAME_API_KEY }}
run: |
sam deploy --no-confirm-changeset --no-fail-on-empty-changeset --parameter-overrides "AccountId=$ACCOUNT_ID" "Stage=$STAGE" "SSOIssuerUrl=$SSO_ISSUER" "SSOJWKSUri=$SSO_JWKSURI" "SSOClientId=$SSO_CLIENT_ID" "SSOOrigin=$SSO_ORIGIN" "AWSAccountList=$AWS_ACCOUNT_LIST" "S3BucketData=$S3_BUCKET_DATA" "DataRegisterNameEndpoint=$DATA_REGISTER_NAME_ENDPOINT" "DataRegisterNameApiKey=$DATA_REGISTER_NAME_API_KEY"
- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":" A&R API - Deploy Test Complete"}'