-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (128 loc) · 5.55 KB
/
build-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Build and Deploy aws-python-post-stack-outputs
name: build-deploy-ci
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
push:
branches: ["main", "dev"]
pull_request:
branches: ["main", "dev"]
# For a workflow to be reusable by other repositories
workflow_call:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
pull-requests: read
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
outputs:
requires-deploy: ${{ steps.changed-files.outputs.any_changed }}
repo-name: ${{ steps.repo-name.outputs.GIT_REPO_NAME }}
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Git Checkout
uses: actions/[email protected]
- name: Get changed files
id: changed-files
uses: tj-actions/[email protected]
with:
files_ignore: |
.github/**
.git*
LICENSE
**.md
- name: List all changed files
env:
ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
run: |
for file in ${ALL_CHANGED_FILES}; do
echo "$file was changed"
done
- name: Get GitHub Repository Name
id: repo-name
run: |
echo GIT_REPO_NAME=`echo $GITHUB_REPOSITORY | cut -d "/" -f 2` >> $GITHUB_OUTPUT
deploy:
# The type of runner that the job will run on
runs-on: ubuntu-latest
needs: [build]
if: ${{ (needs.build.outputs.requires-deploy == 'true') && (contains('refs/heads/main, refs/heads/dev', github.ref)) }}
env:
LAMBDA_ZIP_NAME: lambda-${{ needs.build.outputs.repo-name }}.zip
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- name: Git Checkout
uses: actions/[email protected]
- name: Install Python requirements
run: |
pip3 install -r requirements.txt -t .
- name: Package Lambda
run: |
zip -r ${{ env.LAMBDA_ZIP_NAME }} . -x .git\*/\* -x *.yml -x .DS_Store -x .gitignore
- name: Upload Lambda Package Zip
uses: actions/[email protected]
with:
name: ${{ env.LAMBDA_ZIP_NAME }}
path: ${{ env.LAMBDA_ZIP_NAME }}
retention-days: 30
- name: Configure AWS Credentials Action for GitHub Actions
uses: aws-actions/[email protected]
with:
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/github-wafr-ftr-onboarding-role
aws-region: ${{ vars.AWS_REGION }}
- name: Extract branch name
shell: bash
run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch
# Upload files to Amazon S3
- name: Copy files to s3
run: |
aws s3 sync . s3://${{ vars.BUCKET_BASE_URL }}/${{ vars.S3_KEY_PREFIX }}${{ steps.extract_branch.outputs.branch }}/ --exclude '*' --include ${{ env.LAMBDA_ZIP_NAME }}
# Copy to us-east-1
- name: Copy files across S3 buckets, primarily AWS Lambda zip files
uses: GeorgeDavis-Ibexlabs/[email protected]
with:
SRC_REGION: ${{ vars.AWS_REGION }}
SRC_BUCKET: ${{ vars.BUCKET_BASE_URL }}
SRC_KEY_PREFIX: ${{ vars.S3_KEY_PREFIX }}${{ steps.extract_branch.outputs.branch }}/
SRC_KEY: ${{ env.LAMBDA_ZIP_NAME }}
DST_REGION: us-east-1
DST_BUCKET: us-east-1.${{ vars.BUCKET_BASE_URL }}
# Copy to us-east-2
- name: Copy files across S3 buckets, primarily AWS Lambda zip files
uses: GeorgeDavis-Ibexlabs/[email protected]
with:
SRC_REGION: ${{ vars.AWS_REGION }}
SRC_BUCKET: ${{ vars.BUCKET_BASE_URL }}
SRC_KEY_PREFIX: ${{ vars.S3_KEY_PREFIX }}${{ steps.extract_branch.outputs.branch }}/
SRC_KEY: ${{ env.LAMBDA_ZIP_NAME }}
DST_REGION: us-east-2
DST_BUCKET: us-east-2.${{ vars.BUCKET_BASE_URL }}
# Copy to us-west-1
- name: Copy files across S3 buckets, primarily AWS Lambda zip files
uses: GeorgeDavis-Ibexlabs/[email protected]
with:
SRC_REGION: ${{ vars.AWS_REGION }}
SRC_BUCKET: ${{ vars.BUCKET_BASE_URL }}
SRC_KEY_PREFIX: ${{ vars.S3_KEY_PREFIX }}${{ steps.extract_branch.outputs.branch }}/
SRC_KEY: ${{ env.LAMBDA_ZIP_NAME }}
DST_REGION: us-west-1
DST_BUCKET: us-west-1.${{ vars.BUCKET_BASE_URL }}
# Copy to ca-central-1
- name: Copy files across S3 buckets, primarily AWS Lambda zip files
uses: GeorgeDavis-Ibexlabs/[email protected]
with:
SRC_REGION: ${{ vars.AWS_REGION }}
SRC_BUCKET: ${{ vars.BUCKET_BASE_URL }}
SRC_KEY_PREFIX: ${{ vars.S3_KEY_PREFIX }}${{ steps.extract_branch.outputs.branch }}/
SRC_KEY: ${{ env.LAMBDA_ZIP_NAME }}
DST_REGION: ca-central-1
DST_BUCKET: ca-central-1.${{ vars.BUCKET_BASE_URL }}