Skip to content
Main

Switch to spot instances #85

Sign in to view logs

Switch to spot instances

Switch to spot instances #85

Workflow file for this run

.github/workflows/main.yml at 8dc2b0b
name: Main
on:
workflow_dispatch:
push:
branches:
- main
jobs:
build_infra:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Setup job workspace
uses: ServerlessOpsIO/gha-setup-workspace@v1
- name: Assume AWS Credentials
uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
with:
build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
- name: Install AWS SAM
uses: aws-actions/setup-sam@v2
- name: Validate template
run: sam validate --lint
- name: Build artifact
run: sam build --parallel --template template.yaml
- name: Store Artifacts
uses: ServerlessOpsIO/gha-store-artifacts@v1
with:
use_aws_sam: true
build_container:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Setup job workspace
uses: ServerlessOpsIO/gha-setup-workspace@v1
- name: check working directory
shell: bash
run: echo ${{ github.workspace }}
- name: Assume AWS Credentials
uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
with:
build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
- name: Setup NodeJS
uses: ServerlessOpsIO/gha-setup-node@v1
with:
node_version_file: src/package.json
working_directory: src
- name: Write GitHub App Creds
id: github-app-creds
shell: bash
env:
CONTENTS: ${{ secrets.X_GITHUB_APP_CREDS }}
run: |
echo -e "$CONTENTS" > src/app-config.d/credentials/github-app-credentials.yaml
# Couldn't store JSON creds while retaining proper formatting so going to do this in two steps
- name: Write Google Admin API creds
id: google-admin-creds
shell: bash
env:
CONTENTS: ${{ secrets.CATALOG_GOOGLE_JWT_KEYS }}
run: |
echo -e "$CONTENTS" > src/app-config.d/credentials/google-jwt.keys.yaml
- name: Convert Google Admin API creds to YAML
id: google-admin-creds-yaml
shell: bash
run: |
yq -p yaml -o json src/app-config.d/credentials/google-jwt.keys.yaml > src/app-config.d/credentials/google-jwt.keys.json
- name: Compile Typescript
id: compile
shell: bash
working-directory: src
run: yarn run tsc:full
- name: Build Application Code
id: build
shell: bash
working-directory: src
run: yarn run build:all
- name: Test Application
id: test
shell: bash
working-directory: src
run: yarn run test:all
- name: Lint Application
id: lint
shell: bash
working-directory: src
run: yarn run lint:all
- name: Build Base Image
id: build-image
shell: bash
working-directory: src
run: yarn run build-image
- name: Build container image
uses: kciter/aws-ecr-action@v4
with:
account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
region: ${{ env.AWS_REGION }}
tags: latest,${{ env.GITHUB_EVENT_REF_SLUG }},${{ env.GITHUB_SHA_SHORT }},${{ env.GITHUB_SHA }}
repo: ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG}}
create_repo: true
path: src
dockerfile: src/Dockerfile
# FIXME: This is a workaround to deal with how the action works and so we can
# continue to use the aws-actions/configure-aws-credentials
access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
set_repo_policy: true
repo_policy_file: .github/workflows/ecr-policy.json
deploy:
needs:
- build_infra
- build_container
environment: production
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Setup job workspace
uses: ServerlessOpsIO/gha-setup-workspace@v1
with:
checkout_artifact: true
- name: Assume AWS Credentials
uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
with:
build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
- name: Deploy via AWS SAM
uses: ServerlessOpsIO/gha-deploy-aws-sam@v1
with:
aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
env_json: ${{ toJson(env) }}
vars_json: ${{ toJson(vars) }}
secrets_json: ${{ toJson(secrets) }}