-
Notifications
You must be signed in to change notification settings - Fork 11
100 lines (86 loc) · 2.86 KB
/
deploy_prod.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Deploy Prod
run-name: Deploying ${{ github.event.inputs.releaseTag }} to prod
on:
workflow_dispatch:
inputs:
releaseTag:
description: 'Tag of version to be promoted to prod'
required: true
env:
TF_VERSION: 0.14.7
TG_VERSION: 0.37.1
TG_SRC_PATH: terraform
TFC_WORKSPACE: prod
TARGET_ENV: prod
GIT_BRANCH: main
permissions:
id-token: write
contents: read
jobs:
ci:
name: Push to AWS Lambda
runs-on: ubuntu-latest
environment: prod
strategy:
matrix:
node-version: [18.x]
steps:
- name: Attempt to checkout tag
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.releaseTag }}
- name: Tag not found
if: ${{ failure() }}
run: |
echo "::error::Git Tag not found, please double check input"
exit 1
### Install if no cache exists ###
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- run: yarn install --silent --frozen-lockfile
### Build if no cache exists ###
- name: Cache Build
id: cache-build
uses: actions/cache@v3
with:
path: |
**/terraform/src/artifacts
key: ${{ github.sha }}-artifacts
- name: Run Build
if: steps.cache-build.outputs.cache-hit != 'true'
run: yarn build-ci
### Get environment variables from AWS Parameter Store ###
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ vars.AWS_ROLE_ARN_TO_USE }}
role-duration-seconds: 900
role-session-name: parks-ar-api-sandbox-gh-action
role-skip-session-tagging: true
### Run Terragrunt ###
- name: Setup terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}
- name: Setup Terragrunt
uses: autero1/[email protected]
with:
terragrunt_version: ${{ env.TG_VERSION }}
- name: Terragrunt Apply
working-directory: ${{ env.TG_SRC_PATH }}/${{ env.TFC_WORKSPACE }}
env:
aws_region: ${{ secrets.AWS_REGION }}
run: terragrunt apply -auto-approve --terragrunt-non-interactive -var target_aws_account_id=${{ vars.ACCOUNT_ID }} -var target_env=prod
alert-if-failure:
if: ${{ always() && (needs.ci.result=='failure')}}
runs-on: ubuntu-latest
needs: [ci]
steps:
- name: Send alert if building api-prod fails.
id: failure_alert
run: |
curl -X POST -H 'Content-Type: application/json' --data '{"workflow":"${{github.workflow}}","repo":"${{github.repository}}"}' https://chat.developer.gov.bc.ca/hooks/${{ secrets.ROCKETCHAT_TOKEN }}