Skip to content

Commit

Permalink
github actions and some cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidclaveau
davidclaveau committed Jun 3, 2024
1 parent baa623c commit abd1185
Show file tree
Hide file tree
Showing 5 changed files with 157 additions and 139 deletions.
10 changes: 5 additions & 5 deletions .github/workflows/deploy_dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
with:
path: |
**/.aws-sam
key: ${{ github.sha }}-sam-cache
key: ${{ github.sha }}-ar-api-sam-cache
- name: Run sam build
if: steps.cache-sam-build.outputs.cache-hit != 'true'
run: |
Expand All @@ -64,14 +64,14 @@ jobs:
### Prevent prompts and failure when the stack is unchanged
- name: SAM deploy
env:
ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }}
STAGE: ${{ vars.AR_API_STAGE }}
STACK_NAME: ${{ vars.AR_API_STACK_NAME }}
ACCOUNT_ID: ${{ vars.ACCOUNT_ID }}
AWS_ACCOUNT_LIST: ${{ vars.AWS_ACCOUNT_LIST }}
SSO_ISSUER: ${{ secrets.SSO_ISSUER }}
SSO_JWKSURI: ${{ secrets.SSO_JWKSURI }}
S3_BUCKET_DATA: ${{ vars.S3_BUCKET_DATA }}
STACK_NAME: ${{ vars.AR_API_STACK_NAME }}
STAGE: ${{ vars.AR_API_STAGE }}
DATA_REGISTER_NAME_ENDPOINT: ${{ vars.DATA_REGISTER_NAME_ENDPOINT }}
DATA_REGISTER_NAME_ENDPOINT: ${{ secrets.DATA_REGISTER_NAME_ENDPOINT }}
DATA_REGISTER_NAME_API_KEY: ${{ secrets.DATA_REGISTER_NAME_API_KEY }}
run: |
sam deploy --stack-name $STACK_NAME --no-confirm-changeset --no-fail-on-empty-changeset --parameter-overrides "AccountId=$ACCOUNT_ID" "Stage=$STAGE" "SSOIssuerUrl=$SSO_ISSUER" "SSOJWKSUri=$SSO_JWKSURI" "AWSAccountList=$AWS_ACCOUNT_LIST" "S3BucketData=$S3_BUCKET_DATA" "DataRegisterNameEndpoint=$DATA_REGISTER_NAME_ENDPOINT" "DataRegisterNameApiKey=$DATA_REGISTER_NAME_API_KEY"
Expand Down
114 changes: 54 additions & 60 deletions .github/workflows/deploy_prod.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,100 +1,94 @@
name: Deploy Prod

run-name: Deploying ${{ github.event.inputs.releaseTag }} to prod
run-name: Deploying ${{ github.ref_name }} to prod

on:
workflow_dispatch:
inputs:
releaseTag:
description: 'Tag of version to be promoted to prod'
description: "Tag of version to be promoted to prod"
required: true

env:
TF_VERSION: 0.14.7
TG_VERSION: 0.37.1
TG_SRC_PATH: terraform
TFC_WORKSPACE: prod
TARGET_ENV: prod
GIT_BRANCH: main

permissions:
id-token: write
contents: read

jobs:
ci:
name: Push to AWS Lambda
name: Build and Deploy
runs-on: ubuntu-latest
environment: prod
strategy:
matrix:
node-version: [18.x]

defaults:
run:
working-directory: "./"
steps:
- name: Attempt to checkout tag
### Checkout GitHub Repo
- name: Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.releaseTag }}

- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":"A&R API API Prod"}'
### Tag not found
- name: Tag not found
if: ${{ failure() }}
run: |
echo "::error::Git Tag not found, please double check input"
exit 1
### Install if no cache exists ###
- name: Setup node
uses: actions/setup-node@v3
### Setup AWS SAM
- name: Setup AWS SAM
uses: aws-actions/setup-sam@v2
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- run: yarn install --silent --frozen-lockfile
use-installer: true

### Build if no cache exists ###
- name: Cache Build
id: cache-build
uses: actions/cache@v3
### Assume AWS IAM Role
- name: Get AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
path: |
**/terraform/src/artifacts
key: ${{ github.sha }}-artifacts
- name: Run Build
if: steps.cache-build.outputs.cache-hit != 'true'
run: yarn build-ci
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}

### Get environment variables from AWS Parameter Store ###
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ vars.AWS_ROLE_ARN_TO_USE }}
role-duration-seconds: 900
role-session-name: parks-ar-api-sandbox-gh-action
role-skip-session-tagging: true

### Run Terragrunt ###
- name: Setup terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}
### SAM Build
- name: Cache SAM Build
id: cache-sam-build
uses: actions/cache@v3
with:
path: |
**/.aws-sam
key: ${{ github.sha }}-ar-api-sam-cache
- name: Run sam build
if: steps.cache-sam-build.outputs.cache-hit != 'true'
run: |
sam build --cached
- name: Setup Terragrunt
uses: autero1/[email protected]
with:
terragrunt_version: ${{ env.TG_VERSION }}

- name: Terragrunt Apply
working-directory: ${{ env.TG_SRC_PATH }}/${{ env.TFC_WORKSPACE }}
### Prevent prompts and failure when the stack is unchanged
- name: SAM deploy
env:
aws_region: ${{ secrets.AWS_REGION }}
run: terragrunt apply -auto-approve --terragrunt-non-interactive -var target_aws_account_id=${{ vars.ACCOUNT_ID }} -var target_env=prod
STAGE: ${{ vars.AR_API_STAGE }}
STACK_NAME: ${{ vars.AR_API_STACK_NAME }}
ACCOUNT_ID: ${{ vars.ACCOUNT_ID }}
AWS_ACCOUNT_LIST: ${{ vars.AWS_ACCOUNT_LIST }}
SSO_ISSUER: ${{ secrets.SSO_ISSUER }}
SSO_JWKSURI: ${{ secrets.SSO_JWKSURI }}
S3_BUCKET_DATA: ${{ vars.S3_BUCKET_DATA }}
DATA_REGISTER_NAME_ENDPOINT: ${{ secrets.DATA_REGISTER_NAME_ENDPOINT }}
DATA_REGISTER_NAME_API_KEY: ${{ secrets.DATA_REGISTER_NAME_API_KEY }}
run: |
sam deploy --stack-name $STACK_NAME --no-confirm-changeset --no-fail-on-empty-changeset --parameter-overrides "Stage=$STAGE" "SSOIssuerUrl=$SSO_ISSUER" "SSOJWKSUri=$SSO_JWKSURI" "AWSAccountList=$AWS_ACCOUNT_LIST" "S3BucketData=$S3_BUCKET_DATA" "DataRegisterNameEndpoint=$DATA_REGISTER_NAME_ENDPOINT" "DataRegisterNameApiKey=$DATA_REGISTER_NAME_API_KEY"
alert-if-failure:
if: ${{ always() && (needs.ci.result=='failure')}}
runs-on: ubuntu-latest
needs: [ci]
steps:
- name: Send alert if building api-prod fails.
id: failure_alert
- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' --data '{"text": "Prod Deployment Failed for AR-API"}' ${{ secrets.WEBHOOK_URL }}
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":"A&R API - Deploy Prod Complete"}'
125 changes: 62 additions & 63 deletions .github/workflows/deploy_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,95 +4,94 @@ run-name: Deploying ${{ github.ref_name }} to test

on:
push:
tags:
tags:
- '*'

env:
TF_VERSION: 0.14.7
TG_VERSION: 0.37.1
TG_SRC_PATH: terraform
TFC_WORKSPACE: test
TARGET_ENV: test
GIT_BRANCH: main
workflow_dispatch:
inputs:
releaseTag:
description: "Tag of version to be promoted to test"
required: true

permissions:
id-token: write
contents: read

jobs:
ci:
name: Push to AWS Lambda
name: Build and Deploy
runs-on: ubuntu-latest
environment: test
strategy:
matrix:
node-version: [18.x]

defaults:
run:
working-directory: "./"
steps:
- name: Attempt to checkout tag
### Checkout GitHub Repo
- name: Checkout repo
uses: actions/checkout@v3
with:
ref: ${{ github.ref_name }}
ref: ${{ github.ref }}

- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":" A&R API deploy Test"}'
### Tag not found
- name: Tag not found
if: ${{ failure() }}
run: |
echo "::error::Git Tag not found, please double check input"
exit 1
### Install if no cache exists ###
- name: Setup node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- run: yarn install --silent --frozen-lockfile

### Build if no cache exists ###
- name: Cache Build
id: cache-build
uses: actions/cache@v3
with:
path: |
**/terraform/src/artifacts
key: ${{ github.sha }}-artifacts
- name: Run Build
if: steps.cache-build.outputs.cache-hit != 'true'
run: yarn build-ci

### Get environment variables from AWS Parameter Store ###
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ vars.AWS_ROLE_ARN_TO_USE }}
role-duration-seconds: 900
role-session-name: parks-ar-api-sandbox-gh-action
role-skip-session-tagging: true

### Run Terragrunt ###
- name: Setup terraform
uses: hashicorp/setup-terraform@v2
### Setup AWS SAM
- name: Setup AWS SAM
uses: aws-actions/setup-sam@v2
with:
terraform_version: ${{ env.TF_VERSION }}
use-installer: true

- name: Setup Terragrunt
uses: autero1/[email protected]
### Assume AWS IAM Role
- name: Get AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
terragrunt_version: ${{ env.TG_VERSION }}
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ vars.AWS_REGION }}

- name: Terragrunt Apply
working-directory: ${{ env.TG_SRC_PATH }}/${{ env.TFC_WORKSPACE }}
env:
aws_region: ${{ secrets.AWS_REGION }}
run: terragrunt apply -auto-approve --terragrunt-non-interactive -var target_aws_account_id=${{ vars.ACCOUNT_ID }} -var target_env=test

alert-if-failure:
if: ${{ always() && (needs.ci.result=='failure')}}
runs-on: ubuntu-latest
needs: [ci]
steps:
- name: Send alert if building api-test fails.
id: failure_alert
### SAM Build
- name: Cache SAM Build
id: cache-sam-build
uses: actions/cache@v3
with:
path: |
**/.aws-sam
key: ${{ github.sha }}-ar-api-sam-cache
- name: Run sam build
if: steps.cache-sam-build.outputs.cache-hit != 'true'
run: |
sam build --cached
### Prevent prompts and failure when the stack is unchanged
- name: SAM deploy
env:
STAGE: ${{ vars.AR_API_STAGE }}
STACK_NAME: ${{ vars.AR_API_STACK_NAME }}
ACCOUNT_ID: ${{ vars.ACCOUNT_ID }}
AWS_ACCOUNT_LIST: ${{ vars.AWS_ACCOUNT_LIST }}
SSO_ISSUER: ${{ secrets.SSO_ISSUER }}
SSO_JWKSURI: ${{ secrets.SSO_JWKSURI }}
S3_BUCKET_DATA: ${{ vars.S3_BUCKET_DATA }}
DATA_REGISTER_NAME_ENDPOINT: ${{ secrets.DATA_REGISTER_NAME_ENDPOINT }}
DATA_REGISTER_NAME_API_KEY: ${{ secrets.DATA_REGISTER_NAME_API_KEY }}
run: |
curl -X POST -H 'Content-Type: application/json' --data '{"text": "Test Deployment Failed for AR-API"}' ${{ secrets.WEBHOOK_URL }}
sam deploy --stack-name $STACK_NAME --no-confirm-changeset --no-fail-on-empty-changeset --parameter-overrides "Stage=$STAGE" "SSOIssuerUrl=$SSO_ISSUER" "SSOJWKSUri=$SSO_JWKSURI" "AWSAccountList=$AWS_ACCOUNT_LIST" "S3BucketData=$S3_BUCKET_DATA" "DataRegisterNameEndpoint=$DATA_REGISTER_NAME_ENDPOINT" "DataRegisterNameApiKey=$DATA_REGISTER_NAME_API_KEY"
- shell: bash
env:
WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
run: |
curl -X POST -H 'Content-Type: application/json' $WEBHOOK_URL --data '{"text":" A&R API - Deploy Test Complete"}'
Loading

0 comments on commit abd1185

Please sign in to comment.