-
Notifications
You must be signed in to change notification settings - Fork 0
122 lines (110 loc) · 4.8 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Pipeline
on:
push:
branches:
- "main"
- "feature**"
paths:
- "backend/**"
- "template.yaml"
- ".github/workflows/**"
delete:
branches:
- "feature**"
env:
PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SAM_TEMPLATE: template.yaml
TESTING_STACK_NAME: Hakaton
TESTING_PIPELINE_EXECUTION_ROLE: arn:aws:iam::637423332149:role/aws-sam-cli-managed-Prod-pipe-PipelineExecutionRole-4GrKOHN5GWbe
TESTING_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::637423332149:role/aws-sam-cli-managed-Prod--CloudFormationExecutionRo-Zg8WRkjgoysq
TESTING_ARTIFACTS_BUCKET: aws-sam-cli-managed-prod-pipeline--artifactsbucket-fqycoijnkq2u
# If there are functions with "Image" PackageType in your template,
# uncomment the line below and add "--image-repository ${TESTING_IMAGE_REPOSITORY}" to
# testing "sam package" and "sam deploy" commands.
# TESTING_IMAGE_REPOSITORY = '0123456789.dkr.ecr.region.amazonaws.com/repository-name'
TESTING_REGION: eu-central-1
PROD_STACK_NAME: Hakaton
PROD_PIPELINE_EXECUTION_ROLE: arn:aws:iam::637423332149:role/aws-sam-cli-managed-Prod-pipe-PipelineExecutionRole-4GrKOHN5GWbe
PROD_CLOUDFORMATION_EXECUTION_ROLE: arn:aws:iam::637423332149:role/aws-sam-cli-managed-Prod--CloudFormationExecutionRo-Zg8WRkjgoysq
PROD_ARTIFACTS_BUCKET: aws-sam-cli-managed-prod-pipeline--artifactsbucket-fqycoijnkq2u
# If there are functions with "Image" PackageType in your template,
# uncomment the line below and add "--image-repository ${PROD_IMAGE_REPOSITORY}" to
# prod "sam package" and "sam deploy" commands.
# PROD_IMAGE_REPOSITORY = '0123456789.dkr.ecr.region.amazonaws.com/repository-name'
PROD_REGION: eu-central-1
S3_BUCKET: s3-deployment-bucket-12421512
jobs:
build-and-package:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- name: Build resources
run: sam build --template ${SAM_TEMPLATE} --use-container
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PROD_REGION }}
role-to-assume: ${{ env.PROD_PIPELINE_EXECUTION_ROLE }}
role-session-name: prod-packaging
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Upload artifacts to production artifact buckets
run: |
sam package \
--s3-bucket ${PROD_ARTIFACTS_BUCKET} \
--region ${PROD_REGION} \
--output-template-file packaged-prod.yaml
- uses: actions/upload-artifact@v3
with:
name: packaged-prod.yaml
path: packaged-prod.yaml
deploy-prod:
if: github.ref == 'refs/heads/main'
needs: [build-and-package]
runs-on: ubuntu-latest
# Configure GitHub Action Environment to have a manual approval step before deployment to production
# https://docs.github.com/en/actions/reference/environments
# environment: <configured-environment>
steps:
- uses: actions/checkout@v3
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- uses: actions/download-artifact@v3
with:
name: packaged-prod.yaml
- name: Assume the prod pipeline user role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ env.PIPELINE_USER_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.PIPELINE_USER_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PROD_REGION }}
role-to-assume: ${{ env.PROD_PIPELINE_EXECUTION_ROLE }}
role-session-name: prod-deployment
role-duration-seconds: 3600
role-skip-session-tagging: true
- name: Deploy to production account
run: |
sam deploy --stack-name ${PROD_STACK_NAME} \
--template packaged-prod.yaml \
--capabilities CAPABILITY_IAM \
--region ${PROD_REGION} \
--s3-bucket ${PROD_ARTIFACTS_BUCKET} \
--no-fail-on-empty-changeset \
--role-arn ${PROD_CLOUDFORMATION_EXECUTION_ROLE}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-access-key-id: ${{ secrets.M_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.M_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.PROD_REGION }}
- name: Sync to S3
run: |
aws s3 sync docs/build/html s3://${{ env.S3_BUCKET }} --delete --acl public-read