Pull Request - Gateway Logging #69
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pull Request | |
| run-name: Pull Request - ${{ github.event.pull_request.title != '' && github.event.pull_request.title || github.event.head_commit.message }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| feature_tag: | |
| description: Custom Feature Tag. Will use Jira story number from branch name if empty. | |
| required: false | |
| type: string | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| paths-ignore: | |
| - '**/README.md' | |
| - '**/.gitignore' | |
| - './docs/**' | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| COMMIT_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }} | |
| TF_VERSION: =1.7.0 | |
| jobs: | |
| env-vars: | |
| # This job sets environment variable outputs consumed by downstream jobs. | |
| # This is needed because the env: context is not available to reusable workflows. | |
| name: Set Env Vars as Outputs | |
| runs-on: ubuntu-latest | |
| outputs: | |
| FEATURE_TAG: ${{ steps.set-outputs.outputs.feature_tag }} | |
| TF_VERSION: ${{ steps.set-outputs.outputs.tf_version }} | |
| steps: | |
| - name: Checkout Source Code | |
| uses: actions/checkout@v4 | |
| with: # use latest commit on branch triggering workflow | |
| ref: ${{ env.COMMIT_SHA }} | |
| - name: Set Output Values | |
| id: set-outputs | |
| run: | | |
| if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
| # if the workflow is being manually triggered in the UI | |
| if [ -n "${{ inputs.feature_tag }}" ]; then | |
| # if a 'feature_tag' input value is provided, validate it | |
| if ! [[ "${{ inputs.feature_tag }}" =~ ^[a-zA-Z0-9]+$ ]]; then | |
| echo "Error: feature_tag input must be alphanumeric with no spaces or special characters." | |
| exit 1 | |
| fi | |
| # if tag is valid, use it | |
| FEATURE_TAG=${{ inputs.feature_tag }} | |
| else | |
| # if a 'feature_tag' input value is not provided, | |
| # get feature tag from branch name the workflow is running against | |
| FEATURE_TAG=$(./scripts/create-feature-tag.sh ${GITHUB_REF#refs/heads/}) | |
| fi | |
| else | |
| # create feature tag from pull request head branch name | |
| FEATURE_TAG=$(./scripts/create-feature-tag.sh $GITHUB_HEAD_REF) | |
| fi | |
| # sets feature tag output | |
| echo "feature_tag=${FEATURE_TAG}" >> $GITHUB_OUTPUT | |
| # set terraform version output | |
| echo "tf_version=${TF_VERSION}" >> $GITHUB_OUTPUT | |
| build: | |
| name: Build Lambda Package | |
| needs: | |
| - env-vars | |
| # Using the matrix strategy here because the 'env' context is not available | |
| # This gives us the ability to define the stack name once and use many times in the inputs, | |
| # or define multiple stack names and have the job run against each stack. | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| LAMBDA_NAME: | |
| - DownloadImage | |
| - ReverseImage | |
| uses: chrisba11/terraform-feature-stacks/.github/workflows/__build_python_lambda.yml@v1 | |
| with: | |
| aws_region: ${{ vars.AWS_REGION }} | |
| lambda_name: ${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }} | |
| python_version: 3.11 | |
| src_directory: src/lambdas/${{ matrix.LAMBDA_NAME }} | |
| deploy: | |
| name: Deploy Lambda Package | |
| needs: | |
| - env-vars | |
| - build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| LAMBDA_NAME: | |
| - DownloadImage | |
| - ReverseImage | |
| uses: chrisba11/terraform-feature-stacks/.github/workflows/__upload_s3_object.yml@v1 | |
| with: | |
| aws_account_id: ${{ vars.DEV_ACCOUNT_ID }} | |
| aws_region: ${{ vars.AWS_REGION }} | |
| bucket_name: ${{ vars.LAMBDA_PKG_BUCKET_PREFIX }}-dev | |
| object_key: feature/${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.zip | |
| object_name: ${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.zip | |
| role_name: GithubActionsRole-Write | |
| tf-plan: | |
| name: Terraform Plan | |
| needs: | |
| - env-vars | |
| - deploy | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| STACK_NAME: | |
| - api | |
| uses: chrisba11/terraform-feature-stacks/.github/workflows/__tf_plan.yml@v1 | |
| with: | |
| aws_account_id: ${{ vars.DEV_ACCOUNT_ID }} | |
| aws_region: ${{ vars.AWS_REGION }} | |
| feature_tag: ${{ needs.env-vars.outputs.FEATURE_TAG }} | |
| role_name: GithubActionsRole-ReadOnly | |
| stack_name: ${{ matrix.STACK_NAME }} | |
| terraform_version: ${{ needs.env-vars.outputs.TF_VERSION }} | |
| tf_backend_name: ${{ vars.TF_BACKEND_PREFIX }}-dev | |
| tf_backend_key: ${{ github.event.repository.name }}/feature/${{ matrix.STACK_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.tfstate | |
| tfvars_path: ./environments/dev.tfvars | |
| working_directory: infra/tf/stacks/${{ matrix.STACK_NAME }} | |
| tf-apply-matrix: | |
| name: Set TF Apply Matrix | |
| needs: [ tf-plan ] | |
| uses: chrisba11/terraform-feature-stacks/.github/workflows/__tf_apply_matrix.yml@v1 | |
| tf-apply: | |
| name: Terraform Apply | |
| if: ${{ needs.tf-apply-matrix.outputs.MATRIX != 'skip' }} | |
| needs: | |
| - env-vars | |
| - tf-apply-matrix | |
| strategy: | |
| # The matrix values are coming from the `tf-apply-matrix` job. The matrix will only consist | |
| # of those stacks from the TF Plan job that showed changes and produced artifacts. | |
| fail-fast: false | |
| matrix: ${{ fromJson(needs.tf-apply-matrix.outputs.MATRIX) }} | |
| uses: chrisba11/terraform-feature-stacks/.github/workflows/__tf_apply.yml@v1 | |
| with: | |
| aws_account_id: ${{ vars.DEV_ACCOUNT_ID }} | |
| aws_region: ${{ vars.AWS_REGION }} | |
| feature_tag: ${{ needs.env-vars.outputs.FEATURE_TAG }} | |
| role_name: GithubActionsRole-Write | |
| stack_name: ${{ matrix.STACK_NAME }} | |
| terraform_version: ${{ needs.env-vars.outputs.TF_VERSION }} | |
| tf_backend_name: ${{ vars.TF_BACKEND_PREFIX }}-dev | |
| tf_backend_key: ${{ github.event.repository.name }}/feature/${{ matrix.STACK_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.tfstate | |
| working_directory: infra/tf/stacks/${{ matrix.STACK_NAME }} | |
| update: | |
| name: Update Lambda | |
| if: ${{ !cancelled() && needs.deploy.result == 'success' && needs.tf-apply.result != 'failure' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - env-vars | |
| - deploy | |
| - tf-apply | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| LAMBDA_NAME: | |
| - DownloadImage | |
| - ReverseImage | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ vars.DEV_ACCOUNT_ID }}:role/GithubActionsRole-Write | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-duration-seconds: 900 | |
| role-session-name: ${{ github.event.repository.name }}+run=${{ github.run_id }}-${{ github.run_number }}+${{ github.triggering_actor }} | |
| - name: Update Lambda Function Code | |
| run: | | |
| # triggers lambda function to use new updated zip archive | |
| aws lambda update-function-code \ | |
| --function-name ${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }} \ | |
| --s3-bucket ${{ vars.LAMBDA_PKG_BUCKET_PREFIX }}-dev \ | |
| --s3-key feature/${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.zip | |
| create-feature-git-tag: | |
| name: Create Git Tag for Feature | |
| if: ${{ !cancelled() && needs.update.result != 'failure' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - env-vars | |
| - update | |
| concurrency: | |
| group: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}-tag | |
| cancel-in-progress: true | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ env.COMMIT_SHA }} | |
| - name: Tag Current Commit with Feature Tag | |
| run: | | |
| git tag -f ${{ needs.env-vars.outputs.FEATURE_TAG }} | |
| git push -f origin ${{ needs.env-vars.outputs.FEATURE_TAG }} |