-
Notifications
You must be signed in to change notification settings - Fork 0
230 lines (201 loc) · 7.95 KB
/
pull_request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
name: Pull Request
run-name: Pull Request - ${{ github.event.pull_request.title != '' && github.event.pull_request.title || github.event.head_commit.message }}
on:
workflow_dispatch:
inputs:
feature_tag:
description: Custom Feature Tag. Will use Jira story number from branch name if empty.
required: false
type: string
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
paths-ignore:
- '**/README.md'
- '**/.gitignore'
- './docs/**'
permissions:
contents: read
id-token: write
env:
COMMIT_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
TF_VERSION: =1.7.0
jobs:
env-vars:
# This job sets environment variable outputs consumed by downstream jobs.
# This is needed because the env: context is not available to reusable workflows.
name: Set Env Vars as Outputs
runs-on: ubuntu-latest
outputs:
FEATURE_TAG: ${{ steps.set-outputs.outputs.feature_tag }}
TF_VERSION: ${{ steps.set-outputs.outputs.tf_version }}
steps:
- name: Checkout Source Code
uses: actions/checkout@v4
with: # use latest commit on branch triggering workflow
ref: ${{ env.COMMIT_SHA }}
- name: Set Output Values
id: set-outputs
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
# if the workflow is being manually triggered in the UI
if [ -n "${{ inputs.feature_tag }}" ]; then
# if a 'feature_tag' input value is provided, validate it
if ! [[ "${{ inputs.feature_tag }}" =~ ^[a-zA-Z0-9]+$ ]]; then
echo "Error: feature_tag input must be alphanumeric with no spaces or special characters."
exit 1
fi
# if tag is valid, use it
FEATURE_TAG=${{ inputs.feature_tag }}
else
# if a 'feature_tag' input value is not provided,
# get feature tag from branch name the workflow is running against
FEATURE_TAG=$(./scripts/create-feature-tag.sh ${GITHUB_REF#refs/heads/})
fi
else
# create feature tag from pull request head branch name
FEATURE_TAG=$(./scripts/create-feature-tag.sh $GITHUB_HEAD_REF)
fi
# sets feature tag output
echo "feature_tag=${FEATURE_TAG}" >> $GITHUB_OUTPUT
# set terraform version output
echo "tf_version=${TF_VERSION}" >> $GITHUB_OUTPUT
build:
name: Build Lambda Package
needs:
- env-vars
# Using the matrix strategy here because the 'env' context is not available
# This gives us the ability to define the stack name once and use many times in the inputs,
# or define multiple stack names and have the job run against each stack.
strategy:
fail-fast: false
matrix:
LAMBDA_NAME:
- DownloadImage
- ReverseImage
uses: chrisba11/terraform-feature-stacks/.github/workflows/__build_python_lambda.yml@v1
with:
aws_region: ${{ vars.AWS_REGION }}
lambda_name: ${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}
python_version: 3.11
src_directory: src/lambdas/${{ matrix.LAMBDA_NAME }}
deploy:
name: Deploy Lambda Package
needs:
- env-vars
- build
strategy:
fail-fast: false
matrix:
LAMBDA_NAME:
- DownloadImage
- ReverseImage
uses: chrisba11/terraform-feature-stacks/.github/workflows/__upload_s3_object.yml@v1
with:
aws_account_id: ${{ vars.DEV_ACCOUNT_ID }}
aws_region: ${{ vars.AWS_REGION }}
bucket_name: ${{ vars.LAMBDA_PKG_BUCKET_PREFIX }}-dev
object_key: feature/${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.zip
object_name: ${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.zip
role_name: GithubActionsRole-Write
tf-plan:
name: Terraform Plan
needs:
- env-vars
- deploy
strategy:
fail-fast: false
matrix:
STACK_NAME:
- api
uses: chrisba11/terraform-feature-stacks/.github/workflows/__tf_plan.yml@v1
with:
aws_account_id: ${{ vars.DEV_ACCOUNT_ID }}
aws_region: ${{ vars.AWS_REGION }}
feature_tag: ${{ needs.env-vars.outputs.FEATURE_TAG }}
role_name: GithubActionsRole-ReadOnly
stack_name: ${{ matrix.STACK_NAME }}
terraform_version: ${{ needs.env-vars.outputs.TF_VERSION }}
tf_backend_name: ${{ vars.TF_BACKEND_PREFIX }}-dev
tf_backend_key: ${{ github.event.repository.name }}/feature/${{ matrix.STACK_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.tfstate
tfvars_path: ./environments/dev.tfvars
working_directory: infra/tf/stacks/${{ matrix.STACK_NAME }}
tf-apply-matrix:
name: Set TF Apply Matrix
needs: [ tf-plan ]
uses: chrisba11/terraform-feature-stacks/.github/workflows/__tf_apply_matrix.yml@v1
tf-apply:
name: Terraform Apply
if: ${{ needs.tf-apply-matrix.outputs.MATRIX != 'skip' }}
needs:
- env-vars
- tf-apply-matrix
strategy:
# The matrix values are coming from the `tf-apply-matrix` job. The matrix will only consist
# of those stacks from the TF Plan job that showed changes and produced artifacts.
fail-fast: false
matrix: ${{ fromJson(needs.tf-apply-matrix.outputs.MATRIX) }}
uses: chrisba11/terraform-feature-stacks/.github/workflows/__tf_apply.yml@v1
with:
aws_account_id: ${{ vars.DEV_ACCOUNT_ID }}
aws_region: ${{ vars.AWS_REGION }}
feature_tag: ${{ needs.env-vars.outputs.FEATURE_TAG }}
role_name: GithubActionsRole-Write
stack_name: ${{ matrix.STACK_NAME }}
terraform_version: ${{ needs.env-vars.outputs.TF_VERSION }}
tf_backend_name: ${{ vars.TF_BACKEND_PREFIX }}-dev
tf_backend_key: ${{ github.event.repository.name }}/feature/${{ matrix.STACK_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.tfstate
working_directory: infra/tf/stacks/${{ matrix.STACK_NAME }}
update:
name: Update Lambda
if: ${{ !cancelled() && needs.deploy.result == 'success' && needs.tf-apply.result != 'failure' }}
runs-on: ubuntu-latest
needs:
- env-vars
- deploy
- tf-apply
strategy:
fail-fast: false
matrix:
LAMBDA_NAME:
- DownloadImage
- ReverseImage
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ vars.DEV_ACCOUNT_ID }}:role/GithubActionsRole-Write
aws-region: ${{ vars.AWS_REGION }}
role-duration-seconds: 900
role-session-name: ${{ github.event.repository.name }}+run=${{ github.run_id }}-${{ github.run_number }}+${{ github.triggering_actor }}
- name: Update Lambda Function Code
run: |
# triggers lambda function to use new updated zip archive
aws lambda update-function-code \
--function-name ${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }} \
--s3-bucket ${{ vars.LAMBDA_PKG_BUCKET_PREFIX }}-dev \
--s3-key feature/${{ matrix.LAMBDA_NAME }}_${{ needs.env-vars.outputs.FEATURE_TAG }}.zip
create-feature-git-tag:
name: Create Git Tag for Feature
if: ${{ !cancelled() && needs.update.result != 'failure' }}
runs-on: ubuntu-latest
needs:
- env-vars
- update
concurrency:
group: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}-tag
cancel-in-progress: true
permissions:
contents: write
steps:
- name: Checkout source code
uses: actions/checkout@v4
with:
ref: ${{ env.COMMIT_SHA }}
- name: Tag Current Commit with Feature Tag
run: |
git tag -f ${{ needs.env-vars.outputs.FEATURE_TAG }}
git push -f origin ${{ needs.env-vars.outputs.FEATURE_TAG }}