Skip to content

Commit

Permalink
Update aws-deploy.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
ahoplock authored Nov 15, 2023
1 parent ade9c26 commit b341eed
Showing 1 changed file with 194 additions and 6 deletions.
200 changes: 194 additions & 6 deletions .github/workflows/aws-deploy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,202 @@ on:
version:
description: 'Version Number'
required: false
zap_scan:
description: 'Run ZAP Scan'
type: boolean
required: false
# push:
# branches:
# - main
# pull_request:

concurrency: ${{ github.event.inputs.environment }}

env:
DOCKER_TAGS: ${{ secrets.DOCKER_TAGS }}
IMAGE_ID: ${{ secrets.AWS_ECR_URI }}
IMAGE_NAME: bcer-api
TFC_WORKSPACE: ${{ github.event.inputs.environment }}
TF_VERSION: 1.3.7
TG_SRC_PATH: Terraform
TG_VERSION: 0.44.5

permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout

jobs:
nothing:
name: nothing
docker_push:
name: Docker Push
environment: ${{ github.event.inputs.environment }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: FEATURE/aws

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN }}
aws-region: ca-central-1

- name: Amazon ECR Login
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'

- name: Cache
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Docker Setup Buildx
uses: docker/setup-buildx-action@v2

- name: Build and push Docker images (run migrations)
if: inputs.migrations == true
uses: docker/build-push-action@v4
with:
builder: ${{ steps.buildx.outputs.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
context: packages/bcer-api/app
file: packages/bcer-api/app/Dockerfile.aws.migrations
push: true
tags: ${{ env.DOCKER_TAGS }}

- name: Build and push Docker images
if: inputs.migrations == false
uses: docker/build-push-action@v4
with:
builder: ${{ steps.buildx.outputs.name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
context: packages/bcer-api/app
file: packages/bcer-api/app/Dockerfile.aws
push: true
tags: ${{ env.DOCKER_TAGS }}

terraform_apply:
name: Terraform Apply
environment: ${{ github.event.inputs.environment }}
runs-on: ubuntu-latest
needs: docker_push
steps:
- name: Set TF_VAR_TIMESTAMP
run: echo "TF_VAR_TIMESTAMP=$(date --rfc-3339=seconds)" >> $GITHUB_ENV

- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.workflow_run.head_branch }}

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN }}
aws-region: ca-central-1

- name: HashiCorp - Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TF_VERSION }}

- name: Terragrunt installer
uses: autero1/action-terragrunt@v1.3.2
with:
terragrunt_version: ${{ env.TG_VERSION }}

- name: Terragrunt Apply
working-directory: ${{ env.TG_SRC_PATH }}/${{ env.TFC_WORKSPACE }}
env:
app_image: ${{ env.IMAGE_ID }}:${{ github.sha }}
LICENSE_PLATE: ${{ secrets.MY_LICENSE_PLATE }}
run: |
terragrunt run-all apply --terragrunt-non-interactive
build_jobs:
name: Build Jobs
if: inputs.frontends == true
environment: ${{ github.event.inputs.environment }}
runs-on: ubuntu-latest
needs: terraform_apply
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.workflow_run.head_branch }}

- name: Use Node.js 14
uses: actions/setup-node@v3
with:
node-version: 14

- name: Build project shared components
run: |
cd packages/bcer-shared-components
npm install
npm run build
- name: Copy env file to retailer app
run: |
cd packages/bcer-retailer-app
cp .config/.env.aws.${{ github.event.inputs.environment }} app/.env
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.TERRAFORM_DEPLOY_ROLE_ARN }}
aws-region: ca-central-1

- name: Build project retailer app
run: |
cd packages/bcer-retailer-app/app
npm install
npm run build
- name: Upload to S3 bucket retail app
run: |
cd packages/bcer-retailer-app/app/build
aws s3 sync . s3://bcer-${{ github.event.inputs.environment }}/retailer --delete
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_REGION: ca-central-1

- name: Copy env file to bcer-data-portal
run: |
cd packages/bcer-data-portal
cp .config/.env.aws.${{ github.event.inputs.environment }} app/.env
- name: Build project data portal frontend
run: |
cd packages/bcer-data-portal/app
npm install
npm run build
- name: Upload to S3 bucket data portal
run: |
cd packages/bcer-data-portal/app/build
aws s3 sync . s3://bcer-${{ github.event.inputs.environment }}/portal --delete
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_REGION: ca-central-1
# ----------------------------Commenting out while trying to get rollback working-------------------------------
# bump_version:
# runs-on: ubuntu-latest
# permissions: write-all

# steps:
# - uses: actions/checkout@v3
# with:
# fetch-depth: '0'

# - name: Bump version and push tag
# uses: anothrNick/github-tag-action@1.59.0 # Don't use @master unless you're happy to test the latest version
# env:
# DEFAULT_BUMP: major
# DEFAULT_BRANCH: main
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# RELEASE_BRANCHES : main
# WITH_V: true

0 comments on commit b341eed

Please sign in to comment.