closed #688
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI-production | |
on: | |
push: | |
branches: | |
- production | |
env: | |
TZ: Asia/Hong_Kong | |
EARTHLY_REMOTE_CACHE: "ghcr.io/giffon/charleywong_cache:master_devcontainer_workspace" | |
LAMBDA_IMAGE_NAME_MASTER: 932878902707.dkr.ecr.us-east-1.amazonaws.com/serverless-charleywong-master | |
LAMBDA_IMAGE_NAME_PRODUCTION: 932878902707.dkr.ecr.us-east-1.amazonaws.com/serverless-charleywong-production | |
FORCE_COLOR: 1 | |
jobs: | |
deploy: | |
concurrency: ${{ github.ref }} | |
runs-on: ubuntu-latest | |
container: ghcr.io/giffon/charleywong_devcontainer_workspace:${{ github.sha }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.awsAccessKeyId }} | |
aws-secret-access-key: ${{ secrets.awsSecretAccessKey }} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Create .envrc | |
run: | | |
cat > .envrc <<EOT | |
export GOOGLE_CLIENT_EMAIL="$GOOGLE_CLIENT_EMAIL" | |
export GOOGLE_PRIVATE_KEY="$GOOGLE_PRIVATE_KEY" | |
export AWS_DEFAULT_REGION="$AWS_DEFAULT_REGION" | |
export AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" | |
export AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" | |
export YBM_AWS_DEFAULT_REGION="$YBM_AWS_DEFAULT_REGION" | |
export YBM_AWS_ACCESS_KEY_ID="$YBM_AWS_ACCESS_KEY_ID" | |
export YBM_AWS_SECRET_ACCESS_KEY="$YBM_AWS_SECRET_ACCESS_KEY" | |
export FACEBOOK_TOKEN="$FACEBOOK_TOKEN" | |
export SERVERLESS_ACCESS_KEY="$SERVERLESS_ACCESS_KEY" | |
EOT | |
env: | |
GOOGLE_CLIENT_EMAIL: ${{ secrets.googleClientEmail }} | |
GOOGLE_PRIVATE_KEY: ${{ secrets.googlePrivateKey }} | |
AWS_DEFAULT_REGION: us-east-1 | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
YBM_AWS_DEFAULT_REGION: us-east-1 | |
YBM_AWS_ACCESS_KEY_ID: ${{ secrets.YBM_AWS_ACCESS_KEY_ID }} | |
YBM_AWS_SECRET_ACCESS_KEY: ${{ secrets.YBM_AWS_SECRET_ACCESS_KEY }} | |
FACEBOOK_TOKEN: ${{ secrets.FACEBOOK_TOKEN }} | |
SERVERLESS_ACCESS_KEY: ${{ secrets.serverlessAccessKey }} | |
- name: Copy Lambda image | |
run: earthly +copy-image --SRC="$LAMBDA_IMAGE_NAME_MASTER:${{ github.sha }}" --DEST="$LAMBDA_IMAGE_NAME_PRODUCTION:${{ github.sha }}" | |
- name: Deploy | |
run: earthly +deploy --LAMBDA_IMAGE_NAME="$LAMBDA_IMAGE_NAME_PRODUCTION" --LAMBDA_IMAGE_TAG="${{ github.sha }}" --DEPLOY_STAGE="production" | |
env: | |
EARTHLY_SECRET_FILES: envrc=.envrc | |
- name: Post-deployment test | |
run: earthly +test --TEST="post-deployment charleywong.info" |