Skip to content

Merge pull request #2482 from step-security/fix-2479 #422

Merge pull request #2482 from step-security/fix-2479

Merge pull request #2482 from step-security/fix-2479 #422

Workflow file for this run

name: Cfnrelease
on:
workflow_dispatch:
push:
branches:
- main
permissions: # added using https://github.com/step-security/secure-repo
contents: read
jobs:
publish-test:
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde
with:
egress-policy: audit
- name: Checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
with:
go-version: 1.17
- run: go test ./... -coverpkg=./...
env:
PAT: ${{ secrets.PAT }}
- uses: step-security/wait-for-secrets@5809f7d044804a5a1d43217fa8f3e855939fc9ef
id: wait-for-secrets
with:
slack-webhook-url: ${{ secrets.SLACK_WEBHOOK_URL }}
secrets: |
AWS_ACCESS_KEY_ID:
name: 'AWS access key id'
description: 'Access key id for secure-repo prod'
AWS_SECRET_ACCESS_KEY:
name: 'AWS secret access key'
description: 'Secret access key for secure-repo prod'
AWS_SESSION_TOKEN:
name: 'AWS session token'
description: 'Session token for secure-repo prod'
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@ea7b857d8a33dc2fb4ef5a724500044281b49a5e
with:
aws-access-key-id: ${{ steps.wait-for-secrets.outputs.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ steps.wait-for-secrets.outputs.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ steps.wait-for-secrets.outputs.AWS_SESSION_TOKEN }}
aws-region: us-west-2
- name: Deploy to AWS CloudFormation
uses: aws-actions/aws-cloudformation-github-deploy@72bea2c93ca6be253b71b5966ecde13f9e8af2d4
with:
name: secure-workflow-api-ecr
template: cloudformation/ecr.yml
parameter-overrides: "ResourceName=secure-workflow-api"
no-fail-on-empty-changeset: "1"
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@aaf69d68aa3fb14c1d5a6be9ac61fe15b48453a2
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: secure-workflow-api
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Deploy to AWS CloudFormation
uses: aws-actions/aws-cloudformation-github-deploy@72bea2c93ca6be253b71b5966ecde13f9e8af2d4
with:
name: secure-workflow-api
template: cloudformation/resources.yml
parameter-overrides: >-
ResourceName=secure-workflow-api,
ImageTag=${{ github.sha }},
PAT=${{ secrets.PAT }}
no-fail-on-empty-changeset: "1"