Deploy E2E Lambda #1

Workflow file for this run

.github/workflows/e2e-lambda-deploy.yml at 4d87e6b

	# Copyright (C) 2021-2023 Technology Matters
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU Affero General Public License as published
	# by the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU Affero General Public License for more details.
	#
	# You should have received a copy of the GNU Affero General Public License
	# along with this program. If not, see https://www.gnu.org/licenses/.

	name: 'Deploy E2E Lambda'
	on:
	workflow_dispatch:
	inputs:
	environment:
	description: Environment to deploy.
	default: development
	required: true
	type: choice
	options:
	- development
	- staging
	- production

	workflow_call:
	secrets:
	AWS_ACCESS_KEY_ID:
	required: true
	AWS_SECRET_ACCESS_KEY:
	required: true
	inputs:
	environment:
	description: Environment to deploy. E.G = development, staging, production (must match with the AWS environment value). Default value = development
	type: string
	default: development
	required: true

	env:
	ECR_REPOSITORY: ${{ inputs.environment }}/e2e-test
	# if anything is set as a secret, it can't be used in outputs. So we need to set it as an env var
	PRIMARY_AWS_REGION: us-east-1

	jobs:
	build_lambda:
	name: Build Lambda Image
	runs-on: ubuntu-latest

	outputs:
	matrix_json: ${{ steps.generate-output.outputs.matrix_json }}
	docker_image: ${{ steps.generate-output.outputs.docker_image}}

	steps:
	- name: Checkout
	uses: actions/checkout@v3

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ env.PRIMARY_AWS_REGION }}
	# this plugin sets the AWS account ID to a secret which is not allowed in outputs
	# we have to disable that so repo output will work
	mask-aws-account-id: 'no'

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1

	- name: Build and Push Docker Image
	uses: docker/build-push-action@v4
	with:
	context: ./
	file: ./e2e-tests/Dockerfile
	push: true
	tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:live,${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}

	- name: Generate output
	id: generate-output
	run: \|
	matrix_json=$(jq -c --arg env "${{ inputs.environment }}" '[.[$env][] \| . as $region \| {region: $region}]' ./.github/workflows/config/environment-region-map.json)
	echo "matrix_json=$matrix_json" >> $GITHUB_OUTPUT
	echo "docker_image=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}" >> $GITHUB_OUTPUT

	deploy_lambdas:
	needs: build_lambda
	name: Deploy to Amazon ECS
	runs-on: ubuntu-latest

	strategy:
	fail-fast: false
	matrix:
	include: ${{ fromJson(needs.build_lambda.outputs.matrix_json) }}

	env:
	DOCKER_IMAGE: ${{ needs.build_lambda.outputs.docker_image }}

	steps:
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ matrix.region }}
	# this plugin sets the AWS account ID to a secret which is not allowed in outputs
	# we have to disable that so repo output will work
	mask-aws-account-id: 'no'

	- name: Update Lambda and Publish
	run: \|
	DOCKER_IMAGE=$(echo "${{ env.DOCKER_IMAGE }}" \| sed -r 's/${{ env.PRIMARY_AWS_REGION }}/${{ matrix.region }}/g')
	FUNCTION_NAMES=$(aws lambda list-functions --region ${{ matrix.region }} \| jq -r '.Functions[] \| select(.FunctionName \| test("${{ inputs.environment }}-.*-e2e")) .FunctionName')
	if [ $? -ne 0 ]; then
	echo "Error listing functions"
	exit 1
	fi
	for FUNCTION_NAME in $FUNCTION_NAMES; do
	aws lambda update-function-code --function-name $FUNCTION_NAME --image-uri "$DOCKER_IMAGE" --publish
	done

	# reconfigure AWS credentials to use the default region for SSM Parameter Store.
	# aws-actions/configure-aws-credentials@v2 overrides env.AWS_DEFAULT_REGION, so
	# we name our env var PRIMARY_AWS_REGION to avoid that.
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ env.PRIMARY_AWS_REGION }}

	# Set any env vars needed from Parameter Store here
	- name: Set GITHUB_ACTIONS_SLACK_BOT_TOKEN
	uses: 'marvinpinto/action-inject-ssm-secrets@latest'
	with:
	ssm_parameter: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN'
	env_variable_name: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN'

	- name: Set ASELO_DEPLOYS_CHANNEL_ID
	uses: 'marvinpinto/action-inject-ssm-secrets@latest'
	with:
	ssm_parameter: 'ASELO_DEPLOYS_CHANNEL_ID'
	env_variable_name: 'ASELO_DEPLOYS_CHANNEL_ID'

	# Send Slack notifying success
	- name: Slack Aselo channel
	id: slack
	uses: slackapi/slack-github-action@v1.14.0
	with:
	channel-id: ${{ env.ASELO_DEPLOYS_CHANNEL_ID }}
	slack-message: '`[E2E lambdas - ${{ matrix.region }}]` Deployment of ${{ github.ref_type }} `${{ github.ref_name }}` requested by `${{ github.triggering_actor }}` completed with SHA ${{ github.sha }}, environment `${{ inputs.environment }}` :rocket:.'
	env:
	SLACK_BOT_TOKEN: ${{ env.GITHUB_ACTIONS_SLACK_BOT_TOKEN }}
	if: ${{ inputs.send-slack-message != 'false' }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy E2E Lambda #1

Workflow file

Deploy E2E Lambda #1

Jobs

Run details

Workflow file for this run