Deploy E2E Lambda #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (C) 2021-2023 Technology Matters | |
# This program is free software: you can redistribute it and/or modify | |
# it under the terms of the GNU Affero General Public License as published | |
# by the Free Software Foundation, either version 3 of the License, or | |
# (at your option) any later version. | |
# | |
# This program is distributed in the hope that it will be useful, | |
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
# GNU Affero General Public License for more details. | |
# | |
# You should have received a copy of the GNU Affero General Public License | |
# along with this program. If not, see https://www.gnu.org/licenses/. | |
name: 'Deploy E2E Lambda' | |
on: | |
workflow_dispatch: | |
inputs: | |
environment: | |
description: Environment to deploy. | |
default: development | |
required: true | |
type: choice | |
options: | |
- development | |
- staging | |
- production | |
workflow_call: | |
secrets: | |
AWS_ACCESS_KEY_ID: | |
required: true | |
AWS_SECRET_ACCESS_KEY: | |
required: true | |
inputs: | |
environment: | |
description: Environment to deploy. E.G = development, staging, production (must match with the AWS environment value). Default value = development | |
type: string | |
default: development | |
required: true | |
env: | |
ECR_REPOSITORY: ${{ inputs.environment }}/e2e-test | |
# if anything is set as a secret, it can't be used in outputs. So we need to set it as an env var | |
PRIMARY_AWS_REGION: us-east-1 | |
jobs: | |
build_lambda: | |
name: Build Lambda Image | |
runs-on: ubuntu-latest | |
outputs: | |
matrix_json: ${{ steps.generate-output.outputs.matrix_json }} | |
docker_image: ${{ steps.generate-output.outputs.docker_image}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.PRIMARY_AWS_REGION }} | |
# this plugin sets the AWS account ID to a secret which is not allowed in outputs | |
# we have to disable that so repo output will work | |
mask-aws-account-id: 'no' | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build and Push Docker Image | |
uses: docker/build-push-action@v4 | |
with: | |
context: ./ | |
file: ./e2e-tests/Dockerfile | |
push: true | |
tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:live,${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }} | |
- name: Generate output | |
id: generate-output | |
run: | | |
matrix_json=$(jq -c --arg env "${{ inputs.environment }}" '[.[$env][] | . as $region | {region: $region}]' ./.github/workflows/config/environment-region-map.json) | |
echo "matrix_json=$matrix_json" >> $GITHUB_OUTPUT | |
echo "docker_image=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}" >> $GITHUB_OUTPUT | |
deploy_lambdas: | |
needs: build_lambda | |
name: Deploy to Amazon ECS | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: ${{ fromJson(needs.build_lambda.outputs.matrix_json) }} | |
env: | |
DOCKER_IMAGE: ${{ needs.build_lambda.outputs.docker_image }} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ matrix.region }} | |
# this plugin sets the AWS account ID to a secret which is not allowed in outputs | |
# we have to disable that so repo output will work | |
mask-aws-account-id: 'no' | |
- name: Update Lambda and Publish | |
run: | | |
DOCKER_IMAGE=$(echo "${{ env.DOCKER_IMAGE }}" | sed -r 's/${{ env.PRIMARY_AWS_REGION }}/${{ matrix.region }}/g') | |
FUNCTION_NAMES=$(aws lambda list-functions --region ${{ matrix.region }} | jq -r '.Functions[] | select(.FunctionName | test("${{ inputs.environment }}-.*-e2e")) .FunctionName') | |
if [ $? -ne 0 ]; then | |
echo "Error listing functions" | |
exit 1 | |
fi | |
for FUNCTION_NAME in $FUNCTION_NAMES; do | |
aws lambda update-function-code --function-name $FUNCTION_NAME --image-uri "$DOCKER_IMAGE" --publish | |
done | |
# reconfigure AWS credentials to use the default region for SSM Parameter Store. | |
# aws-actions/configure-aws-credentials@v2 overrides env.AWS_DEFAULT_REGION, so | |
# we name our env var PRIMARY_AWS_REGION to avoid that. | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.PRIMARY_AWS_REGION }} | |
# Set any env vars needed from Parameter Store here | |
- name: Set GITHUB_ACTIONS_SLACK_BOT_TOKEN | |
uses: 'marvinpinto/action-inject-ssm-secrets@latest' | |
with: | |
ssm_parameter: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN' | |
env_variable_name: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN' | |
- name: Set ASELO_DEPLOYS_CHANNEL_ID | |
uses: 'marvinpinto/action-inject-ssm-secrets@latest' | |
with: | |
ssm_parameter: 'ASELO_DEPLOYS_CHANNEL_ID' | |
env_variable_name: 'ASELO_DEPLOYS_CHANNEL_ID' | |
# Send Slack notifying success | |
- name: Slack Aselo channel | |
id: slack | |
uses: slackapi/slack-github-action@v1.14.0 | |
with: | |
channel-id: ${{ env.ASELO_DEPLOYS_CHANNEL_ID }} | |
slack-message: '`[E2E lambdas - ${{ matrix.region }}]` Deployment of ${{ github.ref_type }} `${{ github.ref_name }}` requested by `${{ github.triggering_actor }}` completed with SHA ${{ github.sha }}, environment `${{ inputs.environment }}` :rocket:.' | |
env: | |
SLACK_BOT_TOKEN: ${{ env.GITHUB_ACTIONS_SLACK_BOT_TOKEN }} | |
if: ${{ inputs.send-slack-message != 'false' }} |