Verify & Publish to Dev #94
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: "Verify & Publish to Dev" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| refType: | |
| type: choice | |
| description: "Find branch name, commit SHA, or tag?" | |
| options: | |
| - Branch name | |
| - Commit SHA | |
| - Tag | |
| default: Branch name | |
| gitRef: | |
| description: "Input branch name, commit SHA, or tag" | |
| required: true | |
| type: string | |
| default: main | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| validate_application: | |
| name: Acceptance Checks | |
| uses: ./.github/workflows/build-test-application.yml | |
| secrets: inherit | |
| with: | |
| gitRef: ${{ inputs.gitRef }} | |
| validate_deployment: | |
| name: Deployment Template Checks | |
| uses: ./.github/workflows/validate-sam-template-dev.yml | |
| secrets: inherit | |
| with: | |
| gitRef: ${{ inputs.gitRef }} | |
| publish_artifacts: | |
| name: "Publish Image & Template to Dev" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 60 | |
| needs: | |
| - validate_application | |
| - validate_deployment | |
| steps: | |
| - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # pin@v3 | |
| with: | |
| ref: ${{ inputs.gitRef }} | |
| - name: Fetch Commit SHA | |
| id: gitRefSHA | |
| if: ${{ github.event.inputs.choice }} == "Commit SHA" | |
| run: echo GIT_REF_SHA=${{ inputs.gitRef }} >> $GITHUB_ENV | |
| - name: Fetch Commit SHA by Branch name | |
| id: gitRefBranch | |
| if: ${{ github.event.inputs.choice }} == "Branch name" | |
| run: echo GIT_REF_SHA=$(git log -1 ${{ inputs.gitRef }} --pretty=format:%H) >> $GITHUB_ENV | |
| - name: Fetch Commit SHA by Tag | |
| id: gitRefTag | |
| if: ${{ github.event.inputs.choice }} == "Tag" | |
| run: echo GIT_REF_SHA=$(git rev-list -n 1 ${{ inputs.gitRef }}) >> $GITHUB_ENV | |
| - name: Set tag | |
| id: vars | |
| run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT | |
| - name: Get current date | |
| id: datetime | |
| run: echo "date=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_OUTPUT | |
| - name: Set up AWS creds | |
| uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # pin@v1-node16 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_GH_ACTIONS_ROLE_ARN }} | |
| aws-region: eu-west-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@261a7de32bda11ba01f4d75c4ed6caf3739e54be # pin@v1 | |
| - name: Build & Publish Docker Image as latest | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: ${{ secrets.DEV_ECR_REPOSITORY }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$GIT_REF_SHA . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$GIT_REF_SHA | |
| - name: Upload SAM Template to Bucket | |
| id: publish-template | |
| env: | |
| ARTIFACT_BUCKET_NAME: ${{ secrets.DEV_ARTIFACT_SOURCE_BUCKET_NAME }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: ${{ secrets.DEV_ECR_REPOSITORY }} | |
| run: | | |
| echo "Running sam build on template file" | |
| sam build --template-file=./deploy/template.yaml | |
| mv .aws-sam/build/template.yaml cf-template.yaml | |
| echo "Replacing 'CONTAINER-IMAGE-PLACEHOLDER' with new ECR image ref" | |
| sed -i "s|CONTAINER-IMAGE-PLACEHOLDER|$ECR_REGISTRY/$ECR_REPOSITORY:$GIT_REF_SHA|" cf-template.yaml | |
| zip template.zip cf-template.yaml | |
| aws s3 cp template.zip "s3://$ARTIFACT_BUCKET_NAME/template.zip" --metadata "repository=$GITHUB_REPOSITORY,commitsha=$GIT_REF_SHA" | |
| - name: "Delegated Deployment via AWS CodeDeploy" | |
| run: echo "Deployment has been delegated to AWS CodeDeploy" |