Deploy Twilio Lambda #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) 2021-2023 Technology Matters | |
| # This program is free software: you can redistribute it and/or modify | |
| # it under the terms of the GNU Affero General Public License as published | |
| # by the Free Software Foundation, either version 3 of the License, or | |
| # (at your option) any later version. | |
| # | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| # GNU Affero General Public License for more details. | |
| # | |
| # You should have received a copy of the GNU Affero General Public License | |
| # along with this program. If not, see https://www.gnu.org/licenses/. | |
| name: 'Deploy Twilio Lambda' | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: Environment to deploy. | |
| default: development | |
| required: true | |
| type: choice | |
| options: | |
| - development | |
| - staging | |
| - production | |
| region: | |
| description: AWS Region to deploy to. | |
| required: true | |
| type: choice | |
| options: | |
| - us-east-1 | |
| - eu-west-1 | |
| - ca-central-1 | |
| workflow_call: | |
| secrets: | |
| AWS_ACCESS_KEY_ID: | |
| required: true | |
| AWS_SECRET_ACCESS_KEY: | |
| required: true | |
| inputs: | |
| environment: | |
| description: Environment to deploy. E.G = development, staging, production (must match with the AWS environment value). Default value = development | |
| type: string | |
| default: development | |
| required: true | |
| region: | |
| description: AWS Region to deploy to. | |
| default: us-east-1 | |
| required: true | |
| type: string | |
| send-slack-message: | |
| description: 'Specifies if should send a Slack message at the end of successful run. Defaults to true' | |
| required: false | |
| default: 'true' | |
| type: string | |
| env: | |
| # if anything is set as a secret, it can't be used in outputs. So we need to set it as an env var | |
| PRIMARY_AWS_REGION: us-east-1 | |
| jobs: | |
| deploy_lambdas: | |
| name: Deploy to Amazon ECS | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| lambda_path: | |
| - account-scoped | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.PRIMARY_AWS_REGION }} | |
| mask-aws-account-id: 'no' | |
| - name: Read ECR url from SSM | |
| uses: "marvinpinto/action-inject-ssm-secrets@latest" | |
| with: | |
| ssm_parameter: /twilio/lambda/${{ matrix.lambda_path }}/ecr-url | |
| env_variable_name: ECR_URL | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ inputs.region }} | |
| mask-aws-account-id: 'no' | |
| # The search and replace is kinda ugly but works. We need to replace the primary region with the region we're deploying to. | |
| # because lambdas don't support ECR images in different regions. We use cross region replication in ECR to make the image | |
| # that is pushed in the primary region available in all other regions. | |
| - name: Update Lambda and Publish | |
| run: | | |
| DOCKER_IMAGE=$(echo "${{ env.ECR_URL }}:${{ github.ref_type }}.${{ github.ref_name }}" | sed -r 's/${{ env.PRIMARY_AWS_REGION }}/${{ inputs.region }}/g') | |
| LAMBDA_NAME=$(basename "./${{ matrix.lambda_path == 'account-scoped' && 'acctscpe' || matrix.lambda_path }}") | |
| SHORT_LAMBDA_NAME=${{ matrix.lambda_path== 'account-scoped' }} | |
| LAMBDA="${{ inputs.environment }}-${{ inputs.region }}-$LAMBDA_NAME" | |
| OUTPUT=$(aws lambda update-function-code --function-name $LAMBDA --image-uri "$DOCKER_IMAGE" --publish) | |
| NEW_VERSION=$(echo "$OUTPUT" | jq -r '.Version') | |
| ALIAS_EXISTS=$(aws lambda get-alias --function-name $LAMBDA --name live || echo "not_exists") | |
| if [ "$ALIAS_EXISTS" == "not_exists" ]; then | |
| aws lambda create-alias --function-name $LAMBDA --name live --function-version $NEW_VERSION | |
| else | |
| aws lambda update-alias --function-name $LAMBDA --name live --function-version $NEW_VERSION | |
| fi | |
| # reconfigure AWS credentials to use the default region for SSM Parameter Store. | |
| # aws-actions/configure-aws-credentials@v4 overrides env.AWS_DEFAULT_REGION, so | |
| # we name our env var PRIMARY_AWS_REGION to avoid that. | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.PRIMARY_AWS_REGION }} | |
| # Set any env vars needed from Parameter Store here | |
| - name: Set GITHUB_ACTIONS_SLACK_BOT_TOKEN | |
| uses: 'marvinpinto/action-inject-ssm-secrets@latest' | |
| with: | |
| ssm_parameter: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN' | |
| env_variable_name: 'GITHUB_ACTIONS_SLACK_BOT_TOKEN' | |
| - name: Set ASELO_DEPLOYS_CHANNEL_ID | |
| uses: 'marvinpinto/action-inject-ssm-secrets@latest' | |
| with: | |
| ssm_parameter: 'ASELO_DEPLOYS_CHANNEL_ID' | |
| env_variable_name: 'ASELO_DEPLOYS_CHANNEL_ID' | |
| # Send Slack notifying success | |
| - name: Slack Aselo channel | |
| id: slack | |
| uses: slackapi/slack-github-action@v1.25.0 | |
| with: | |
| channel-id: ${{ env.ASELO_DEPLOYS_CHANNEL_ID }} | |
| slack-message: '`[Twilio lambdas - ${{ matrix.lambda_path }}]` Deployment of ${{ github.ref_type }} `${{ github.ref_name }}` requested by `${{ github.triggering_actor }}` completed with SHA ${{ github.sha }} to region `${{ inputs.region }}`, environment `${{ inputs.environment }}` :rocket:.' | |
| env: | |
| SLACK_BOT_TOKEN: ${{ env.GITHUB_ACTIONS_SLACK_BOT_TOKEN }} | |
| if: ${{ inputs.send-slack-message != 'false' }} |