Skip to content

removing aws creds

removing aws creds #18

name: Weekly release build
on:
push:
branches: [API-37625-gh-release-build]
workflow_dispatch:
jobs:
install:
runs-on: ubuntu-latest
outputs:
node_version: ${{ steps.node_version.outputs.node_version }}
steps:
- uses: actions/checkout@v2
- name: Setup node
uses: actions/setup-node@v2
with:
node-version: 16
- id: node_version
name: Set Node Version to ENV
run: |
NODE_VERSION=$(node -v)
echo $NODE_VERSION
echo "node_version=$NODE_VERSION" >> $GITHUB_OUTPUT
release_builds:
needs: [install]
runs-on: ubuntu-latest
strategy:
matrix:
environment: ['dev', 'staging']
steps:
- uses: actions/checkout@v2
- name: Setup node
uses: actions/setup-node@v2
with:
node-version: 16
- name: Print env
run: printenv
# - name: Run Build
# env:
# NODE_ENV: production
# BUILD_ENV: ${{matrix.environment}}
# REACT_APP_COMMIT_HASH: ${{needs.install.outputs.hash}}
# run: npm run build $BUILD_ENV
# - name: Configure AWS Credentials
# uses: aws-actions/[email protected]
# with:
# aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
# aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
# aws-region: us-east-1
# role-to-assume: ${{secrets.AWS_ROLE_ARN}}
# role-duration-seconds: 1200
# role-session-name: GitHubActions
create_release:
runs-on: ubuntu-latest
needs: [release_builds]
steps:
- id: latest_release
name: Get latest release with tag
run: |
echo ${{secrets.GIT_AUTO_DEPLOY_TOKEN}} | gh auth login --with-token
LATEST_RELEASE=$(gh api /repos/$GITHUB_REPOSITORY/releases/latest | jq '.tag_name' | sed 's/\"//g')
echo $LATEST_RELEASE
echo "tag=$LATEST_RELEASE" >> $GITHUB_OUTPUT
- uses: actions/checkout@v2
with:
ref: ${{steps.latest_release.outputs.tag}}
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
aws-region: ${{secrets.AWS_REGION}}
role-to-assume: ${{secrets.AWS_ROLE_ARN}}
role-duration-seconds: 1200
role-session-name: GitHubActions
- name: Download archives
env:
S3_ARCHIVE_BUCKET: ${{secrets.AWS_S3_ARCHIVE_BUCKET}}
run: |
SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
mkdir release
aws s3 cp --no-progress --recursive s3://$S3_ARCHIVE_BUCKET/$SHORT_SHA/ release/
- name: Create the release
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
run: |
RELEASE_TITLE=`gh api /repos/department-of-veterans-affairs/lighthouse-saml-proxy/commits/$GITHUB_SHA | jq -r '.commit.message' | head -1`
# If the commit message doesn't include the PR number at the end, append it.
if ! [[ $RELEASE_TITLE =~ \(\#[0-9]{4,}\) ]]; then
echo "PR number missing. This will append it to the release title."
PR_NUMBER=`gh api -X GET search/issues -f q="$GITHUB_SHA" | jq -r '.items[0].number'`
RELEASE_TITLE="$RELEASE_TITLE (#$PR_NUMBER)"
fi
NEW_TAG=$(git tag --sort=-creatordate | head -1 | awk -F. -v OFS=. '{$NF++;print}')
VERSION=${NEW_TAG#"lighthouse-saml-proxy/v"}
gh release create $NEW_TAG --title="$RELEASE_TITLE"
for env in 'dev' 'staging' 'production' ; do
mv "release/lighthouse-saml-proxy-${env}.tar.bz2" "release/lighthouse-saml-proxy-${env}-${VERSION}.tar.bz2"
gh release upload ${NEW_TAG} "release/lighthouse-saml-proxy-${env}-${VERSION}.tar.bz2#${NEW_TAG}_${env}.tar.bz2"
echo "${env} artifact uploaded"
done
- name: Build dev and staging
run: |
aws codebuild start-build --project-name lighthouse-saml-proxy --environment-variables-override name=RELEASE,value=${NEW_TAG}