-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (117 loc) · 4.01 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: Deploy
on:
push:
branches:
- deploy/staging
- main
paths:
- ".github/workflows/deploy.yml"
- "package.json"
- "package-lock.json"
- "src/**"
- "template.yaml"
workflow_dispatch:
inputs:
force_deploy_docs:
description: Deploy documentation even if no changes detected
type: boolean
default: false
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
env:
CONFIG_ENV: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
jobs:
build-deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
steps:
- name: Set GitHub Deploy Key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.TFVARS_DEPLOY_KEY }}
- uses: actions/checkout@v2
- uses: actions/checkout@v2
with:
repository: "nulib/tfvars"
ref: main
path: ".tfvars"
- uses: actions/setup-python@v2
- uses: aws-actions/setup-sam@v1
- name: sam fix https://github.com/aws/aws-sam-cli/issues/4527
run: $(dirname $(readlink $(which sam)))/pip install --force-reinstall "cryptography==38.0.4"
- uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{ secrets.AwsAccount }}:role/github-actions-role
aws-region: us-east-1
- run: ln -s .tfvars/dc-api/samconfig.toml .
- run: ln -s .tfvars/dc-api/$CONFIG_ENV.parameters .
- run: sam build
- run: |
sam deploy \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--config-env $CONFIG_ENV \
--config-file ./samconfig.toml \
--parameter-overrides $(while IFS='=' read -r key value; do params+=" $key=$value"; done < ./$CONFIG_ENV.parameters && echo "$params HoneybadgerRevision=$HONEYBADGER_REVISION")
env:
HONEYBADGER_REVISION: ${{ github.sha }}
docs-changed:
runs-on: ubuntu-latest
outputs:
result: ${{ steps.changed-files.outputs.any_modified == 'true' }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Get changed doc files
id: changed-files
uses: tj-actions/[email protected]
with:
files: |
.github/workflows/deploy.yaml
docs/*
publish-docs:
needs: docs-changed
if: ${{ needs.docs-changed.outputs.result == 'true' || inputs.force_deploy_docs }}
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{ secrets.AwsAccount }}:role/github-actions-role
aws-region: us-east-1
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: 3.9
- uses: abatilo/actions-poetry@v2
with:
poetry-version: 1.4.2
- name: Install dependencies
run: poetry install
working-directory: ./docs
- name: Build docs
run: poetry run mkdocs build --clean
working-directory: ./docs
- name: Determine correct deploy domain for environment
run: sed -i s/API_HOST/${HOSTNAME}/g docs/site/spec/openapi.*
env:
HOSTNAME: ${{ secrets.Hostname }}.${{ secrets.HostedZone }}
- name: Generate JSON API
uses: openapi-generators/openapitools-generator-action@v1
with:
generator: openapi
openapi-file: docs/site/spec/openapi.yaml
command-args: -o docs/site/spec
- name: Copy to S3
run: aws s3 sync --delete docs/site/ s3://${HOST}-docs.${ZONE}/
env:
HOST: ${{ secrets.Hostname }}
ZONE: ${{ secrets.HostedZone }}