-
Notifications
You must be signed in to change notification settings - Fork 90
100 lines (93 loc) · 3.38 KB
/
deploy-lambdas.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: Deploy lambdas to S3 and ECR
on:
push:
branches:
- ci_deploy_lambdas
paths:
- '.github/workflows/deploy-lambdas.yml'
- 'lambdas/**'
jobs:
deploy-lambda-s3:
strategy:
matrix:
path:
- access_counts
# - es/indexer
# - pkgevents
# - pkgpush
# - pkgselect
# - preview
# - s3hash
# - s3select
# - status_reports
# - tabular_preview
# - transcode
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Build zip
run: |
BUILDER_IMAGE=quiltdata/lambda:build-3.8
docker pull "$BUILDER_IMAGE"
touch ./out.zip
docker run --rm \
--entrypoint /build_zip.sh \
-v "$PWD/lambdas/${{ matrix.path }}":/lambda/function:z \
-v "$PWD/lambdas/shared":/lambda/shared:z \
-v "$PWD/out.zip":/out.zip:z \
-v "$PWD/lambdas/build_zip.sh":/build_zip.sh:z \
"$BUILDER_IMAGE"
- name: Configure AWS credentials from Prod account
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::730278974607:role/github/GitHub-Quilt
aws-region: us-east-1
- name: Upload zips to Prod S3
run: |
s3_key="$(basename ${{ matrix.path }})/${{ github.sha }}.zip"
./lambdas/upload_zip.sh ./out.zip "$AWS_REGION" "$s3_key"
- name: Configure AWS credentials from GovCloud account
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws-us-gov:iam::313325871032:role/github/GitHub-Quilt
aws-region: us-gov-east-1
- name: Upload zips to GovCloud S3
run: |
s3_key="$(basename ${{ matrix.path }})/${{ github.sha }}.zip"
./lambdas/upload_zip.sh ./out.zip "$AWS_REGION" "$s3_key"
deploy-lambda-ecr:
strategy:
matrix:
path:
- molecule
# - thumbnail
runs-on: ubuntu-latest
# These permissions are needed to interact with GitHub's OIDC Token endpoint.
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Build Docker image
working-directory: ./lambdas/${{ matrix.path }}
run: |
image_name=quiltdata/lambdas/${{ matrix.path }}:${{ github.sha }}
docker buildx build --pull --platform=linux/amd64 -t "$image_name" -f Dockerfile ..
- name: Configure AWS credentials from Prod account
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::730278974607:role/github/GitHub-Quilt
aws-region: us-east-2
- name: Push Docker image to Prod ECR
run: ./lambdas/upload_ecr.sh 730278974607 quiltdata/lambdas/${{ matrix.path }}:${{ github.sha }}
# - name: Configure AWS credentials from GovCloud account
# uses: aws-actions/configure-aws-credentials@v4
# with:
# role-to-assume: arn:aws-us-gov:iam::313325871032:role/github/GitHub-Quilt
# aws-region: us-gov-east-1
# - name: Push Docker image to GovCloud ECR
# run: ./lambdas/upload_ecr.sh 313325871032 quiltdata/lambdas/${{ matrix.path }}:${{ github.sha }}