-
Notifications
You must be signed in to change notification settings - Fork 0
153 lines (146 loc) · 5.61 KB
/
lambda_deploy.yml
File metadata and controls
153 lines (146 loc) · 5.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: lambda_deploy
on:
workflow_dispatch:
workflow_call:
inputs:
app_path:
description: "The app to test"
type: string
required: true
default: "pull_chat_messages"
environment:
description: "The environment to deploy to"
type: string
required: true
default: "tmp"
artifact_bucket:
description: "The bucket to store the artifacts"
type: string
required: true
default: "aws-sam-cli-managed-default-samclisourcebucket-XXXXX"
aws_region:
description: "The region to deploy to"
type: string
required: true
default: "us-west-2"
codeartifact_domain:
description: "The codeartifact domain"
type: string
required: true
codeartifact_domain_owner:
description: "The codeartifact domain owner"
type: string
required: true
codeartifact_repository:
description: "The codeartifact repository"
type: string
required: true
tox_path:
description: "The path to the tox file"
type: string
required: true
default: "/tox/path"
app_path_prefix:
description: "The path to the app"
type: string
required: true
compose_path:
description: "The path to the docker-compose file"
type: string
aws_role_arn:
description: "The role to assume"
type: string
required: true
# Permission can be added at job level or workflow level
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
actions: read # This is required for actions/checkout
jobs:
deploy:
environment: "${{inputs.app_path}}-${{ inputs.environment }}"
runs-on: ubuntu-latest
concurrency:
group: "deploy ${{inputs.app_path}} - ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}"
cancel-in-progress: true
timeout-minutes: 10
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 1
sparse-checkout: |
${{inputs.app_path_prefix}}/${{inputs.app_path}}/
- name: get file hash
id: file_hash
run: |
echo "file_hash=${{hashFiles(format('{0}**', inputs.app_path_prefix))}}" >> $GITHUB_OUTPUT
# Need to hash the files before any additional files are generated by the build process
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "${{ inputs.aws_role_arn }}"
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: "${{ inputs.aws_region }}"
- name: Download workflow artifact
uses: dawidd6/action-download-artifact@v7
id: get_packaged
with:
name: sam_template_${{steps.file_hash.outputs.file_hash}}
path: ${{inputs.app_path_prefix}}/${{inputs.app_path}}/
workflow_conclusion: ""
search_artifacts: true
continue-on-error: true
- name: Setup for dependencies
# need to set the aws index url for building but also testing
run: |
CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain ${{inputs.codeartifact_domain}} --domain-owner ${{inputs.codeartifact_domain_owner}} --query authorizationToken --output text --duration-seconds 900`
echo "AWS_INDEX_URL=https://aws:$CODEARTIFACT_AUTH_TOKEN@${{inputs.codeartifact_domain}}-${{inputs.codeartifact_domain_owner}}.d.codeartifact.us-west-2.amazonaws.com/pypi/${{inputs.codeartifact_repository}}/simple/" >> $GITHUB_ENV
- name: Install SAM CLI
run: uv tool install aws-sam-cli
- name: Sam build
if: (steps.get_packaged.outcome!='success')
run: |
cd ${{inputs.app_path_prefix}}/${{inputs.app_path}} && \
sam build \
--use-container \
--container-env-var PIP_INDEX_URL=$AWS_INDEX_URL \
--parallel
- name: Sam package
if: (steps.get_packaged.outcome!='success')
run: |
cd ${{inputs.app_path_prefix}}/${{inputs.app_path}} && \
sam package \
--output-template-file packaged.yaml \
--s3-bucket ${{inputs.artifact_bucket}} \
- uses: actions/upload-artifact@v4
if: (steps.get_packaged.outcome!='success')
with:
name: sam_template_${{steps.file_hash.outputs.file_hash}}
path: ${{inputs.app_path_prefix}}/${{inputs.app_path}}/packaged.yaml
- name: Sam deploy to ${{ inputs.environment }}
run: |
cd ./${{inputs.app_path_prefix}}/${{inputs.app_path}}
array=("prod|qa")
if [[ "|${array[*]}|" =~ "|${{ inputs.environment }}|" ]]; then
config_env=${{ inputs.environment }}
else
config_env=default
fi
sam deploy \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--config-env $config_env \
--template-file packaged.yaml
echo "config_env=$config_env" >> $GITHUB_ENV
- name: Set up Python
id: py_setup
uses: actions/setup-python@v6
with:
python-version: "3.12"
- name: Check deploy
run: |
cd ./${{inputs.app_path_prefix}}/${{inputs.app_path}}
if [ -f src/tests/ci_checks/test_deployed.py ]; then
pip install pytest PyYAML saga_py_test_helpers -i $AWS_INDEX_URL
DEPLOY_ENV=$config_env IS_CI=True pytest src/tests/ci_checks/test_deployed.py
fi