v1.4.3 #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow deploys the code tagged with 'deploy-prd*' | |
| name: deploy_prd | |
| # Controls when the action will run. | |
| on: | |
| release: | |
| types: [released] | |
| env: | |
| TF_VERSION: 1.1.0 | |
| TG_VERSION: 0.29.2 | |
| TARGET_ENV: prd | |
| permissions: | |
| id-token: write | |
| # A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
| jobs: | |
| # This workflow contains a single job called "deploy" | |
| deploy: | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| # Production GitHub repo environment | |
| environment: | |
| name: prd | |
| # Steps represent a sequence of tasks that will be executed as part of the job | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_branch }} | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| #Compile lambda functions | |
| - name: Compile lambda | |
| run: | | |
| mvn --batch-mode install -f aws-lambda-layer-base/pom.xml | |
| mvn --batch-mode install -f wfdm-clamav-service/wfdm-clamav-scan-handler/pom.xml | |
| mvn --batch-mode install -f wfdm-file-index-initializer/pom.xml | |
| mvn --batch-mode install -f wfdm-file-index-service/pom.xml | |
| - name: Create zip file structure | |
| run: | | |
| mkdir java | |
| mkdir java/lib | |
| find /home/runner/.m2/repository/ca/bc/gov/nrs/wfdm/aws-lambda-layer-base -name *.jar -exec mv {} ./java/lib/aws-lambda-layer-base.jar \; | |
| - uses: montudor/action-zip@v1 | |
| with: | |
| args: zip -qq -r java.zip java | |
| - name: Make directory, copy in jar files and zip file | |
| run: mkdir staging && find /home/runner/.m2/repository/ca/bc/gov/nrs/wfdm -name '*.jar' -exec cp -prv '{}' 'staging' ';' && cp java.zip staging/java.zip | |
| - name: Get source code hash of jar files | |
| run: | | |
| openssl sha256 staging/wfdm-clamav-scan-handler* > staging/wfdm-clamav-scan-handler-hash.txt | |
| openssl sha256 staging/wfdm-file-index-initializer* > staging/wfdm-file-index-initializer-hash.txt | |
| openssl sha256 staging/wfdm-opensearch-indexing* > staging/wfdm-opensearch-indexing-hash.txt | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_TERRAFORM_ROLE_TO_ASSUME }} | |
| role-session-name: wfdm-terraform | |
| aws-region: ca-central-1 | |
| - name: Upload S3 | |
| id: S3 | |
| run: | |
| aws s3 cp ./staging s3://wfdm-s3-bucket-prd --recursive | |
| # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
| # Install/Setup terragrunt CLI | |
| - uses: peter-murray/[email protected] | |
| with: | |
| terragrunt_version: ${{ env.TG_VERSION }} | |
| # Apply changes | |
| - name: Terragrunt Apply | |
| working-directory: terragrunt/PRD | |
| env: | |
| app_image: ${{ env.IMAGE_ID }}:${{ github.event.workflow_run.head_branch}} | |
| opensearch_password: ${{ secrets.OPENSEARCH_PASSWORD_PRD }} | |
| opensearch_user: ${{ secrets.OPENSEARCH_USER_PRD }} | |
| run: terragrunt run-all apply --terragrunt-non-interactive | |
| #run: terragrunt run-all plan --terragrunt-non-interactive |