-
Notifications
You must be signed in to change notification settings - Fork 8
100 lines (82 loc) · 3.55 KB
/
deploy_prd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# This workflow deploys the code tagged with 'deploy-prd*'
name: deploy_prd
# Controls when the action will run.
on:
release:
types: [released]
env:
TF_VERSION: 1.1.0
TG_VERSION: 0.29.2
TARGET_ENV: prd
permissions:
id-token: write
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "deploy"
deploy:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Production GitHub repo environment
environment:
name: prd
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
with:
ref: ${{ github.event.workflow_run.head_branch }}
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
#Compile lambda functions
- name: Compile lambda
run: |
mvn --batch-mode install -f aws-lambda-layer-base/pom.xml
mvn --batch-mode install -f wfdm-clamav-service/wfdm-clamav-scan-handler/pom.xml
mvn --batch-mode install -f wfdm-file-index-initializer/pom.xml
mvn --batch-mode install -f wfdm-file-index-service/pom.xml
- name: Create zip file structure
run: |
mkdir java
mkdir java/lib
find /home/runner/.m2/repository/ca/bc/gov/nrs/wfdm/aws-lambda-layer-base -name *.jar -exec mv {} ./java/lib/aws-lambda-layer-base.jar \;
- uses: montudor/action-zip@v1
with:
args: zip -qq -r java.zip java
- name: Make directory, copy in jar files and zip file
run: mkdir staging && find /home/runner/.m2/repository/ca/bc/gov/nrs/wfdm -name '*.jar' -exec cp -prv '{}' 'staging' ';' && cp java.zip staging/java.zip
- name: Get source code hash of jar files
run: |
openssl sha256 staging/wfdm-clamav-scan-handler* > staging/wfdm-clamav-scan-handler-hash.txt
openssl sha256 staging/wfdm-file-index-initializer* > staging/wfdm-file-index-initializer-hash.txt
openssl sha256 staging/wfdm-opensearch-indexing* > staging/wfdm-opensearch-indexing-hash.txt
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_TERRAFORM_ROLE_TO_ASSUME }}
role-session-name: wfdm-terraform
aws-region: ca-central-1
- name: Upload S3
id: S3
run:
aws s3 cp ./staging s3://wfdm-s3-bucket-prd --recursive
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Install/Setup terragrunt CLI
- uses: peter-murray/[email protected]
with:
terragrunt_version: ${{ env.TG_VERSION }}
# Apply changes
- name: Terragrunt Apply
working-directory: terragrunt/PRD
env:
app_image: ${{ env.IMAGE_ID }}:${{ github.event.workflow_run.head_branch}}
opensearch_password: ${{ secrets.OPENSEARCH_PASSWORD_PRD }}
opensearch_user: ${{ secrets.OPENSEARCH_USER_PRD }}
run: terragrunt run-all apply --terragrunt-non-interactive
#run: terragrunt run-all plan --terragrunt-non-interactive