Skip to content

Build and deploy

Build and deploy #24

Workflow file for this run

name: Build and deploy
on:
push:
branches: '*'
tags: 'v[0-9]+.[0-9]+.[0-9]+*'
pull_request:
branches: '*'
workflow_dispatch:
inputs:
deploy:
type: boolean
default: false
env:
NODE_VERSION: 18
REGISTRY: ghcr.io
IMAGE_NAME: object-object/discord-github-utils
jobs:
build-image:
runs-on: ubuntu-latest
outputs:
tag: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=docker,dest=/tmp/image.tar
- name: Upload image artifact
uses: actions/upload-artifact@v4
with:
name: docker-image
path: /tmp/image.tar
retention-days: 7
build-aws-cdk:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: eifinger/setup-rye@v4
with:
enable-cache: true
github-token: ${{ secrets.GITHUB_TOKEN }}
- uses: object-Object/ci/setup@v0
with:
node-version: ${{ env.NODE_VERSION }}
npm-packages: aws-cdk
- name: Sync dependencies
run: rye sync --no-lock --no-dev
- name: Synth aws-cdk stack
run: cdk synth --ci --no-lookups --strict
- name: Upload synth artifact
uses: actions/upload-artifact@v4
with:
name: aws-cdk-synth
path: cdk.out
# dummy "gate" job to restrict when the deployment jobs can run
setup-deployments:
needs:
- build-image
- build-aws-cdk
if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') || inputs.deploy
runs-on: ubuntu-latest
steps:
- run: echo
push-image:
needs:
- setup-deployments
- build-image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
environment:
name: docker
url: https://${{ needs.build-image.outputs.tag }}
outputs:
digest: ${{ steps.digest.outputs.value }}
steps:
- uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: docker-image
path: /tmp
- name: Load image
run: docker load --input /tmp/image.tar
- name: Push image
run: docker image push --all-tags ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Get image digest
id: digest
run: echo "value=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ needs.build-image.outputs.tag }})" >> "$GITHUB_OUTPUT"
deploy-aws-cdk:
needs:
- setup-deployments
- build-aws-cdk
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
environment:
name: prod-aws-cdk
steps:
- uses: actions/checkout@v4
- uses: object-Object/ci/setup@v0
with:
node-version: ${{ env.NODE_VERSION }}
npm-packages: aws-cdk
role-to-assume: default
- name: Download synth artifact
uses: actions/download-artifact@v4
with:
name: aws-cdk-synth
path: cdk.out
- name: Deploy stack
run: cdk deploy --ci --no-lookups --require-approval=never --app=cdk.out --outputs-file=outputs.json
- name: Upload outputs artifact
uses: actions/upload-artifact@v4
with:
name: aws-cdk-outputs
path: outputs.json
deploy-codedeploy:
needs:
- setup-deployments
- push-image
- deploy-aws-cdk
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment:
name: prod-codedeploy
url: ${{ steps.deploy.outputs.deployment-url }}
steps:
- uses: actions/checkout@v4
- name: Download outputs artifact
uses: actions/download-artifact@v4
with:
name: aws-cdk-outputs
- name: Parse outputs
id: parse
uses: object-Object/ci/parse-cdk-outputs@v0
with:
file: outputs.json
- uses: object-Object/ci/setup@v0
with:
python-version-file: .python-version
role-to-assume: ${{ steps.parse.outputs.ActionsCodeDeployRoleARN }}
- name: Create runtime files
working-directory: codedeploy
run: |
mkdir -p secrets
cat <<END_OF_FILE > .env
IMAGE="${{ needs.push-image.outputs.digest }}"
TOKEN="${{ secrets.DISCORD_TOKEN }}"
GITHUB__CLIENT_SECRET="${{ secrets.GH_APP_CLIENT_SECRET }}"
DEPLOYMENT="{}"
DEPLOYMENT__COMMIT_SHA="${{ github.sha }}"
DEPLOYMENT__COMMIT_TIMESTAMP="$(git show --no-patch --format=%at ${{ github.sha }})"
DEPLOYMENT__COMMIT_MESSAGE="$(git log --oneline --format=%B -n 1 ${{ github.sha }} | head -n 1)"
END_OF_FILE
cat <<END_OF_FILE > secrets/github__private_key
${{ secrets.GH_APP_PRIVATE_KEY }}
END_OF_FILE
- name: Deploy application
id: deploy
uses: object-Object/ci/deploy-codedeploy@v0
with:
path: codedeploy
stack: ${{ steps.parse.outputs.stack-name }}
application: ${{ steps.parse.outputs.ApplicationName }}
deployment-group: ${{ steps.parse.outputs.DeploymentGroupName }}
s3-bucket: ${{ steps.parse.outputs.ArtifactsBucketName }}