Fix APICog not being hashable #25

Workflow file for this run

	name: Build and deploy

	on:
	push:
	branches: '*'
	tags: 'v[0-9]+.[0-9]+.[0-9]+*'
	pull_request:
	branches: '*'
	workflow_dispatch:
	inputs:
	deploy:
	type: boolean
	default: false

	env:
	NODE_VERSION: 18
	REGISTRY: ghcr.io
	IMAGE_NAME: object-object/discord-github-utils

	jobs:
	build-image:
	runs-on: ubuntu-latest
	outputs:
	tag: ${{ fromJson(steps.meta.outputs.json).tags[0] }}
	steps:
	- uses: actions/checkout@v4
	- uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Extract image metadata
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Build Docker image
	id: build
	uses: docker/build-push-action@v5
	with:
	context: .
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	outputs: type=docker,dest=/tmp/image.tar

	- name: Upload image artifact
	uses: actions/upload-artifact@v4
	with:
	name: docker-image
	path: /tmp/image.tar
	retention-days: 7

	build-aws-cdk:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: eifinger/setup-rye@v4
	with:
	enable-cache: true
	github-token: ${{ secrets.GITHUB_TOKEN }}
	- uses: object-Object/ci/setup@v0
	with:
	node-version: ${{ env.NODE_VERSION }}
	npm-packages: aws-cdk

	- name: Sync dependencies
	run: rye sync --no-lock --no-dev

	- name: Synth aws-cdk stack
	run: cdk synth --ci --no-lookups --strict

	- name: Upload synth artifact
	uses: actions/upload-artifact@v4
	with:
	name: aws-cdk-synth
	path: cdk.out

	# dummy "gate" job to restrict when the deployment jobs can run
	setup-deployments:
	needs:
	- build-image
	- build-aws-cdk
	if: github.event_name == 'push' && contains(github.ref, 'refs/tags/') \|\| inputs.deploy
	runs-on: ubuntu-latest
	steps:
	- run: echo

	push-image:
	needs:
	- setup-deployments
	- build-image
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: write
	environment:
	name: docker
	url: https://${{ needs.build-image.outputs.tag }}
	outputs:
	digest: ${{ steps.digest.outputs.value }}
	steps:
	- uses: docker/setup-buildx-action@v3

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v3
	with:
	registry: ${{ env.REGISTRY }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Download image artifact
	uses: actions/download-artifact@v4
	with:
	name: docker-image
	path: /tmp

	- name: Load image
	run: docker load --input /tmp/image.tar

	- name: Push image
	run: docker image push --all-tags ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

	- name: Get image digest
	id: digest
	run: echo "value=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ needs.build-image.outputs.tag }})" >> "$GITHUB_OUTPUT"

	deploy-aws-cdk:
	needs:
	- setup-deployments
	- build-aws-cdk
	runs-on: ubuntu-latest
	permissions:
	contents: read
	id-token: write
	environment:
	name: prod-aws-cdk
	steps:
	- uses: actions/checkout@v4
	- uses: object-Object/ci/setup@v0
	with:
	node-version: ${{ env.NODE_VERSION }}
	npm-packages: aws-cdk
	role-to-assume: default

	- name: Download synth artifact
	uses: actions/download-artifact@v4
	with:
	name: aws-cdk-synth
	path: cdk.out

	- name: Deploy stack
	run: cdk deploy --ci --no-lookups --require-approval=never --app=cdk.out --outputs-file=outputs.json

	- name: Upload outputs artifact
	uses: actions/upload-artifact@v4
	with:
	name: aws-cdk-outputs
	path: outputs.json

	deploy-codedeploy:
	needs:
	- setup-deployments
	- push-image
	- deploy-aws-cdk
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	contents: read
	environment:
	name: prod-codedeploy
	url: ${{ steps.deploy.outputs.deployment-url }}
	steps:
	- uses: actions/checkout@v4

	- name: Download outputs artifact
	uses: actions/download-artifact@v4
	with:
	name: aws-cdk-outputs

	- name: Parse outputs
	id: parse
	uses: object-Object/ci/parse-cdk-outputs@v0
	with:
	file: outputs.json

	- uses: object-Object/ci/setup@v0
	with:
	python-version-file: .python-version
	role-to-assume: ${{ steps.parse.outputs.ActionsCodeDeployRoleARN }}

	- name: Create runtime files
	working-directory: codedeploy
	run: \|
	mkdir -p secrets

	cat <<END_OF_FILE > .env
	IMAGE="${{ needs.push-image.outputs.digest }}"
	TOKEN="${{ secrets.DISCORD_TOKEN }}"
	GITHUB__CLIENT_SECRET="${{ secrets.GH_APP_CLIENT_SECRET }}"
	DEPLOYMENT="{}"
	DEPLOYMENT__COMMIT_SHA="${{ github.sha }}"
	DEPLOYMENT__COMMIT_TIMESTAMP="$(git show --no-patch --format=%at ${{ github.sha }})"
	DEPLOYMENT__COMMIT_MESSAGE="$(git log --oneline --format=%B -n 1 ${{ github.sha }} \| head -n 1)"
	END_OF_FILE

	cat <<END_OF_FILE > secrets/github__private_key
	${{ secrets.GH_APP_PRIVATE_KEY }}
	END_OF_FILE

	- name: Deploy application
	id: deploy
	uses: object-Object/ci/deploy-codedeploy@v0
	with:
	path: codedeploy
	stack: ${{ steps.parse.outputs.stack-name }}
	application: ${{ steps.parse.outputs.ApplicationName }}
	deployment-group: ${{ steps.parse.outputs.DeploymentGroupName }}
	s3-bucket: ${{ steps.parse.outputs.ArtifactsBucketName }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix APICog not being hashable #25

Workflow file

Fix APICog not being hashable #25

Jobs

Run details

Workflow file for this run