-
Notifications
You must be signed in to change notification settings - Fork 17
117 lines (104 loc) · 4.27 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# This workflow runs whenever a GitHub release is created. It gets the version
# number from the git tag, builds and tests TEA, and then uploads the artifacts
# to the public bucket for distribution.
name: Release
on:
release:
types:
- published
jobs:
build:
uses: ./.github/workflows/re-build.yml
with:
environment: prod
test-e2e:
needs:
- build
if: ${{ vars.RUN_TESTS }}
uses: ./.github/workflows/re-test-e2e.yml
with:
environment: test
secrets: inherit
publish:
runs-on: ubuntu-latest
environment: prod
needs:
- build
- test-e2e
if: success() || needs.test-e2e.result == 'skipped'
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }}
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-west-2' }}
steps:
- uses: actions/checkout@v4
- name: Load environment defaults
run: cat .github/workflows/config-public/prod.env >> $GITHUB_ENV
- uses: actions/download-artifact@v4
- name: Upload to public code bucket
env:
S3_PATH_PREFIX: s3://${{ env.CODE_BUCKET }}/${{ env.CODE_PREFIX }}
run: |
aws s3 cp ./dependency-layer/thin-egress-app-dependencies.zip ${S3_PATH_PREFIX}${{ needs.build.outputs.dependency-zip }} --acl bucket-owner-full-control --acl public-read
aws s3 cp ./code/thin-egress-app-code.zip ${S3_PATH_PREFIX}${{ needs.build.outputs.code-zip }} --acl bucket-owner-full-control --acl public-read
aws s3 cp ./cloudformation/thin-egress-app.yaml ${S3_PATH_PREFIX}${{ needs.build.outputs.cloudformation-yaml }} --acl bucket-owner-full-control --acl public-read
aws s3 cp ./terraform/thin-egress-app-terraform.zip ${S3_PATH_PREFIX}${{ needs.build.outputs.terraform-zip }} --acl bucket-owner-full-control --acl public-read
echo '{"schemaVersion": 1, "label": "Last Release", "message": "'$GITHUB_REF_NAME'", "color": "success"}' > lastrelease.json
aws s3 cp lastrelease.json s3://${CODE_BUCKET}/thin-egress-app/ \
--metadata-directive REPLACE \
--cache-control no-cache \
--expires '2016-06-14T00:00:00Z' \
--content-type 'application/json' \
--acl bucket-owner-full-control --acl public-read
release-assets:
runs-on: ubuntu-latest
needs:
- build
- test-e2e
if: success() || needs.test-e2e.result == 'skipped'
steps:
- uses: actions/download-artifact@v4
- uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./dependency-layer/thin-egress-app-dependencies.zip
asset_name: ${{ needs.build.outputs.dependency-zip }}
asset_content_type: application/zip
- uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./code/thin-egress-app-code.zip
asset_name: ${{ needs.build.outputs.code-zip }}
asset_content_type: application/zip
- uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./cloudformation/thin-egress-app.yaml
asset_name: ${{ needs.build.outputs.cloudformation-yaml }}
asset_content_type: application/vnd.yaml
- uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./terraform/thin-egress-app-terraform.zip
asset_name: ${{ needs.build.outputs.terraform-zip }}
asset_content_type: application/zip
status:
if: always()
needs:
- build
- publish
uses: ./.github/workflows/re-status.yml
with:
environment: prod
build_tag: ${{ needs.build.outputs.version }}
success: ${{ needs.build.result != 'failure' && needs.publish.result != 'failure' }}
secrets: inherit