-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (136 loc) · 5.74 KB
/
service-user.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
on:
push:
branches:
- main
- master
- dev
- stage
permissions:
id-token: write
contents: read #This is required for actions/checkout@v2 tes
jobs:
changes:
runs-on: ubuntu-latest
# Required permissions
permissions:
pull-requests: read
# Set job outputs to values from filter step
outputs:
user: ${{ steps.filter.outputs.user }}
steps:
# For pull requests it's not necessary to checkout the code
- uses: actions/checkout@master
- uses: dorny/paths-filter@master
id: filter
with:
filters: |
user:
- 'product/service/**/user/**'
- 'infrastructure/service-user.yaml'
native_build:
needs: changes
if: needs.changes.outputs.user == 'true'
runs-on: ubuntu-latest
name: Deploy User Services
steps:
- uses: actions/checkout@master
- uses: dorny/paths-filter@master
id: filter
with:
filters: |
user_welcome:
- 'product/service/lambda-services/user/**'
sam_build:
- 'infrastructure/service-user.yaml'
- name: Create Vars
run: |
echo "TENANT_NAME=minka-cloud" >> $GITHUB_ENV
echo "GENERAL_DOMAIN=minka.cloud" >> $GITHUB_ENV
echo "HOSTED_ZONE_ID=Z06530912SIRHBPLWQDWO" >> $GITHUB_ENV
echo "COGNITO_DOMAIN=auth.minka.cloud" >> $GITHUB_ENV
echo "CERTIFICATE_ARN=arn:aws:acm:us-east-1:631674088803:certificate/0dfc0ddd-8e43-4662-adad-7b55df9bd9c2" >> $GITHUB_ENV
echo "DEPLOY_SAM=false" >> $GITHUB_ENV
- name: Configuration for master branch
if: ${{ github.ref == 'refs/heads/master' }}
# Side note, I can run any Linux converter here, not just 'echo' original -> echo "GCP_WIP=${{ secrets.MAIN_WIP }}" >> $GITHUB_ENV
run: |
echo "AWS_DEFAULT_REGION=eu-west-1" >> $GITHUB_ENV
echo "STACK_NAME=user-minka-cloud-dev" >> $GITHUB_ENV
echo "environment=dev1" >> $GITHUB_ENV
- name: Configuration for dev branch
if: ${{ github.ref == 'refs/heads/dev' }}
run: |
echo "AWS_DEFAULT_REGION=us-east-1" >> $GITHUB_ENV
echo "STACK_NAME=user-minka-cloud-dev" >> $GITHUB_ENV
echo "environment=prod1" >> $GITHUB_ENV
#Cache target folder zip files
- name: Cache target folder
#if: steps.filter.outputs.user_welcome == 'true' || steps.filter.outputs.sam_build == 'true'
id: cache-target-user
uses: actions/cache@v3
env:
cache-name: cache-target-user-folder
with:
path: |
**/user/**/target
key: ${{ runner.os }}-target-user-${{ env.environment }}-${{ hashFiles('**/user/**/target/**/function.zip') }}
- name: Cache maven modules
if: steps.filter.outputs.user_welcome == 'true' || steps.cache-target-user.outputs.cache-hit != 'true'
id: cache-maven
uses: actions/cache@v3
env:
cache-name: cache-maven-modules
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: Config graalvm
if: steps.filter.outputs.user_welcome == 'true' || steps.cache-target-user.outputs.cache-hit != 'true'
uses: graalvm/setup-graalvm@v1
with:
version: 'latest'
java-version: '19'
components: 'native-image'
- name: Maven Clean all projects
if: steps.filter.outputs.user_welcome == 'true' || steps.cache-target-tenant.outputs.cache-hit != 'true'
run: |
mvn -f product/pom.xml -q clean install -DskipTests
echo "DEPLOY_SAM=true" >> $GITHUB_ENV
- name: Maven Clean and Verify on User Welcome Lambda
if: steps.filter.outputs.user_welcome == 'true' || steps.cache-target-user.outputs.cache-hit != 'true'
run: |
mvn -f product/service/lambda-services/user/welcome/pom.xml -q install -Dnative -DskipTests
# - name: Debug filter
# if: steps.filter.outputs.user_welcome == 'true' || steps.cache-target-user.outputs.cache-hit != 'true'
# run: |
# echo "Filter user_welcome: ${{ steps.filter.outputs.user_welcome }}"
# echo "Filter sam_build: ${{ steps.filter.outputs.sam_build }}"
# echo "Cache hit: ${{ steps.cache-target-user.outputs.cache-hit }}"
# echo "DEPLOY_SAM: ${{ env.DEPLOY_SAM }}"
- name: Configure AWS credentials
if: env.DEPLOY_SAM == 'true' || steps.filter.outputs.sam_build == 'true'
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: "GitHubActions"
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Sam build
if: env.DEPLOY_SAM == 'true' || steps.filter.outputs.sam_build == 'true'
run: |
sam build --template infrastructure/service-user.yaml
- name: Sam deploy
if: env.DEPLOY_SAM == 'true' || steps.filter.outputs.sam_build == 'true'
run: |
sam deploy --template-file .aws-sam/build/template.yaml --resolve-s3 \
--stack-name ${{env.STACK_NAME}} \
--capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND CAPABILITY_NAMED_IAM \
--parameter-overrides \
TenantName=${{env.TENANT_NAME}} \
GeneralDomain=${{env.GENERAL_DOMAIN}} \
HostedZoneId=${{env.HOSTED_ZONE_ID}} \
CognitoDomain=${{env.COGNITO_DOMAIN}} \
CertificateArn=${{env.CERTIFICATE_ARN}} \
Environment=${{env.environment}} \