Skip to content

Merge pull request #272 from nulib/2822-config-secrets #344

Merge pull request #272 from nulib/2822-config-secrets

Merge pull request #272 from nulib/2822-config-secrets #344

Workflow file for this run

name: Deploy
on:
push:
branches:
- deploy/*
- main
paths:
- ".github/workflows/deploy.yml"
- "node/**"
- "chat/**"
- "template.yaml"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
build-deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
steps:
- name: Set CONFIG_ENV from Branch Name
run: |
if [[ $BRANCH == 'refs/heads/main' ]]; then
echo "CONFIG_ENV=production" >> $GITHUB_ENV
else
echo "CONFIG_ENV=$(echo $BRANCH | awk -F/ '{print $NF}')" >> $GITHUB_ENV
fi
env:
BRANCH: ${{ github.ref }}
- name: Confirm deploy environment
run: echo "Deploying to '$CONFIG_ENV' environment"
- name: Set GitHub Deploy Key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.TFVARS_DEPLOY_KEY }}
- uses: actions/checkout@v2
- uses: actions/checkout@v2
with:
repository: "nulib/tfvars"
ref: main
path: ".tfvars"
- uses: actions/setup-python@v2
with:
python-version: '3.10'
- uses: aws-actions/setup-sam@v1
- uses: aws-actions/configure-aws-credentials@master
with:
role-to-assume: arn:aws:iam::${{ secrets.AwsAccount }}:role/github-actions-role
aws-region: us-east-1
- run: ln -s .tfvars/dc-api/samconfig.toml .
- run: ln -s .tfvars/dc-api/$CONFIG_ENV.parameters .
- run: make build
- run: |
sam deploy \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--config-env $CONFIG_ENV \
--config-file ./samconfig.toml \
--parameter-overrides $(while IFS='=' read -r key value; do params+=" $key=$value"; done < ./$CONFIG_ENV.parameters && echo "$params HoneybadgerRevision=$HONEYBADGER_REVISION") \
| sed 's/\(Parameter overrides\s*\): .*/\1: ***** REDACTED *****/'
exit ${PIPESTATUS[0]}
env:
HONEYBADGER_REVISION: ${{ github.sha }}