-
Notifications
You must be signed in to change notification settings - Fork 1
145 lines (124 loc) · 3.99 KB
/
deploy.yml
File metadata and controls
145 lines (124 loc) · 3.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Deploy
on:
push:
tags: 'v[0-9]+.[0-9]+.[0-9]+*'
workflow_dispatch:
env:
NODE_VERSION: 18
REGISTRY: ghcr.io
IMAGE_NAME: object-object/discord-github-utils
jobs:
build:
uses: ./.github/workflows/build.yml
secrets: inherit
push-image:
needs:
- build
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
environment:
name: docker
url: https://${{ needs.build.outputs.image-tag }}
outputs:
digest: ${{ steps.digest.outputs.value }}
steps:
- uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: docker-image
path: /tmp
- name: Load image
run: docker load --input /tmp/image.tar
- name: Push image
run: docker image push --all-tags ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Get image digest
id: digest
run: echo "value=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ needs.build.outputs.image-tag }})" >> "$GITHUB_OUTPUT"
deploy-aws-cdk:
needs:
- build
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
environment:
name: prod-aws-cdk
steps:
- uses: actions/checkout@v4
- uses: object-Object/ci/setup@v0
with:
node-version: ${{ env.NODE_VERSION }}
npm-packages: aws-cdk
role-to-assume: repo
- name: Download synth artifact
uses: actions/download-artifact@v4
with:
name: aws-cdk-synth
path: cdk.out
- name: Deploy stack
run: cdk deploy --ci --no-lookups --require-approval=never --app=cdk.out --outputs-file=outputs.json
- name: Upload outputs artifact
uses: actions/upload-artifact@v4
with:
name: aws-cdk-outputs
path: outputs.json
deploy-codedeploy:
needs:
- push-image
- deploy-aws-cdk
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
environment:
name: prod-codedeploy
url: ${{ steps.deploy.outputs.deployment-url }}
steps:
- uses: actions/checkout@v4
- name: Download outputs artifact
uses: actions/download-artifact@v4
with:
name: aws-cdk-outputs
- name: Parse outputs
id: parse
uses: object-Object/ci/parse-cdk-outputs@v0
with:
file: outputs.json
- uses: object-Object/ci/setup@v0
with:
python-version-file: .python-version
role-to-assume: ${{ steps.parse.outputs.ActionsCodeDeployRoleARN }}
- name: Create runtime files
working-directory: codedeploy
run: |
mkdir -p secrets
cat <<END_OF_FILE > .env
IMAGE="${{ needs.push-image.outputs.digest }}"
TOKEN="${{ secrets.DISCORD_TOKEN }}"
GITHUB__CLIENT_SECRET="${{ secrets.GH_APP_CLIENT_SECRET }}"
DEPLOYMENT="{}"
DEPLOYMENT__COMMIT_SHA="${{ github.sha }}"
DEPLOYMENT__COMMIT_TIMESTAMP="$(git show --no-patch --format=%at ${{ github.sha }})"
DEPLOYMENT__COMMIT_MESSAGE="$(git log --oneline --format=%B -n 1 ${{ github.sha }} | head -n 1)"
END_OF_FILE
cat <<END_OF_FILE > secrets/github__private_key
${{ secrets.GH_APP_PRIVATE_KEY }}
END_OF_FILE
- name: Deploy application
id: deploy
uses: object-Object/ci/deploy-codedeploy@v0
with:
path: codedeploy
stack: ${{ steps.parse.outputs.stack-name }}
application: ${{ steps.parse.outputs.ApplicationName }}
deployment-group: ${{ steps.parse.outputs.DeploymentGroupName }}
s3-bucket: ${{ steps.parse.outputs.ArtifactsBucketName }}