-
Notifications
You must be signed in to change notification settings - Fork 1
95 lines (92 loc) · 3.28 KB
/
ci-cd-pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: CI/CD Pipeline
on:
push:
branches: [main, prod-ready]
jobs:
# Determines the environment to deploy the backend to
set-env:
runs-on: ubuntu-latest
outputs:
env: ${{ steps.setvars.outputs.env }}
# Deploys to staging/prod environment depending on branch name
steps:
- name: determine env
run: |
if [[ "${{github.base_ref}}" == "main" || "${{github.ref}}" == "refs/heads/main" ]]; then
echo "::set-output name=env::staging"
fi
if [[ "${{github.base_ref}}" == "prod-ready" || "${{github.ref}}" == "refs/heads/prod-ready" ]]; then
echo "::set-output name=env::prod"
fi
# Change detection for filtering jobs
changes:
runs-on: ubuntu-latest
# Required permissions
permissions:
pull-requests: read
outputs:
backend: ${{ steps.filter.outputs.backend }}
frontend: ${{ steps.filter.outputs.frontend }}
steps:
- uses: actions/checkout@v4
# For pull requests it's not necessary to checkout the code
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
backend:
- 'backend/**'
frontend:
- 'frontend/**'
frontend:
defaults:
run:
working-directory: frontend
permissions:
id-token: write
contents: read
needs: changes
if: ${{needs.changes.outputs.frontend == 'true'}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
- run: npm install
- run: npm run build
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::035306758865:role/gh-short-lived-creds
aws-region: us-east-1
- run: aws s3 sync build/ s3://flatini.formulathoughts.com
- run: aws cloudfront create-invalidation --distribution-id ${{secrets.DISTRIBUTION_ID}} --paths "/*"
backend:
needs: changes
if: ${{ needs.changes.outputs.backend == 'true' }}
runs-on: ubuntu-latest
steps:
- name: checkout head
uses: actions/checkout@v4
- name: Set up Python 3.10
uses: actions/setup-python@v4
with:
python-version: "3.10"
- name: backend tests
run: |
cd backend
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install -r requirements-test.txt
python -m unittest
- name: setup aws cli
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-2
- name: build and deploy to aws
run: |
cd backend && sh clean_build.sh
sam deploy --no-fail-on-empty-changeset --no-confirm-changeset --stack-name flatini-api-${{needs.init.outputs.env}} --s3-bucket flatini-api-${{needs.init.outputs.env}}-s3 --region eu-west-2 --capabilities CAPABILITY_IAM --parameter-overrides ParameterKey=GoogleClientSecret,ParameterValue="${{ secrets.GOOGLE_CLIENT_SECRET }}" ParameterKey=GoogleClientId,ParameterValue="${{ secrets.GOOGLE_CLIENT_ID }}"