-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (115 loc) · 3.92 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: CICD with AWS CDK
run-name: ${{ github.actor }} pushed a change via GitHub Actions 🚀
on:
push:
branches: [ "main", "master" ]
pull_request:
branches: [ "main", "master" ]
env:
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
REGISTRY_ALIAS: ${{ secrets.REGISTRY_ALIAS }}
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
permissions:
pull-requests: write
jobs:
build:
# This job should be set to only run if there is a change in the Dockerfile
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
# an action can be added here to test the image before building
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Build, tag, and push docker image to Amazon ECR Public
env:
REGISTRY: ${{ steps.login-ecr-public.outputs.registry }}
REGISTRY_ALIAS: ${{ env.REGISTRY_ALIAS }}
REPOSITORY: node-ecr-repo
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:$IMAGE_TAG -t $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY:latest .
docker push $REGISTRY/$REGISTRY_ALIAS/$REPOSITORY --all-tags
working-directory: ./nodeapp
infra-test:
needs:
- build
if: |
github.event_name == 'pull_request'
# && always() &&
# (needs.build.result == 'skipped' || needs.build.result == 'success') &&
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
- uses: actions/setup-node@v4
with:
node-version: 22
- run: npm install -g aws-cdk
- uses: actions/setup-python@v5
with:
python-version: '3.12.7'
- name: venv
id: venv
run: |-
python3 -m venv .venv
source .venv/bin/activate
python -m pip install -r requirements.txt
cdk bootstrap
cdk diff
cdk synth
- run: echo "🍏 This job's status is ${{ job.status }}."
Deploy:
needs:
- build
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
- uses: actions/setup-node@v4
with:
node-version: 22
- run: npm install -g aws-cdk
- uses: actions/setup-python@v5
with:
python-version: '3.12.7'
# uncomment this block to deploy the infra
- name: venv
id: venv
run: |-
python3 -m venv .venv
source .venv/bin/activate
python -m pip install -r requirements.txt
cdk deploy --require-approval never
# # uncomment this block to tear down infra
# - name: destroy-venv
# id: destroy-venv
# run: |-
# python3 -m venv .venv
# source .venv/bin/activate
# python -m pip install -r requirements.txt
# cdk destroy --force
- run: echo "🍏 This job's status is ${{ job.status }}."