Test ci cd #60
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build and test | |
| on: | |
| pull_request: | |
| branches: | |
| - "master" | |
| env: | |
| AWS_REGION: ap-southeast-2 | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| build_test_push: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| outputs: | |
| image_tag: ${{ steps.set_tag.outputs.image_tag }} | |
| steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # | |
| # - name: Set up QEMU | |
| # uses: docker/setup-qemu-action@v3 | |
| # | |
| # - name: Set up Docker Buildx | |
| # uses: docker/setup-buildx-action@v3 | |
| # | |
| - name: set tag | |
| id: set_tag | |
| run: | | |
| BRANCH_NAME=${{ github.head_ref || github.ref_name }} | |
| echo TAG=${{ env.TAG_PREFIX }}-${BRANCH_NAME//\//_} >> $GITHUB_ENV | |
| echo "image_tag=${{ env.TAG_PREFIX}}-${BRANCH_NAME/\//_}" >> $GITHUB_OUTPUT | |
| env: | |
| TAG_PREFIX: dev | |
| # | |
| # - name: Set up docker structure test | |
| # run: > | |
| # curl -LO | |
| # https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64 | |
| # && chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64 | |
| # /usr/local/bin/container-structure-test | |
| # | |
| # - name: Configure AWS Credentials | |
| # if: ${{ !env.ACT }} | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # audience: sts.amazonaws.com | |
| # aws-region: ${{ env.AWS_REGION }} | |
| # role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| # | |
| # - name: Login to ECR | |
| # if: ${{ !env.ACT }} | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ${{ vars.ECR_REGISTRY }} | |
| # | |
| # - name: Build | |
| # uses: docker/build-push-action@v5 | |
| # with: | |
| # context: . | |
| # load: true | |
| # tags: ${{ vars.ECR_REPOSITORY }}:${{ env.TAG }} | |
| # | |
| # - name: Test | |
| # run: | | |
| # container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:${{ env.TAG }} --config tests/config.yaml | |
| # | |
| # - name: Build and push | |
| # if: ${{ !env.ACT }} | |
| # uses: docker/build-push-action@v5 | |
| # with: | |
| # context: . | |
| ## platforms: linux/amd64,linux/arm64 | |
| # push: true | |
| # tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ env.TAG }} | |
| staging_deploy_plan: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| needs: build_test_push | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| if: ${{ !env.ACT }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Export shared infrastructure SSM parameter values to auto.tfvars.json files | |
| env: | |
| deploy_path: ./deploy/tg/ecs | |
| environment: ${{ vars.ENVIRONMENT }} | |
| run: | | |
| params=( apps/alb/${{ vars.ALB }} apps/ecr/${{ vars.ECR_REPOSITORY }} core rds/${{ vars.RDS_DB }} ) | |
| for param in ${params[@]}; do | |
| filename="$environment.${param//\//-}.auto.tfvars.json" | |
| aws ssm get-parameters-by-path \ | |
| --path "/$param/" \ | |
| --recursive \ | |
| --output json \ | |
| --query 'Parameters[*]' \ | |
| | jq '. |= map({ (.Name | split("/")[-1]): .Value }) | add' \ | |
| > "$deploy_path/$filename" | |
| done | |
| - name: Expose github environment as shell variables | |
| env: | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | |
| echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| - name: debug vars | |
| run: | | |
| cat ./deploy/tg/ecs/*.auto.tfvars.json | jq -r | |
| # - name: Terragrunt Plan | |
| # id: terragrunt_plan | |
| # uses: gruntwork-io/[email protected] | |
| # with: | |
| # tf_version: '1.5.7' | |
| # tg_version: '0.51.0' | |
| # tg_dir: './deploy/tg' | |
| # tg_command: 'run-all plan' | |
| # env: | |
| # TF_INPUT: 0 | |
| # TF_IN_AUTOMATION: true | |
| # TF_VAR_image_tag: ${{ vars.IMAGE_TAG || needs.build_test_push.outputs.image_tag }} | |
| # staging_deploy_apply: | |
| # runs-on: ubuntu-latest | |
| # environment: staging | |
| # needs: [staging_deploy_plan, build_test_push] | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # | |
| # - name: Configure AWS Credentials | |
| # if: ${{ !env.ACT }} | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # audience: sts.amazonaws.com | |
| # aws-region: ${{ vars.AWS_REGION }} | |
| # role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| # | |
| # - name: Expose github environment as shell variables | |
| # env: | |
| # SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| # VARS_CONTEXT: ${{ toJson(vars) }} | |
| # run: | | |
| # # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable | |
| # # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings | |
| # EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| # to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | |
| # echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| # echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| # | |
| # - name: Terragrunt Apply | |
| # id: terragrunt_plan | |
| # uses: gruntwork-io/[email protected] | |
| # with: | |
| # tf_version: '1.5.7' | |
| # tg_version: '0.51.0' | |
| # tg_dir: './deploy/tg' | |
| # tg_command: 'run-all apply' | |
| # env: | |
| # TF_INPUT: 0 | |
| # TF_IN_AUTOMATION: true |