workflows: fix tg step names #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Staging | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: The branch/tag/sha to deploy from | |
| required: true | |
| type: string | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build_test_push: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| outputs: | |
| image_digest: ${{ steps.build_and_push.outputs.digest }} | |
| image_metadata: ${{ steps.build_and_push.outputs.metadata }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ inputs.ref || github.ref }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.ECR_REGISTRY }} | |
| - name: Build and Push Docker Image | |
| id: build_and_push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| # Only building for AMD64 for now | |
| # platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest | |
| staging_deploy: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| env: | |
| tf_version: '1.5.7' | |
| tg_version: '0.51.0' | |
| tg_dir: './deploy/tg' | |
| needs: build_test_push | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Expose github environment as shell variables | |
| env: | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | |
| echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| - name: Terragrunt Plan | |
| id: terragrunt_plan | |
| uses: gruntwork-io/[email protected] | |
| with: | |
| tf_version: ${{ env.tf_version }} | |
| tg_version: ${{ env.tg_version }} | |
| tg_dir: ${{ env.tg_dir }} | |
| tg_command: 'run-all plan -out=tf.plan' | |
| env: | |
| TF_INPUT: 0 | |
| TF_IN_AUTOMATION: true | |
| # get the image digest from the build job with optional override from vars context | |
| TF_VAR_image: ${{ vars.IMAGE || needs.build_test_push.outputs.image_digest }} | |
| - name: Terragrunt Apply | |
| id: terragrunt_apply | |
| uses: gruntwork-io/[email protected] | |
| with: | |
| tf_version: ${{ env.tf_version }} | |
| tg_version: ${{ env.tg_version }} | |
| tg_dir: ${{ env.tg_dir }} | |
| tg_command: 'run-all apply tf.plan' | |
| env: | |
| TF_INPUT: 0 | |
| TF_IN_AUTOMATION: true | |
| # get the image digest from the build job with optional override from vars context | |
| TF_VAR_image: ${{ vars.IMAGE || needs.build_test_push.outputs.image_digest }} | |
| create_draft_release: | |
| name: Create Release | |
| runs-on: ubuntu-latest | |
| needs: [build_test_push] | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Write image metadata to file | |
| id: metadata_to_file | |
| run: echo '${{ needs.build_test_push.outputs.image_metadata }}' > metadata.json | |
| - name: Create Draft Release | |
| id: create_draft_release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| name: Draft Release - commit '${{ github.sha }}' | |
| body: | | |
| ## Info | |
| This draft release has been automatically created from merge commit '${{ github.event.head_commit.message }}'. | |
| Commit ${{ github.sha }} was deployed to `staging`. [See code diff](${{ github.event.compare }}). | |
| It was initialized by [${{ github.event.sender.login }}](${{ github.event.sender.html_url }}). | |
| ## How to Promote? | |
| In order to promote this to prod, edit the draft, create a new tag (using [semver](https://semver.org)) and press **"Publish release"**. | |
| draft: true | |
| files: metadata.json |