Skip to content
Build, Test and Deploy Development

deploy: container vars refactoring #9

Sign in to view logs

deploy: container vars refactoring

deploy: container vars refactoring #9

Workflow file for this run

.github/workflows/deploy-development.yml at eba40de
name: Build, Test and Deploy Development
on:
pull_request:
branches:
- master
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
build_test_push:
runs-on: ubuntu-latest
environment: development
outputs:
image_tag: ${{ steps.set_image_tag.outputs.image_tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Setup Docker Structure Test
run: >
curl -LO
https://storage.googleapis.com/container-structure-test/latest/container-structure-test-linux-amd64
&& chmod +x container-structure-test-linux-amd64 && sudo mv container-structure-test-linux-amd64
/usr/local/bin/container-structure-test
- name: Set Image Tag
id: set_image_tag
run: |
branch_name=${{ github.head_ref || github.ref_name }}
tag=${{ env.TAG_PREFIX}}-${branch_name//\//-}
echo "$tag"
echo "image_tag=$tag" >> $GITHUB_OUTPUT
env:
TAG_PREFIX: dev
- name: Build Docker Image
uses: docker/build-push-action@v5
with:
context: .
load: true
tags: ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }}
- name: Test Docker Image
run: |
container-structure-test test --image ${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }} --config tests/config.yaml
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
- name: Login to ECR
uses: docker/login-action@v3
with:
registry: ${{ vars.ECR_REGISTRY }}
- name: Build and Push Docker Image
id: build_and_push
uses: docker/build-push-action@v5
with:
context: .
# Only building for AMD64 for now
# platforms: linux/amd64,linux/arm64
push: true
tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ steps.set_image_tag.outputs.image_tag }}
development_deploy:
runs-on: ubuntu-latest
environment: development
env:
tf_version: '1.5.7'
tg_version: '0.54.0'
tg_dir: './deploy/tg'
needs: [build_test_push]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
audience: sts.amazonaws.com
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
- name: Expose github environment as shell variables
env:
SECRETS_CONTEXT: ${{ toJson(secrets) }}
VARS_CONTEXT: ${{ toJson(vars) }}
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; }
echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV
echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV
- name: Terragrunt Plan
uses: gruntwork-io/terragrunt-action@v2
with:
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.tg_dir }}
tg_command: 'plan -out=tf.plan'
env:
TF_INPUT: 0
TF_IN_AUTOMATION: true
# get the image digest from the build job with optional override from vars context
TF_VAR_image: ${{ vars.IMAGE || needs.build_test_push.outputs.image_tag }}
- name: Terragrunt Apply
uses: gruntwork-io/terragrunt-action@v2
with:
tf_version: ${{ env.tf_version }}
tg_version: ${{ env.tg_version }}
tg_dir: ${{ env.tg_dir }}
tg_command: '--terragrunt-non-interactive --terragrunt-log-level info apply -auto-approve tf.plan'
env:
TF_INPUT: 0
TF_IN_AUTOMATION: true
# get the image digest from the build job with optional override from vars context
TF_VAR_image: ${{ vars.IMAGE || needs.build_test_push.outputs.image_tag }}