deploy-production.yml: don't rebuild image for workflow_dispatch #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Staging | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build_push: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| outputs: | |
| image_digest: ${{ steps.build_and_push.outputs.digest }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Login to ECR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ vars.ECR_REGISTRY }} | |
| - name: Build and Push Docker Image | |
| id: build_and_push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| # Only building for AMD64 for now | |
| # platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest | |
| staging_deploy: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| env: | |
| tf_version: '1.5.7' | |
| tg_version: '0.54.0' | |
| tg_dir: './deploy/tg' | |
| needs: build_push | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| audience: sts.amazonaws.com | |
| aws-region: ${{ vars.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| - name: Expose github environment as shell variables | |
| env: | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| run: | | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; } | |
| echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV | |
| - name: Terragrunt Plan | |
| uses: gruntwork-io/terragrunt-action@v2 | |
| with: | |
| tf_version: ${{ env.tf_version }} | |
| tg_version: ${{ env.tg_version }} | |
| tg_dir: ${{ env.tg_dir }} | |
| tg_command: 'plan -out=tf.plan' | |
| env: | |
| TF_INPUT: 0 | |
| TF_IN_AUTOMATION: true | |
| # get the image digest from the build job with optional override from vars context | |
| TF_VAR_image: ${{ vars.IMAGE || needs.build_push.outputs.image_digest }} | |
| - name: Terragrunt Apply | |
| uses: gruntwork-io/terragrunt-action@v2 | |
| with: | |
| tf_version: ${{ env.tf_version }} | |
| tg_version: ${{ env.tg_version }} | |
| tg_dir: ${{ env.tg_dir }} | |
| tg_command: '--terragrunt-non-interactive --terragrunt-log-level info apply -auto-approve tf.plan' | |
| env: | |
| TF_INPUT: 0 | |
| TF_IN_AUTOMATION: true | |
| # get the image digest from the build job with optional override from vars context | |
| TF_VAR_image: ${{ vars.IMAGE || needs.build_push.outputs.image_digest }} |