Merge pull request #166 from AustralianBioCommons/AAI-620-fix-approva… #87
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build-and-deploy-dev | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| AWS_REGION: ap-southeast-2 | |
| IMAGE_REPO: 498096047392.dkr.ecr.ap-southeast-2.amazonaws.com/aai-backend | |
| jobs: | |
| docker: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Stamp dev version | |
| run: | | |
| set -euo pipefail | |
| SHORT_SHA=$(git rev-parse --short HEAD) | |
| node <<'JS' | |
| const fs = require('fs'); | |
| const path = 'pyproject.toml'; | |
| const shortSha = (process.env.SHORT_SHA || '').toLowerCase().slice(0, 7); | |
| const lines = fs.readFileSync(path, 'utf8').split('\n'); | |
| let updated = false; | |
| let newVersion = null; | |
| const result = lines.map((line) => { | |
| if (line.startsWith('version = ')) { | |
| const match = line.match(/version = \"(.+)\"/); | |
| if (!match) { | |
| return line; | |
| } | |
| const baseRaw = match[1]; | |
| const cleanBase = baseRaw | |
| .replace(/\.dev\d+(?:\+.+)?$/i, '') | |
| .replace(/\+.+$/i, '') | |
| .replace(/-dev_[0-9a-f]+$/i, ''); | |
| newVersion = `${cleanBase}.dev0+g${shortSha}`; | |
| updated = true; | |
| return `version = "${newVersion}"`; | |
| } | |
| return line; | |
| }); | |
| if (!updated || !newVersion) { | |
| throw new Error('Failed to compute new version'); | |
| } | |
| fs.writeFileSync(path, result.join('\n')); | |
| console.log('Stamped version to', newVersion); | |
| JS | |
| env: | |
| SHORT_SHA: ${{ github.sha }} | |
| - name: Sync uv lockfile | |
| run: | | |
| set -euo pipefail | |
| python -m pip install uv==0.4.20 | |
| uv lock | |
| # Authenticate to AWS | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ECR_PUSH }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build & Push (dev only) | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| platforms: linux/amd64 | |
| push: true | |
| tags: ${{ env.IMAGE_REPO }}:dev | |
| provenance: false | |
| sbom: false | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Deploy dev backend via Lambda | |
| env: | |
| DEPLOY_FUNCTION_NAME: AaiBackendDevDeploymentFunction | |
| IMAGE_TAG: dev | |
| run: | | |
| set -euo pipefail | |
| export AWS_MAX_ATTEMPTS=1 | |
| PAYLOAD=$(jq -n --arg tag "${IMAGE_TAG}" '{tag: $tag}') | |
| RESPONSE_FILE=$(mktemp) | |
| INVOKE_METADATA=$(aws lambda invoke \ | |
| --function-name "${DEPLOY_FUNCTION_NAME}" \ | |
| --payload "${PAYLOAD}" \ | |
| --cli-binary-format raw-in-base64-out \ | |
| --cli-read-timeout 0 \ | |
| "${RESPONSE_FILE}") | |
| echo "${INVOKE_METADATA}" | |
| FUNCTION_ERROR=$(echo "${INVOKE_METADATA}" | jq -r '.FunctionError // empty') | |
| if [ -n "${FUNCTION_ERROR}" ]; then | |
| echo "Deployment lambda reported an error: ${FUNCTION_ERROR}" >&2 | |
| cat "${RESPONSE_FILE}" >&2 || true | |
| exit 1 | |
| fi | |
| cat "${RESPONSE_FILE}" | |
| STATUS=$(jq -r '.status // empty' "${RESPONSE_FILE}") | |
| if [ "${STATUS}" != "SUCCESS" ]; then | |
| echo "Deployment lambda returned unexpected status: ${STATUS}" >&2 | |
| exit 1 | |
| fi |