chore: update deployment workflow to support pull requests and configure AWS credentials #62
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| paths: | |
| - "lib/**" | |
| - "integration_tests/**" | |
| - "package.json" | |
| - "package-lock.json" | |
| jobs: | |
| build_package_and_deploy: | |
| name: Build, package and deploy | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 90 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} | |
| AWS_DEFAULT_REGION: 'us-west-2' | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| cache: "npm" | |
| - name: Install All Dependencies | |
| run: npm run install:all | |
| - name: Compile project | |
| run: npm run build | |
| - name: Generate distribution packages | |
| run: npm run package | |
| - name: Install deployment environment | |
| id: install_deploy_env | |
| run: | | |
| # install deployment environment with eoapi-cdk from build | |
| python -m venv .deployment_venv | |
| source .deployment_venv/bin/activate | |
| pip install dist/python/*.gz | |
| cd integration_tests/cdk | |
| pip install -r requirements.txt | |
| npm install | |
| deactivate | |
| cd - | |
| # use short commit SHA to name stacks | |
| - uses: benjlevesque/[email protected] | |
| id: short-sha | |
| with: | |
| length: 6 | |
| - name: Deploy test stack | |
| id: deploy_step | |
| env: | |
| PROJECT_ID: ${{ steps.short-sha.outputs.sha }} | |
| run: | | |
| source .deployment_venv/bin/activate | |
| npx cdk deploy --ci --all --require-approval never | |
| deactivate | |
| cd - | |
| - name: Tear down any infrastructure | |
| if: always() | |
| env: | |
| PROJECT_ID: ${{ steps.short-sha.outputs.sha }} | |
| run: | | |
| cd integration_tests/cdk | |
| # run this only if we find a 'cdk.out' directory, which means there might be things to tear down | |
| if [ -d "cdk.out" ]; then | |
| cd - | |
| source .deployment_venv/bin/activate | |
| cd integration_tests/cdk | |
| # see https://github.com/aws/aws-cdk/issues/24946 | |
| # this didn't work : rm -f cdk.out/synth.lock | |
| # so we just duplicate the cdk output to cdk-destroy.out | |
| npx cdk destroy --output cdk-destroy.out --ci --all --force | |
| fi |