-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathdeploy-auth-api-combined-dev-sp.yml
More file actions
114 lines (101 loc) · 5.64 KB
/
Copy pathdeploy-auth-api-combined-dev-sp.yml
File metadata and controls
114 lines (101 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: "SP - DEV: Build and deploy API modules"
run-name: "Build and deploy ${{ inputs.api_name }} API to ${{ inputs.environment }}"
on:
workflow_dispatch:
inputs:
api_name:
description: "API to deploy"
type: choice
required: true
options:
- account-data
- account-management
- auth-int-ext
- stubs
- utils
environment:
description: "Environment to run against"
type: choice
required: true
options:
- authdev1
- authdev2
- authdev3
- dev
env:
AWS_REGION: eu-west-2
JAVA_VERSION: 17
JAVA_DISTRIBUTION: corretto
RAIN_VERSION: v1.23.0
RAIN_ARCH: linux-amd64
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 60
environment: ${{ inputs.environment }}
permissions:
id-token: write
contents: read
steps:
- name: Checkout repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set up SAM cli
uses: aws-actions/setup-sam@89ddb14d60e682855e3fea4be85b3c56485de310 # v2
with:
use-installer: true
version: 1.159.1
- name: Set up AWS creds
uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1
with:
role-to-assume: ${{ inputs.api_name == 'account-data' && secrets.GH_ACTIONS_AD_ROLE_ARN || inputs.api_name == 'account-management' && secrets.GH_ACTIONS_AM_ROLE_ARN || inputs.api_name == 'auth-int-ext' && secrets.GH_ACTIONS_ROLE_ARN || inputs.api_name == 'stubs' && secrets.GH_ACTIONS_ROLE_ARN_STUBS_API || inputs.api_name == 'utils' && secrets.GH_ACTIONS_UT_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- name: Set up JDK 17
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 #v5.2.0
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.JAVA_DISTRIBUTION }}
cache: gradle
- name: Set up Gradle
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v4
with:
gradle-version: wrapper
cache-read-only: false
- name: Gradle build
run: ${{ inputs.api_name == 'account-data' && './gradlew --no-daemon --parallel :account-data-api:buildZip' || inputs.api_name == 'account-management' && './gradlew --no-daemon --parallel :account-management-api:buildZip' || inputs.api_name == 'auth-int-ext' && './gradlew --no-daemon --parallel :auth-external-api:buildZip :frontend-api:buildZip :ipv-api:buildZip :delivery-receipts-api:buildZip' || inputs.api_name == 'stubs' && './gradlew --no-daemon --parallel :ticf-cri-stub:buildZip :interventions-api-stub:buildZip' || inputs.api_name == 'utils' && './gradlew --no-daemon --parallel :utils:buildZip :test-services-api:buildZip' }}
- name: Install Rain
env:
VERSION: ${{ env.RAIN_VERSION }}
ARCH: ${{ env.RAIN_ARCH }}
run: |
wget -q "https://github.com/aws-cloudformation/rain/releases/download/${VERSION}/rain-${VERSION}_${ARCH}.zip"
unzip "rain-${VERSION}_${ARCH}.zip"
chmod +x "rain-${VERSION}_${ARCH}/rain"
mv "rain-${VERSION}_${ARCH}/rain" /usr/local/bin/rain
- name: Generate template
run: "./scripts/merge-templates.sh"
env:
TEMPLATE_SOURCE_DIR: ${{ inputs.api_name == 'account-data' && 'ci/cloudformation/account-data' || inputs.api_name == 'account-management' && 'ci/cloudformation/account-management' || inputs.api_name == 'auth-int-ext' && 'ci/cloudformation/auth' || inputs.api_name == 'stubs' && 'ci/cloudformation/stubs' || inputs.api_name == 'utils' && 'ci/cloudformation/utils' }}
TEMPLATE_FILE: ${{ inputs.api_name == 'account-data' && 'ad-template.yaml' || inputs.api_name == 'account-management' && 'am-template.yaml' || inputs.api_name == 'auth-int-ext' && 'auth-template.yaml' || inputs.api_name == 'stubs' && 'stubs-template.yaml' || inputs.api_name == 'utils' && 'utils-template.yaml' }}
- name: SAM build
run: |
TEMPLATE_FILE="${{ inputs.api_name == 'account-data' && 'ad-template.yaml' || inputs.api_name == 'account-management' && 'am-template.yaml' || inputs.api_name == 'auth-int-ext' && 'auth-template.yaml' || inputs.api_name == 'stubs' && 'stubs-template.yaml' || inputs.api_name == 'utils' && 'utils-template.yaml' }}"
sam validate --lint -t $TEMPLATE_FILE
sam build --parallel -t $TEMPLATE_FILE
- name: Extract PR number and commit message
id: version_info
run: |
HEAD_MESSAGE=$(git log -1 --format=%s)
SHORT_SHA=$(git rev-parse --short HEAD)
if [[ "$HEAD_MESSAGE" =~ \(#([0-9]+)\) ]]; then
VERSION="#${BASH_REMATCH[1]} - ${HEAD_MESSAGE}"
else
VERSION="${SHORT_SHA}${HEAD_MESSAGE:+: $HEAD_MESSAGE}"
fi
echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
- name: Deploy SAM app
uses: govuk-one-login/devplatform-upload-action@5879c30205266ad61e8299a4fcea76364530c9c1 # v3.14.0
with:
artifact-bucket-name: ${{ inputs.api_name == 'account-data' && secrets.ARTIFACT_SOURCE_AD_BUCKET_NAME || inputs.api_name == 'account-management' && secrets.ARTIFACT_SOURCE_AM_BUCKET_NAME || inputs.api_name == 'auth-int-ext' && secrets.ARTIFACT_SOURCE_BUCKET_NAME || inputs.api_name == 'stubs' && secrets.ARTIFACT_BUCKET_STUBS_API || inputs.api_name == 'utils' && secrets.ARTIFACT_SOURCE_UT_BUCKET_NAME }}
signing-profile-name: ${{ secrets.SIGNING_PROFILE_NAME }}
working-directory: .aws-sam/build
version: ${{ steps.version_info.outputs.version }}