data-analytics-platform/.github/workflows/deploy-to-dev-demo.yml at d9da30c45aa58e296b48c69b1d83647c102566c0 · govuk-one-login/data-analytics-platform · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
name: ✳️ Deploy to the dev environment (demo)

on:
  push:
    branches:
      - dpt-2070

jobs:
  test-and-validate:
    secrets: inherit
    uses: ./.github/workflows/test-and-validate.yml

  build-and-release-etl-job:
    # These permissions are needed to interact with GitHub's OIDC Token endpoint (enabling the aws-actions/configure-aws-credentials action)
    permissions:
      id-token: write
      contents: read
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: eu-west-2
          role-to-assume: ${{ secrets.GH_ACTIONS_ROLE_ARN_DEMO }}
      - name: Build release distributions
        env:
          ARTIFACT_BUCKET_NAME: ${{ secrets.ARTEFACT_BUCKET_NAME_DEMO }}
        run: scripts/build-and-deploy-etl.sh dev remote

  deploy-main-application:
    needs: [test-and-validate, build-and-release-etl-job]
    # These permissions are needed to interact with GitHub's OIDC Token endpoint (enabling the aws-actions/configure-aws-credentials action)
    permissions:
      id-token: write
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository code
        uses: actions/checkout@v5
      - name: Node setup
        uses: actions/setup-node@v4
        with:
          node-version: 22
          cache: npm
      - name: Install node packages
        run: npm ci
      - name: Build lambdas
        run: npm run build
      - name: Build SAM template
        run: npm run iac:build -- main
      - name: SAM setup
        uses: aws-actions/setup-sam@v2
        with:
          use-installer: true
          version: 1.134.0
      - name: SAM build
        run: sam build
      - name: Assume AWS GitHub actions role
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: eu-west-2
          role-to-assume: ${{ secrets.GH_ACTIONS_ROLE_ARN_DEMO}}
      - name: Trigger secure pipeline deployment
        uses: govuk-one-login/devplatform-upload-action@v3.11.0
        with:
          artifact-bucket-name: ${{ secrets.ARTEFACT_BUCKET_NAME_DEMO }}
          signing-profile-name: ${{ secrets.SIGNING_PROFILE_NAME_DEMO }}
          working-directory: .