-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (123 loc) · 4.43 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Deploy API
on:
push:
branches:
- master
concurrency: deployment
permissions:
pull-requests: write # so we can comment on PR
id-token: write # This is required for aws creds requesting the JWT
contents: read # This is required for aws creds actions/checkout
env:
AWS_ACCOUNT: '276304361801'
AWS_REGION: 'us-west-2'
PYTHON_VERSION: '3.11'
NODE_VERSION: '18'
jobs:
deploy-dev:
runs-on: ubuntu-latest
environment: dev
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: install poetry
run: |
python -m pip install poetry
- name: make install
run: |
make install
poetry run npx cdk --version
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/github-${{ github.repository_owner }}-${{ github.event.repository.name }}-role
aws-region: ${{ env.AWS_REGION }}
- name: cdk deploy
run: |
poetry run npx cdk --require-approval never deploy \
--outputs-file=outputs.json \
--context jwks_url="https://assets.auth.magic.link/split-key/.well-known/jwks_dev.json" \
--context env_name=dev \
--context domain_name=dkms-customer-api.dev.magic.link \
--context acm_cert_arn="arn:aws:acm:us-west-2:276304361801:certificate/30c64e13-f9f5-4c66-b7f5-65b6a84f50d3" \
--context cors_allow_origins='*'
- name: health check
run: |
API_URL=$(jq -r '.[].dkmscustomerapiurl' outputs.json)
curl -s --fail-with-body ${API_URL}healthz
deploy-stagef:
runs-on: ubuntu-latest
needs: deploy-dev
environment: stagef
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: install poetry
run: |
python -m pip install poetry
- name: make install
run: |
make install
poetry run npx cdk --version
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/github-${{ github.repository_owner }}-${{ github.event.repository.name }}-role
aws-region: ${{ env.AWS_REGION }}
- name: cdk deploy
run: |
poetry run npx cdk --require-approval never deploy \
--outputs-file=outputs.json \
--context jwks_url="https://assets.auth.magic.link/split-key/.well-known/jwks_stagef.json" \
--context env_name=stagef \
--context domain_name=dkms-customer-api.stagef.magic.link \
--context acm_cert_arn="arn:aws:acm:us-west-2:276304361801:certificate/6ce412b4-6b84-4f8d-a775-71c8af130b56" \
--context cors_allow_origins='*'
- name: health check
run: |
API_URL=$(jq -r '.[].dkmscustomerapiurl' outputs.json)
curl -s --fail-with-body ${API_URL}healthz
deploy-prod:
runs-on: ubuntu-latest
needs: deploy-stagef
environment: prod
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: install poetry
run: |
python -m pip install poetry
- name: make install
run: |
make install
poetry run npx cdk --version
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT }}:role/github-${{ github.repository_owner }}-${{ github.event.repository.name }}-role
aws-region: ${{ env.AWS_REGION }}
- name: cdk deploy
run: |
poetry run npx cdk --require-approval never deploy \
--outputs-file=outputs.json \
--context domain_name=dkms-customer-api.magic.link \
--context acm_cert_arn="arn:aws:acm:us-west-2:276304361801:certificate/f278cd4d-e846-4063-bb00-bd15c382bb41"
- name: health check
run: |
API_URL=$(jq -r '.[].dkmscustomerapiurl' outputs.json)
curl -s --fail-with-body ${API_URL}healthz