generated from pagopa/template-aws-infrastructure
-
Notifications
You must be signed in to change notification settings - Fork 2
105 lines (91 loc) · 3.9 KB
/
deploy-lambda-assertion.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Deploy Lambda assertion
on:
push:
branches:
- "main"
paths:
- "**/src/oneid/oneid-lambda-assertion/**"
workflow_dispatch:
inputs:
environment:
description: 'Choose environment'
type: choice
required: true
default: dev
options:
- dev
- uat
- prod
jobs:
setup:
runs-on: ubuntu-22.04
outputs:
matrix: ${{ steps.setmatrix.outputs.matrix }}
steps:
- name: Set Dynamic Env Matrix
id: setmatrix
run: |
echo "github.ref ${{ github.ref }}"
echo "event name ${{ github.event_name }}"
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
if [ "${{ github.event.inputs.environment }}" == "prod" ]; then
matrixStringifiedObject="{\"include\":[{\"environment\":\"prod\", \"region\":\"eu-south-1\"}, {\"environment\":\"prod\", \"region\":\"eu-central-1\"}]}"
else
matrixStringifiedObject="{\"include\":[{\"environment\":\"${{ github.event.inputs.environment }}\", \"region\":\"eu-south-1\"}]}"
fi
else
matrixStringifiedObject="{\"include\":[{\"environment\":\"dev\", \"region\":\"eu-south-1\"}, {\"environment\":\"uat\", \"region\":\"eu-south-1\"}, {\"environment\":\"prod\", \"region\":\"eu-south-1\"}, {\"environment\":\"prod\", \"region\":\"eu-central-1\"}]}"
fi
echo "matrix=$matrixStringifiedObject" >> $GITHUB_OUTPUT
build:
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
- name: Install dependencies
working-directory: src/oneid/oneid-lambda-assertion
run: |
pip install -r ./requirements.txt -t ./
- name: Zip Lambda
working-directory: src/oneid/oneid-lambda-assertion
run: |
mkdir -p ./target && zip -r target/assertion-lambda.zip . -x "*.dist-info/*" -x "target/*"
- name: Archive build artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
with:
name: assertion-lambda
path: ./src/oneid/oneid-lambda-assertion/target/assertion-lambda.zip
deploy:
name: Deploy lambda assertions ${{ matrix.environment }}-${{ matrix.region }}
if: ${{ needs.setup.outputs.matrix != '' }}
runs-on: ubuntu-22.04
needs: [ setup, build ]
strategy:
matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
continue-on-error: false
environment: ${{ matrix.environment == 'prod' && format('{0}/{1}', matrix.environment, matrix.region) || matrix.environment }}
env:
ENV_SHORT: ${{ fromJSON('{"dev":"d","uat":"u","prod":"p"}')[matrix.environment] }}
REGION_SHORT: ${{ fromJSON('{"eu-south-1":"es-1","eu-central-1":"ec-1"}')[matrix.region] }}
permissions:
id-token: write
contents: read
steps:
- name: Download build artifacts
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
with:
name: assertion-lambda
path: ./src/oneid/oneid-lambda-assertion/target
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
role-to-assume: ${{ vars.IAM_ROLE_DEPLOY_LAMBDA }}
aws-region: ${{ matrix.region }}
- name: Update Lambda function (${{ matrix.environment }})
run: |
aws s3 cp src/oneid/oneid-lambda-assertion/target/assertion-lambda.zip s3://${{vars.LAMBDA_CODE_BUCKET_NAME}}/${{vars.LAMBDA_ASSERTION_KEY}}
- name: Deploy Lambda function (${{ matrix.environment }})
run: |
aws lambda update-function-code \
--function-name oneid-${{ env.REGION_SHORT }}-${{ env.ENV_SHORT }}-assertion \
--s3-bucket ${{vars.LAMBDA_CODE_BUCKET_NAME}} --s3-key ${{vars.LAMBDA_ASSERTION_KEY}}