Skip to content

Bump github/codeql-action from 3.27.3 to 3.27.4 #782

Bump github/codeql-action from 3.27.3 to 3.27.4

Bump github/codeql-action from 3.27.3 to 3.27.4 #782

Workflow file for this run

name: deploy
on:
issue_comment:
types: [ created ]
env:
ARTIFACT_NAME: 'lambda'
AWS_ACCOUNT_ID: ${{ vars.AWS_ACCOUNT_ID }}
AWS_REGION: ${{ vars.AWS_REGION }}
LAMBDA_FUNCTION: 'alexa-london-travel'
TERM: xterm
permissions:
contents: read
jobs:
setup:
runs-on: ubuntu-latest
if: |
github.event.issue.pull_request != '' &&
github.event.repository.fork == false &&
github.triggering_actor == github.event.repository.owner.login &&
startsWith(github.event.comment.body, '/deploy')
outputs:
comment-id: ${{ steps.post-comment.outputs.result }}
environment-name: ${{ steps.set-outputs.outputs.environment-name }}
environment-url: ${{ steps.set-outputs.outputs.environment-url }}
function-architectures: ${{ steps.set-outputs.outputs.function-architectures }}
function-description: ${{ steps.set-outputs.outputs.function-description }}
function-handler: ${{ steps.set-outputs.outputs.function-handler }}
function-memory: ${{ steps.set-outputs.outputs.function-memory }}
function-name: ${{ steps.set-outputs.outputs.function-name }}
function-runtime: ${{ steps.set-outputs.outputs.function-runtime }}
function-timeout: ${{ steps.set-outputs.outputs.function-timeout }}
ref: ${{ steps.set-outputs.outputs.ref }}
run-id: ${{ steps.set-outputs.outputs.run-id }}
workflow-url: ${{ steps.set-outputs.outputs.workflow-url }}
permissions:
actions: read
contents: read
pull-requests: write
steps:
- name: Get environment name
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: get-environment-name
with:
result-encoding: string
script: |
const owner = context.payload.repository.owner.login;
const repo = context.payload.repository.name;
const username = context.payload.comment.user.login;
try {
await github.rest.repos.checkCollaborator({
owner,
repo,
username,
});
} catch (err) {
throw new Error(`Error: @${username} is not a repository collaborator.`);
}
const comment = context.payload.comment.body;
const regex = /^\/deploy(\s+([a-zA-Z\d\-\_]+))?\s*$/;
const arguments = regex.exec(comment);
if (!arguments || arguments.length < 1) {
throw new Error(`Invalid command: ${comment}`);
}
return arguments[2] || 'dev';
- name: 'Find run for #${{ github.event.issue.number }}'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: get-run
env:
PULL_NUMBER: ${{ github.event.issue.number }}
WORKFLOW_NAME: 'build'
with:
script: |
const pull_number = process.env.PULL_NUMBER;
const workflowName = process.env.WORKFLOW_NAME;
const owner = context.repo.owner;
const repo = context.repo.repo;
core.debug(`Getting pull request ${owner}/${repo}#${pull_number}`);
const { data: pull } = await github.rest.pulls.get({
owner,
repo,
pull_number,
});
if (!pull) {
throw new Error(`Pull request ${owner}/${repo}#${pull_number} not found.`);
}
const head_sha = pull.head.sha;
core.debug(`Getting workflow runs for ${owner}/${repo}#${pull_number}@${head_sha}`);
const { data: workflows } = await github.rest.actions.listWorkflowRunsForRepo({
owner,
repo,
event: 'pull_request',
head_sha,
status: 'success',
});
const run = workflows.workflow_runs.find((run) => run.name === workflowName);
if (!run) {
throw new Error(`No successful workflow run found for ${owner}/${repo}@${head_sha.slice(0, 7)} with name ${workflowName}.`);
}
core.setOutput('ref', head_sha);
core.setOutput('run-id', run.id);
core.setOutput('run-number', run.run_number);
- name: 'Download artifact from #${{ github.event.issue.number }}'
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
name: ${{ env.ARTIFACT_NAME }}
run-id: ${{ steps.get-run.outputs.run-id }}
- name: Set outputs
id: set-outputs
env:
LAMBDA_ARTIFACT_REF: ${{ steps.get-run.outputs.ref }}
LAMBDA_ARTIFACT_RUN_ID: ${{ steps.get-run.outputs.run-id }}
LAMBDA_ARTIFACT_RUN_NUMBER: ${{ steps.get-run.outputs.run-number }}
LAMBDA_ENVIRONMENT: ${{ steps.get-environment-name.outputs.result }}
shell: bash
run: |
environment_name="${LAMBDA_ENVIRONMENT}"
lambda_config="$(unzip -p "${LAMBDA_FUNCTION}.zip" aws-lambda-tools-defaults.json)"
if [ "${environment_name}" == "production" ]
then
function_name="${LAMBDA_FUNCTION}"
else
function_name="${LAMBDA_FUNCTION}-${environment_name}"
fi
environment_url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/deployments/${environment_name}"
function_architectures="$(echo "${lambda_config}" | jq -r '."function-architecture"')"
function_description="Deploy build ${LAMBDA_ARTIFACT_RUN_NUMBER} to AWS Lambda via GitHub Actions"
function_handler="$(echo "${lambda_config}" | jq -r '."function-handler"')"
function_memory="$(echo "${lambda_config}" | jq -r '."function-memory-size"')"
function_runtime="$(echo "${lambda_config}" | jq -r '."function-runtime"')"
function_timeout="$(echo "${lambda_config}" | jq -r '."function-timeout"')"
workflow_url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
{
echo "environment-name=${environment_name}"
echo "environment-url=${environment_url}"
echo "function-architectures=${function_architectures}"
echo "function-description=${function_description}"
echo "function-handler=${function_handler}"
echo "function-memory=${function_memory}"
echo "function-name=${function_name}"
echo "function-runtime=${function_runtime}"
echo "function-timeout=${function_timeout}"
echo "ref=${LAMBDA_ARTIFACT_REF}"
echo "run-id=${LAMBDA_ARTIFACT_RUN_ID}"
echo "workflow-url=${workflow_url}"
} >> "$GITHUB_OUTPUT"
- name: Post comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: post-comment
env:
ENVIRONMENT_NAME: ${{ steps.set-outputs.outputs.environment-name }}
ENVIRONMENT_URL: ${{ steps.set-outputs.outputs.environment-url }}
WORKFLOW_URL: ${{ steps.set-outputs.outputs.workflow-url }}
with:
result-encoding: string
script: |
const owner = context.payload.repository.owner.login;
const repo = context.payload.repository.name;
const issue_number = context.issue.number;
const environment = process.env.ENVIRONMENT_NAME;
const environment_url = process.env.ENVIRONMENT_URL;
const workflow_url = process.env.WORKFLOW_URL;
const { data: comment } = await github.rest.issues.createComment({
owner,
repo,
issue_number,
body: `Starting [deployment](${workflow_url}) to [${environment}](${environment_url}) :rocket:`,
});
return comment.id;
deploy:
name: ${{ needs.setup.outputs.environment-name }}
needs: [ setup ]
concurrency: '${{ needs.setup.outputs.environment-name }}_environment'
runs-on: ubuntu-latest
env:
FUNCTION_NAME: ${{ needs.setup.outputs.function-name }}
LAMBDA_ARCHITECTURES: ${{ needs.setup.outputs.function-architectures }}
LAMBDA_DESCRIPTION: ${{ needs.setup.outputs.function-description }}
LAMBDA_HANDLER: ${{ needs.setup.outputs.function-handler }}
LAMBDA_MEMORY: ${{ needs.setup.outputs.function-memory }}
LAMBDA_ROLE: ${{ vars.AWS_LAMBDA_ROLE }}
LAMBDA_RUNTIME: ${{ needs.setup.outputs.function-runtime }}
LAMBDA_TIMEOUT: ${{ needs.setup.outputs.function-timeout }}
environment:
name: ${{ needs.setup.outputs.environment-name }}
permissions:
id-token: write
pull-requests: write
steps:
- name: Download artifacts
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
name: ${{ env.ARTIFACT_NAME }}
run-id: ${{ needs.setup.outputs.run-id }}
- name: Get Lambda environment variables
env:
SKILL_API_URL: ${{ vars.SKILL_API_URL }}
SKILL_ID: ${{ secrets.SKILL_ID }}
TFL_APPLICATION_ID: ${{ secrets.TFL_APPLICATION_ID }}
TFL_APPLICATION_KEY: ${{ secrets.TFL_APPLICATION_KEY }}
VERIFY_SKILL_ID: "true"
shell: bash
run: |
lambda_vars="{\
\"Variables\": {\
\"Skill__SkillApiUrl\": \"${SKILL_API_URL}\",\
\"Skill__SkillId\": \"${SKILL_ID}\",\
\"Skill__TflApplicationId\": \"${TFL_APPLICATION_ID}\",\
\"Skill__TflApplicationKey\": \"${TFL_APPLICATION_KEY}\",\
\"Skill__VerifySkillId\": \"${VERIFY_SKILL_ID}\"\
}\
}"
echo "LAMBDA_ENVIRONMENT_VARIABLES=${lambda_vars}" >> "$GITHUB_ENV"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-deploy
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-deploy-${{ needs.setup.outputs.environment-name }}
aws-region: ${{ env.AWS_REGION }}
- name: Update function code
shell: bash
run: |
aws lambda update-function-code \
--function-name "${FUNCTION_NAME}" \
--architectures "${LAMBDA_ARCHITECTURES}" \
--zip-file "fileb://./${LAMBDA_FUNCTION}.zip"
- name: Wait for function code update
shell: bash
run: |
aws lambda wait function-updated-v2 \
--function-name "${FUNCTION_NAME}"
- name: Update function configuration
shell: bash
env:
LAMBDA_LAYERS: ${{ vars.AWS_LAMBDA_LAYERS }}
LAMBDA_LOGGING_CONFIG: ${{ vars.AWS_LAMBDA_LOGGING_CONFIG }}
LAMBDA_TRACING_MODE: ${{ vars.AWS_TRACING_MODE }}
run: |
aws lambda update-function-configuration \
--function-name "${FUNCTION_NAME}" \
--description "${LAMBDA_DESCRIPTION}" \
--environment "${LAMBDA_ENVIRONMENT_VARIABLES}" \
--handler "${LAMBDA_HANDLER}" \
--layers "${LAMBDA_LAYERS}" \
--logging-config "${LAMBDA_LOGGING_CONFIG}" \
--memory-size "${LAMBDA_MEMORY}" \
--role "${LAMBDA_ROLE}" \
--runtime "${LAMBDA_RUNTIME}" \
--timeout "${LAMBDA_TIMEOUT}" \
--tracing-config "Mode=${LAMBDA_TRACING_MODE}"
- name: Wait for function configuration update
shell: bash
run: |
aws lambda wait function-updated-v2 \
--function-name "${FUNCTION_NAME}"
- name: Post comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: ${{ !cancelled() }}
env:
COMMENT_ID: ${{ needs.setup.outputs.comment-id }}
ENVIRONMENT_NAME: ${{ needs.setup.outputs.environment-name }}
ENVIRONMENT_URL: ${{ needs.setup.outputs.environment-url }}
OUTCOME: ${{ job.status }}
WORKFLOW_URL: ${{ needs.setup.outputs.workflow-url }}
with:
script: |
const owner = context.payload.repository.owner.login;
const repo = context.payload.repository.name;
const comment_id = process.env.COMMENT_ID;
const environment = process.env.ENVIRONMENT_NAME;
const environment_url = process.env.ENVIRONMENT_URL;
const workflow_url = process.env.WORKFLOW_URL;
const succeeded = process.env.OUTCOME === 'success';
const outcome = succeeded ? 'successful' : 'failed';
const emoji = succeeded ? ':white_check_mark:' : ':x:';
await github.rest.issues.updateComment({
owner,
repo,
comment_id,
body: `[Deployment](${workflow_url}) to [${environment}](${environment_url}) ${outcome} ${emoji}`,
});
tests:
name: tests-${{ needs.setup.outputs.environment-name }}
needs: [ setup, deploy ]
runs-on: ubuntu-latest
concurrency: '${{ needs.setup.outputs.environment-name }}_environment'
env:
DOTNET_CLI_TELEMETRY_OPTOUT: true
DOTNET_GENERATE_ASPNET_CERTIFICATE: false
DOTNET_NOLOGO: true
DOTNET_SYSTEM_CONSOLE_ALLOW_ANSI_COLOR_REDIRECTION: 1
NUGET_XMLDOC_MODE: skip
permissions:
id-token: write
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ needs.setup.outputs.ref }}
- name: Setup .NET SDK
uses: actions/setup-dotnet@3e891b0cb619bf60e2c25674b222b8940e2c1c25 # v4.1.0
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github-actions-test
role-session-name: ${{ github.event.repository.name }}-${{ github.run_id }}-tests-${{ needs.setup.outputs.environment-name }}
aws-region: ${{ env.AWS_REGION }}
- name: Run end-to-end tests
shell: pwsh
run: dotnet test ./test/LondonTravel.Skill.EndToEndTests --configuration Release --logger "GitHubActions;report-warnings=false"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LAMBDA_FUNCTION_NAME: ${{ needs.setup.outputs.function-name }}
LWA_CLIENT_ID: ${{ secrets.LWA_CLIENT_ID }}
LWA_CLIENT_SECRET: ${{ secrets.LWA_CLIENT_SECRET }}
LWA_REFRESH_TOKEN: ${{ secrets.LWA_REFRESH_TOKEN }}
PULL_NUMBER: ${{ github.event.issue.number }}
SKILL_ID: ${{ secrets.SKILL_ID }}
SKILL_STAGE: development
- name: Post comment
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
if: ${{ !cancelled() }}
env:
COMMENT_ID: ${{ needs.setup.outputs.comment-id }}
ENVIRONMENT_NAME: ${{ needs.setup.outputs.environment-name }}
ENVIRONMENT_URL: ${{ needs.setup.outputs.environment-url }}
OUTCOME: ${{ job.status }}
WORKFLOW_URL: ${{ needs.setup.outputs.workflow-url }}
with:
script: |
const owner = context.payload.repository.owner.login;
const repo = context.payload.repository.name;
const comment_id = process.env.COMMENT_ID;
const environment = process.env.ENVIRONMENT_NAME;
const environment_url = process.env.ENVIRONMENT_URL;
const workflow_url = process.env.WORKFLOW_URL;
const succeeded = process.env.OUTCOME === 'success';
const outcome = succeeded ? 'passed' : 'failed';
const emoji = succeeded ? ':white_check_mark:' : ':x:';
await github.rest.issues.updateComment({
owner,
repo,
comment_id,
body: `:test_tube: [Tests](${workflow_url}) for deployment to [${environment}](${environment_url}) ${outcome} ${emoji}`,
});