-
Notifications
You must be signed in to change notification settings - Fork 46
91 lines (89 loc) · 3.73 KB
/
aws-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
name: deploy to aws
on:
workflow_dispatch:
inputs:
mfaCode:
type: string
description: MFA Code
required: true
region:
description: 'region on which you want to deploy'
type: choice
options:
- eu-west-1
- us-east-1
required: true
lambdaPerfEnv:
description: 'environment on which you want to deploy'
type: choice
options:
- staging
- production
required: true
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: AWS Authentication
env:
AWS_MFA_ARN: ${{ secrets.RESTRICTED_AWS_MFA_ARN }}
AWS_REGION: ${{ inputs.region }}
AWS_ACCESS_KEY_ID: ${{ secrets.RESTRICTED_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.RESTRICTED_AWS_SECRET_ACCESS_KEY }}
run: |
creds_json=$(aws sts get-session-token --serial-number ${AWS_MFA_ARN} --token-code ${{ inputs.mfaCode }})
echo $creds_json > /tmp/creds_json
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install Zig toolchain
uses: korandoru/setup-zig@v1
with:
zig-version: 0.10.0
- name: Install Cargo Lambda
uses: jaxxstorm/action-install-gh-release@v1.9.0
with:
repo: cargo-lambda/cargo-lambda
platform: linux
arch: x86_64
- name: test
run: cargo test
- name: build
run: ./build.sh
- name: install dependencies
run: |
cd ./result-builder && yarn install
- name: install Serverless Framework
run: sudo yarn global add serverless@^3.27.0 --prefix /usr/local
- name: deploy
env:
AWS_REGION: ${{ inputs.region }}
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
GH_AUTH_TOKEN: ${{ secrets.GH_AUTH_TOKEN }}
LAMBDA_PERF_ENV: ${{ inputs.lambdaPerfEnv }}
run: |
export AWS_ACCESS_KEY_ID=$(cat /tmp/creds_json | jq .Credentials.AccessKeyId |tr -d '"')
export AWS_SECRET_ACCESS_KEY=$(cat /tmp/creds_json | jq .Credentials.SecretAccessKey| tr -d '"')
export AWS_SESSION_TOKEN=$(cat /tmp/creds_json | jq .Credentials.SessionToken|tr -d '"')
sls deploy --force
- name: Remove the cron job scheduler in staging (eu-west-1)
if: "${{ inputs.region == 'eu-west-1' }}"
run: |
export AWS_ACCESS_KEY_ID=$(cat /tmp/creds_json | jq .Credentials.AccessKeyId |tr -d '"')
export AWS_SECRET_ACCESS_KEY=$(cat /tmp/creds_json | jq .Credentials.SecretAccessKey| tr -d '"')
export AWS_SESSION_TOKEN=$(cat /tmp/creds_json | jq .Credentials.SessionToken|tr -d '"')
RULE_NAME=$(aws events list-rule-names-by-target --target-arn arn:aws:lambda:${{ inputs.region }}:${{ secrets.AWS_ACCOUNT_ID }}:function:lambda-perf-dev-functionTriggerDeployerRs --region ${{ inputs.region }} | jq -r '.RuleNames[0]')
echo "Disabling rule ${RULE_NAME}"
aws events disable-rule --name $RULE_NAME --region ${{ inputs.region }}
RULE_NAME=$(aws events list-rule-names-by-target --target-arn arn:aws:lambda:${{ inputs.region }}:${{ secrets.AWS_ACCOUNT_ID }}:function:lambda-perf-dev-resultBuilder --region ${{ inputs.region }} | jq -r '.RuleNames[0]')
echo "Disabling rule ${RULE_NAME}"
aws events disable-rule --name $RULE_NAME --region ${{ inputs.region }}