-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(Github): Initial version of GH Actions for CI/CD
- Loading branch information
1 parent
32f672a
commit 658fd73
Showing
3 changed files
with
522 additions
and
0 deletions.
There are no files selected for viewing
59 changes: 59 additions & 0 deletions
59
.github/workflows/actions/build-and-push-to-ecr/action.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| name: Build And Push to ECR | ||
| description: Build And Push to ECR | ||
| inputs: | ||
| PIPELINE_USER_ACCESS_KEY_ID: | ||
| description: "TF Pipeline User Access Key" | ||
| required: true | ||
| PIPELINE_USER_SECRET_ACCESS_KEY: | ||
| description: "TF Pipeline User Secret Access Key" | ||
| required: true | ||
| AWS_REGION: | ||
| description: "AWS Region" | ||
| required: true | ||
| REPOSITORY_NAME: | ||
| description: "Repository Name" | ||
| required: true | ||
| ENVIRONMENT_LOWER: | ||
| description: "Environment name in lower case('production', 'staging')" | ||
| required: true | ||
| COMPONENT_PATH: | ||
| description: "Component path of the component to be deployed (./cms, ./client ...)" | ||
| required: true | ||
| DRY_RUN: | ||
| description: "Makes the action work in Dry Run Mode" | ||
| required: false | ||
| default: "false" # WARNING Input type is not supported in composite actions. Must treat it as a string | ||
|
|
||
| #NOTE Actions needs to specify the shell to use on every steps that uses "runs:" https://stackoverflow.com/questions/71041836/github-actions-required-property-is-missing-shell | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-access-key-id: ${{ inputs.PIPELINE_USER_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ inputs.PIPELINE_USER_SECRET_ACCESS_KEY }} | ||
| aws-region: ${{ inputs.AWS_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
| with: | ||
| mask-password: 'true' | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Build, tag, and push Client image to Amazon ECR | ||
| if: ${{ inputs.DRY_RUN == 'false' || inputs.DRY_RUN == '' }} | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: ${{ inputs.COMPONENT_PATH }} | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
| file: ${{ inputs.COMPONENT_PATH }}/Dockerfile.prod | ||
| push: true | ||
| tags: | | ||
| ${{ steps.login-ecr.outputs.registry }}/${{ inputs.REPOSITORY_NAME }}:${{ github.sha }} | ||
| ${{ steps.login-ecr.outputs.registry }}/${{ inputs.REPOSITORY_NAME }}:${{ inputs.ENVIRONMENT_LOWER }} |
60 changes: 60 additions & 0 deletions
60
.github/workflows/actions/generate-env-file-from-json/action.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| name: Generate Env file from JSON secret/variable collection | ||
| description: Takes a set of GH variables and secrets in JSON format and generates an env file for the docker image building step for the relevant environment and component (CMS, client, etc) | ||
|
|
||
| inputs: | ||
| secrets_json: | ||
| description: "The GH Secrets collection in JSON format" | ||
| required: true | ||
| vars_json: | ||
| description: "The GH Variables collection in JSON format" | ||
| required: true | ||
| ENVIRONMENT: | ||
| description: "Environment name" | ||
| required: true | ||
| APP_ENV_PREFIX: | ||
| description: "Something" | ||
| required: true | ||
|
|
||
| outputs: | ||
| env_file: | ||
| description: "The env file contents" | ||
| value: ${{steps.env_entries_stripped.outputs.entries_stripped}} | ||
|
|
||
| runs: | ||
| using: "composite" | ||
| steps: | ||
| - name: Output secrets and vars as key=value entries | ||
| # Use jq to convert JSON to key=value entries | ||
| # 1. to_entries converts JSON to array of key/value pairs | ||
| # 2. map(.key + "=" + .value) converts each key/value pair to key=value | ||
| # 3. .[] flattens array to key=value entries | ||
| id: env_entries_all | ||
| shell: bash | ||
| run: | | ||
| { | ||
| echo 'entries_all<<EOF' | ||
| echo '${{ inputs.secrets_json }}' '${{ inputs.vars_json }}' | jq -r 'to_entries | map(.key + "=" + .value) | .[]' | ||
| echo 'EOF' | ||
| } >> $GITHUB_OUTPUT | ||
| - name: Filter secrets and vars for inclusion in .env file by environment and application prefixes | ||
| # Use grep to filter client secrets & vars and save .env file (names starting with (TF_)((PRODUCTION|STAGING|SOMEBRANCH)_)[CLIENT_ENV|CMS_ENV]_ | ||
| id: env_entries_filtered | ||
| shell: bash | ||
| run: | | ||
| { | ||
| echo 'entries_filtered<<EOF' | ||
| echo '${{ steps.env_entries_all.outputs.entries_all }}' | grep -E "^(TF_)?(${ENVIRONMENT}_)?${APP_ENV_PREFIX}_" | ||
| echo 'EOF' | ||
| } >> $GITHUB_OUTPUT | ||
| - name: Strip environment and application prefixes from secret and var names | ||
| # Use sed to strip environment and application prefixes from secret and var names | ||
| id: env_entries_stripped | ||
| shell: bash | ||
| run: | | ||
| { | ||
| echo 'entries_stripped<<EOF' | ||
| echo '${{ steps.env_entries_filtered.outputs.entries_filtered }}' | sed -E "s/^(TF_)?("$ENVIRONMENT"_)?"$APP_ENV_PREFIX"_//g" | ||
| echo 'EOF' | ||
| } >> $GITHUB_OUTPUT |
Oops, something went wrong.