Skip to content

.github/workflows/actions.yml #13

.github/workflows/actions.yml

.github/workflows/actions.yml #13

Workflow file for this run

on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- ".github/workflows/*"
- "**.md"
permissions:
id-token: write
contents: read
jobs:
build-and-deploy:
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
- name: Setup AWS SAM CLI
uses: aws-actions/setup-sam@v2
- name: Setup AWS Credentials
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
mask-aws-account-id: true
- name: Prepare SAM parameters
env:
SCHEDULE_EXPRESSION: ${{ vars.SCHEDULE_EXPRESSION }}
DAYS_TO_RETAIN_LOGS: ${{ vars.DAYS_TO_RETAIN_LOGS }}
run: |
tee params.json << EOF
{
"ScheduleExpression": "${SCHEDULE_EXPRESSION}",
"DaysToRetainLogs": "${DAYS_TO_RETAIN_LOGS}"
}
EOF
- name: Build SAM packages
run: sam build --use-container
- name: Deploy SAM application
env:
BUCKET_NAME: ${{ secrets.PROVISIONING_BUCKET_NAME }}
REGION: ${{ secrets.AWS_REGION }}
STACK_NAME: ${{ vars.STACK_NAME }}
run: |
sam deploy \
--template-file .aws-sam/build/template.yaml \
--stack-name $STACK_NAME \
--s3-bucket $BUCKET_NAME \
--s3-prefix $STACK_NAME \
--capabilities CAPABILITY_IAM CAPABILITY_AUTO_EXPAND \
--region $REGION \
--force-upload \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--parameter-overrides "$(jq -j 'to_entries[] | "\(.key)='\\\"'\(.value)'\\\"''\ '"' params.json)"