diff --git a/.github/workflows/deploy-all-lambdas.yml b/.github/workflows/deploy-all-lambdas.yml index d10ea328..c7f9de90 100644 --- a/.github/workflows/deploy-all-lambdas.yml +++ b/.github/workflows/deploy-all-lambdas.yml @@ -9,34 +9,42 @@ jobs: deploy-lambdas: runs-on: ubuntu-latest container: swift:5.10-amazonlinux2 + env: AWS_DEFAULT_REGION: eu-west-1 AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_ACCESS_SECRET_KEY }} + steps: - name: Install additional dependencies and AWSCLI v2 run: | - echo "::add_mask::$AWS_ACCESS_KEY_ID" - echo "::add_mask::$AWS_SECRET_ACCESS_KEY" yum -y install \ {libuuid,libicu,libedit,sqlite,python,ncurses,openssl}-devel \ libtool jq zip curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip ./aws/install + - name: Check out repository uses: actions/checkout@v3 - - name: Build, package, and deploy + + - name: Find package names + id: find_package_names + run: | + echo "names=$( + swift package describe --type json | \ + jq -r '.targets[] | + select( + .type == "executable" + and + (.name | endswith("Lambda")) + ).name' + )" >> $GITHUB_OUTPUT + + - name: Build and package run: | mkdir zips - for name in $( - swift package dump-package | \ - jq '.targets' | \ - jq 'map(select(.type == "executable"))' | \ - jq 'map(select(.path != null))' | \ - jq 'map(select(.path | startswith("./Lambdas")))' | \ - jq -r '.[].name' - ); do + for name in ${{ steps.find_package_names.outputs.names }}; do swift package archive \ --output-path ./zips \ --products "${name}" @@ -44,6 +52,11 @@ jobs: --bucket penny-lambdas-store \ --key "${name}.zip" \ --body ./zips/${name}/${name}.zip + done + + - name: Deploy + run: | + for name in ${{ steps.find_package_names.outputs.names }}; do aws lambda update-function-code \ --function-name "${name}" \ --s3-bucket "penny-lambdas-store" \ diff --git a/.github/workflows/deploy-penny.yml b/.github/workflows/deploy-penny.yml index 415c23ab..97f6e205 100644 --- a/.github/workflows/deploy-penny.yml +++ b/.github/workflows/deploy-penny.yml @@ -6,21 +6,26 @@ on: push: { branches: [main] } jobs: - deploy: + deploy: name: Deploy Stack + runs-on: ubuntu-latest + steps: - name: Checkout uses: actions/checkout@v4 + - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.DEPLOYER_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.DEPLOYER_ACCESS_SECRET_KEY }} - aws-region: 'eu-west-1' + aws-region: "eu-west-1" + - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 + - name: Build, tag, and push image to Amazon ECR id: build-image env: @@ -33,7 +38,8 @@ jobs: # be deployed to ECS. docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >>"${GITHUB_OUTPUT}" + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + - name: Fill in the new image ID in the Amazon ECS task definition id: task-def uses: aws-actions/amazon-ecs-render-task-definition@v1 @@ -41,12 +47,14 @@ jobs: task-definition: ./deploy/penny-discord-bot-task.json container-name: penny-bot image: ${{ steps.build-image.outputs.image }} + - name: Deploy to Amazon ECS Service id: task-dep uses: aws-actions/amazon-ecs-deploy-task-definition@v1 with: task-definition: ${{ steps.task-def.outputs.task-definition }} wait-for-service-stability: true + - name: Deploy to AWS cloudformation uses: aws-actions/aws-cloudformation-github-deploy@v1 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 806897dd..45319d70 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,10 +1,10 @@ -name: test +name: tests concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true on: pull_request: { types: [opened, reopened, synchronize, ready_for_review] } - push: { branches: [ main ] } + push: { branches: [main] } jobs: unit-tests: @@ -13,15 +13,16 @@ jobs: with_coverage: false with_tsan: false with_public_api_check: false + with_deps_submission: true with_gh_codeql: false # Temporary, until the action actually works cloudformation-lint: name: Check CloudFormation runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Setup and run CloudFormation lint - uses: ScottBrenner/cfn-lint-action@v2 - with: - command: cfn-lint -t ./deploy/penny-discord-bot-stack.yml + - name: Checkout + uses: actions/checkout@v4 + - name: Setup and run CloudFormation lint + uses: ScottBrenner/cfn-lint-action@v2 + with: + command: cfn-lint -t ./deploy/penny-discord-bot-stack.yml diff --git a/Dockerfile b/Dockerfile index d2543156..b82acd1a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,8 @@ COPY . . # Build everything, with optimizations, with static linking, and using jemalloc # N.B.: The static version of jemalloc is incompatible with the static Swift runtime. -RUN swift build -c release \ +RUN swift build \ + -c release \ --product Penny \ --static-swift-stdlib \ -Xlinker -ljemalloc