Fyst 2327/revert failed iam auth (#246) #247
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AWS Staging | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| tests: | |
| uses: ./.github/workflows/ci.yml | |
| deploy: | |
| name: deploy | |
| needs: ["tests"] | |
| environment: staging | |
| runs-on: ubuntu-latest | |
| env: | |
| ECR_REPOSITORY: pya-staging-web | |
| IMAGE_TAG: ${{ github.sha }} | |
| steps: | |
| - run: echo 'Linter and tests passed.' | |
| - run: echo 'Starting the staging deploy' | |
| - name: Check out code | |
| uses: actions/checkout@v6 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| aws-region: us-east-1 | |
| - name: Log in to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build and push Docker image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| BUNDLE_GITHUB__COM: ${{ secrets.DEPLOY_PAT }} | |
| run: | | |
| docker build -t 300423309117.dkr.ecr.us-east-1.amazonaws.com/pya-staging-web:${{env.IMAGE_TAG}} --secret id=github_pat,env=BUNDLE_GITHUB__COM --platform linux/amd64 . | |
| docker push 300423309117.dkr.ecr.us-east-1.amazonaws.com/pya-staging-web:${{env.IMAGE_TAG}} | |
| - name: Update SSM Version Parameter | |
| run: | | |
| echo "tag:$IMAGE_TAG" | |
| aws ssm put-parameter \ | |
| --name /pya/staging/web/version \ | |
| --value "$IMAGE_TAG" \ | |
| --overwrite | |
| - name: Trigger infrastructure deployment | |
| run: | | |
| # Set the required variables | |
| repo_owner="codeforamerica" | |
| repo_name="tax-benefits-backend" | |
| event_type="deploy" | |
| environment="pya-nonprod" | |
| config="staging.pya.fileyourstatetaxes.org" | |
| curl -L \ | |
| -X POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer ${{ secrets.DEPLOY_PAT }}" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| https://api.github.com/repos/$repo_owner/$repo_name/dispatches \ | |
| -d "{\"event_type\": \"$event_type\", \"client_payload\": {\"environment\": \"$environment\", \"config\": \"$config\"}}" | |
| - name: Notify deploy failure on Slack | |
| uses: 8398a7/action-slack@v3 | |
| if: failure() | |
| with: | |
| text: "<!subteam^S06P99RGJDS> PYA staging deploy ${{ job.status }} :sob:" | |
| status: ${{ job.status }} | |
| fields: message,commit,author,workflow,took | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |