main.yml

name: "[Prod] GhA - Deploy s3-backup-notifier"

on: 
  push:
    branches:
    - master

jobs:
  aws_sam:
    runs-on: ubuntu-latest
    steps:
      - name: Assume Role
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.REGION }}
          role-to-assume: ${{ secrets.ROLE_TO_ASSUME }}
          role-duration-seconds: 1200
          role-session-name: GH-Actions

      - name: Checkout
        uses: actions/checkout@master

      - name: Test credentials - whoami
        run: |
          aws sts get-caller-identity

      - name: sam build
        uses: TractorZoom/sam-cli-action@master
        with:
          sam_command: build -b ./build

      - name: sam deploy
        uses: TractorZoom/sam-cli-action@master
        with:
          sam_command: |
            deploy \
              --template-file build/template.yaml \
              --stack-name ${{ secrets.PROJECT }}-prod \
              --s3-bucket ${{ secrets.PROJECT }}-artifacts \
              --region ${{ secrets.REGION }} \
              --no-fail-on-empty-changeset \
              --parameter-overrides ENV=prod MONITORINGBUCKET=${{ secrets.MONITORINGBUCKET }} S3PREFIX=${{ secrets.S3PREFIX }} PROJECT=${{ secrets.PROJECT }} RECIPIENTS=${{ secrets.RECIPIENTS }} SENDER=${{ secrets.SENDER }} AWSREGION=${{ secrets.REGION }} --capabilities CAPABILITY_IAM