-
Notifications
You must be signed in to change notification settings - Fork 7
130 lines (106 loc) · 3.77 KB
/
deploy-v2.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: deploy-probot-terraform
on:
pull_request:
workflow_dispatch:
push:
branches:
- "pull-request/[0-9]+"
- "main"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
jobs:
deploy:
name: Deploy Probot Application
runs-on: ubuntu-latest
steps:
- name: Get AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ vars.SERVERLESS_AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION }}
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Install npm dependencies
run: npm ci
- name: Test Probot
run: npm run test
- name: Build Probot
run: npm run build
- name: Set deployment version
if: github.ref == 'refs/heads/main'
run: |
echo "DEPLOY_VERSION=$(date +%Y%m%d-%H%M%S)-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Package Lambda functions
run: |
cd dist
zip -r ../probot-${{ env.DEPLOY_VERSION }}.zip .
cd ..
zip -r authorizer-${{ env.DEPLOY_VERSION }}.zip dist/authorizer.js
- name: Copy release draft template
run: cp src/plugins/ReleaseDrafter/draft_template.njk dist/plugins/ReleaseDrafter
- name: Upload to S3
if: github.ref == 'refs/heads/main'
run: |
aws s3 cp probot-${{ env.DEPLOY_VERSION }}.zip s3://rapidsai-serverless-deployments/serverless/ops-bot/prod/
aws s3 cp authorizer-${{ env.DEPLOY_VERSION }}.zip s3://rapidsai-serverless-deployments/serverless/ops-bot/prod/
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.9.2"
- name: Terraform Format Check
working-directory: terraform
run: terraform fmt -check
- name: Terraform Init
working-directory: terraform
run: terraform init
- name: Terraform Validate
working-directory: terraform
run: terraform validate
- name: Terraform Plan
working-directory: terraform
run: |
terraform plan -out=tfplan -var="deployment_version=${{ env.DEPLOY_VERSION }}"
terraform show -no-color tfplan > plan.txt
PLAN_ENCODED=$(base64 -w 0 plan.txt)
echo "PLAN_ENCODED=$PLAN_ENCODED" >> $GITHUB_ENV
env:
TF_VAR_app_id: ${{ secrets.APP_ID }}
TF_VAR_webhook_secret: ${{ secrets.WEBHOOK_SECRET }}
TF_VAR_private_key: ${{ secrets.PRIVATE_KEY }}
TF_VAR_gputester_pat: ${{ secrets.GPUTESTER_PAT }}
- name: Update PR with Plan
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.JAWE_PAT }}
script: |
const planDecoded = Buffer.from(process.env.PLAN_ENCODED, 'base64').toString('utf-8');
const output = `#### Terraform Plan 📝
<details>
<summary>Show Plan</summary>
\`\`\`hcl
${planDecoded}
\`\`\`
</details>
`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
if: github.ref == 'refs/heads/main' && github.event_name != 'pull_request'
working-directory: terraform
run: terraform apply -auto-approve tfplan