1+ # Description: Deploys merged code to the dev environment.
2+ # Triggered on push to main. Tags the commit with a dev-<timestamp> label.
3+ # Does not create GitHub Releases or production tags (v1.x.x).
4+
15name : " CI/CD publish"
26
37on :
913 metadata :
1014 name : " Set CI/CD metadata"
1115 runs-on : ubuntu-latest
12- if : github.event.pull_request.merged == true
1316 timeout-minutes : 1
1417 outputs :
1518 build_datetime : ${{ steps.variables.outputs.build_datetime }}
2225 steps :
2326 - name : " Checkout code"
2427 uses : actions/checkout@v4
28+
2529 - name : " Set CI/CD variables"
2630 id : variables
2731 run : |
@@ -32,54 +36,100 @@ jobs:
3236 echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
3337 echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
3438 echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
35- # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
36- echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
39+ echo " version=dev-$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
40+
3741name : " List variables"
3842 run : |
39- export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
40- export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
41- export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
42- export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
43- export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
44- export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
45- export VERSION="${{ steps.variables.outputs.version }}"
46- make list-variables
43+ echo "Deploying to: DEV"
44+ echo "VERSION=${{ steps.variables.outputs.version }}"
45+
4746publish :
48- name : " Publish packages "
47+ name : " Publish to dev "
4948 runs-on : ubuntu-latest
5049 needs : [metadata]
51- if : github.event.pull_request.merged == true
52- timeout-minutes : 3
50+ timeout-minutes : 10
5351 steps :
54- - name : " Checkout code"
52+ - name : " Setup Terraform"
53+ uses : hashicorp/setup-terraform@v3
54+ with :
55+ terraform_version : ${{ needs.metadata.outputs.terraform_version }}
56+
57+ - name : " Set up Python"
58+ uses : actions/setup-python@v5
59+ with :
60+ python-version : ' 3.13'
61+
62+ - name : " Checkout Repository"
5563 uses : actions/checkout@v4
5664
57- - name : " Get the artefacts "
65+ - name : " Build lambda artefact "
5866 run : |
59- echo "Getting the artefacts created by the build stage ..."
60- # TODO: Use either action/cache or action/upload-artifact
67+ make dependencies install-python
68+ make build
6169
62- name : " Create release"
63- id : create_release
64- uses : actions/create-release@v1
65- env :
66- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
70+ name : " Upload lambda artefact"
71+ uses : actions/upload-artifact@v4
72+ with :
73+ name : lambda
74+ path : dist/lambda.zip
75+
76+ - name : " Download Built Lambdas"
77+ uses : actions/download-artifact@v4
6778 with :
68- tag_name : ${{ needs.metadata.outputs.version }}
69- release_name : Release ${{ needs.metadata.outputs.version }}
70- body : |
71- Release of ${{ needs.metadata.outputs.version }}
72- draft : false
73- prerelease : false
79+ name : lambda
80+ path : ./build
81+
82+ - name : " Configure AWS Credentials"
83+ uses : aws-actions/configure-aws-credentials@v4
84+ with :
85+ role-to-assume : arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-dev-deployment-role
86+ aws-region : eu-west-2
87+
88+ - name : " Terraform Plan Stacks"
89+ env :
90+ ENVIRONMENT : dev
91+ WORKSPACE : " default"
92+ TF_VAR_API_CA_CERT : ${{ secrets.API_CA_CERT }}
93+ TF_VAR_API_CLIENT_CERT : ${{ secrets.API_CLIENT_CERT }}
94+ TF_VAR_API_PRIVATE_KEY_CERT : ${{ secrets.API_PRIVATE_KEY_CERT }}
95+ run : |
96+ mkdir -p ./build
97+ echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan"
98+ make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
99+ echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan"
100+ make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
101+ working-directory : ./infrastructure
102+
103+ - name : " Tag the dev deployment"
104+ run : |
105+ git config user.name "github-actions"
106+ git config user.email "github-actions@github.com"
107+ git tag ${{ needs.metadata.outputs.version }}
108+ git push origin ${{ needs.metadata.outputs.version }}
109+
110+ # --- Keeping these just in case: Uncomment to release to GitHub ---
111+ # - name: "Create release"
112+ # id: create_release
113+ # uses: actions/create-release@v1
114+ # env:
115+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
116+ # with:
117+ # tag_name: ${{ needs.metadata.outputs.version }}
118+ # release_name: Release ${{ needs.metadata.outputs.version }}
119+ # body: |
120+ # Release of ${{ needs.metadata.outputs.version }}
121+ # draft: false
122+ # prerelease: true
123+
74124 # - name: "Upload release asset"
75125 # uses: actions/upload-release-asset@v1
76126 # env:
77127 # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
78128 # with:
79129 # upload_url: "${{ steps.create_release.outputs.upload_url }}"
80- # asset_path: ./*
81- # asset_name: repository-template- ${{ needs.metadata.outputs.version }}.tar.gz
82- # asset_content_type: " application/gzip"
130+ # asset_path: ./build/lambda.zip
131+ # asset_name: lambda- ${{ needs.metadata.outputs.version }}.zip
132+ # asset_content_type: application/zip
83133 success :
84134 name : " Success notification"
85135 runs-on : ubuntu-latest
0 commit comments