|
10 | 10 | options: [dev, test, preprod] |
11 | 11 |
|
12 | 12 | jobs: |
13 | | - listS3: |
| 13 | + deploy-stacks: |
14 | 14 | runs-on: ubuntu-latest |
15 | 15 | environment: ${{ inputs.environment }} |
16 | 16 | permissions: |
17 | 17 | id-token: write |
18 | 18 | contents: read |
19 | 19 |
|
20 | 20 | steps: |
21 | | - - name: Checkout |
22 | | - uses: actions/checkout@v4 |
23 | | - |
24 | | - - name: Configure AWS Credentials |
25 | | - uses: aws-actions/configure-aws-credentials@v4 |
26 | | - with: |
27 | | - role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role |
28 | | - aws-region: eu-west-2 |
29 | | - |
30 | | - - name: List S3 bucket |
31 | | - run: | |
32 | | - aws s3 ls s3://eligibility-signposting-api-${{ inputs.environment }}-tfstate |
| 21 | + - name: "Setup Terraform" |
| 22 | + uses: hashicorp/setup-terraform@v3 |
| 23 | + with: |
| 24 | + terraform_version: ${{ vars.TF_VERSION }} |
| 25 | + |
| 26 | + - name: "Set up Python" |
| 27 | + uses: actions/setup-python@v5 |
| 28 | + with: |
| 29 | + python-version: '3.13' |
| 30 | + |
| 31 | + - name: "Checkout Repository" |
| 32 | + uses: actions/checkout@v4 |
| 33 | + |
| 34 | + - name: "Build lambda artefact" |
| 35 | + run: | |
| 36 | + make dependencies install-python |
| 37 | + make build |
| 38 | + - name: "Upload lambda artefact" |
| 39 | + uses: actions/upload-artifact@v4 |
| 40 | + with: |
| 41 | + name: lambda |
| 42 | + path: dist/lambda.zip |
| 43 | + |
| 44 | + - name: "Download Built Lambdas" |
| 45 | + uses: actions/download-artifact@v4 |
| 46 | + with: |
| 47 | + name: lambda |
| 48 | + path: ./build |
| 49 | + |
| 50 | + - name: "Configure AWS Credentials" |
| 51 | + uses: aws-actions/configure-aws-credentials@v4 |
| 52 | + with: |
| 53 | + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role |
| 54 | + aws-region: eu-west-2 |
| 55 | + |
| 56 | + - name: "Deploy Stacks" |
| 57 | + env: |
| 58 | + ENVIRONMENT: "dev" |
| 59 | + WORKSPACE: "default" |
| 60 | + TF_VAR_API_CA_CERT: ${{ secrets.API_CA_CERT }} |
| 61 | + TF_VAR_API_CLIENT_CERT: ${{ secrets.API_CLIENT_CERT }} |
| 62 | + TF_VAR_API_PRIVATE_KEY_CERT: ${{ secrets.API_PRIVATE_KEY_CERT }} |
| 63 | + |
| 64 | + run: | |
| 65 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan args=\"-auto-approve\"" |
| 66 | + make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE |
| 67 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan args=\"-auto-approve\"" |
| 68 | + make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE |
| 69 | + echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=iams-developer-roles tf-command=plan args=\"-auto-approve\"" |
| 70 | + make terraform env=$ENVIRONMENT stack=iams-developer-roles tf-command=plan workspace=$WORKSPACE |
| 71 | +
|
| 72 | + working-directory: ./infrastructure |
0 commit comments