1+ # Description: Deploys merged code to the dev environment.
2+ # Triggered on push to main. Tags the commit with a dev-<timestamp> label.
3+ # Does not create GitHub Releases or production tags (v1.x.x).
4+
15name : " CI/CD publish"
26
37on :
4- pull_request :
5- types : [closed]
8+ push :
69 branches :
710 - main
811
912jobs :
1013 metadata :
1114 name : " Set CI/CD metadata"
1215 runs-on : ubuntu-latest
13- if : github.event.pull_request.merged == true
1416 timeout-minutes : 1
1517 outputs :
1618 build_datetime : ${{ steps.variables.outputs.build_datetime }}
2325 steps :
2426 - name : " Checkout code"
2527 uses : actions/checkout@v4
28+
2629 - name : " Set CI/CD variables"
2730 id : variables
2831 run : |
@@ -33,20 +36,15 @@ jobs:
3336 echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
3437 echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
3538 echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
36- # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
37- echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
39+ echo " version=dev-$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
40+
3841name : " List variables"
3942 run : |
40- export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
41- export BUILD_TIMESTAMP="${{ steps.variables.outputs.build_timestamp }}"
42- export BUILD_EPOCH="${{ steps.variables.outputs.build_epoch }}"
43- export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
44- export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
45- export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
46- export VERSION="${{ steps.variables.outputs.version }}"
47- make list-variables
43+ echo "Deploying to: DEV"
44+ echo "VERSION=${{ steps.variables.outputs.version }}"
45+
4846publish :
49- name : " Publish packages "
47+ name : " Publish to dev "
5048 runs-on : ubuntu-latest
5149 needs : [metadata]
5250 timeout-minutes : 10
@@ -55,33 +53,89 @@ jobs:
5553 id-token : write
5654 contents : write
5755 steps :
58- - name : " Checkout code"
56+ - name : " Setup Terraform"
57+ uses : hashicorp/setup-terraform@v3
58+ with :
59+ terraform_version : ${{ needs.metadata.outputs.terraform_version }}
60+
61+ - name : " Set up Python"
62+ uses : actions/setup-python@v5
63+ with :
64+ python-version : ' 3.13'
65+
66+ - name : " Checkout Repository"
5967 uses : actions/checkout@v4
60- - name : " Get the artefacts"
68+
69+ - name : " Build lambda artefact"
6170 run : |
62- echo "Getting the artefacts created by the build stage ..."
63- # TODO: Use either action/cache or action/upload-artifact
64- name : " Create release"
65- id : create_release
66- uses : actions/create-release@v1
67- env :
68- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
71+ make dependencies install-python
72+ make build
73+
74+ name : " Upload lambda artefact"
75+ uses : actions/upload-artifact@v4
76+ with :
77+ name : lambda
78+ path : dist/lambda.zip
79+
80+ - name : " Download Built Lambdas"
81+ uses : actions/download-artifact@v4
6982 with :
70- tag_name : ${{ needs.metadata.outputs.version }}
71- release_name : Release ${{ needs.metadata.outputs.version }}
72- body : |
73- Release of ${{ needs.metadata.outputs.version }}
74- draft : false
75- prerelease : false
83+ name : lambda
84+ path : ./build
85+
86+ - name : " Configure AWS Credentials"
87+ uses : aws-actions/configure-aws-credentials@v4
88+ with :
89+ role-to-assume : arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/service-roles/github-actions-api-deployment-role
90+ aws-region : eu-west-2
91+
92+ - name : " Terraform Plan Stacks"
93+ env :
94+ ENVIRONMENT : dev
95+ WORKSPACE : " default"
96+ TF_VAR_API_CA_CERT : ${{ secrets.API_CA_CERT }}
97+ TF_VAR_API_CLIENT_CERT : ${{ secrets.API_CLIENT_CERT }}
98+ TF_VAR_API_PRIVATE_KEY_CERT : ${{ secrets.API_PRIVATE_KEY_CERT }}
99+
100+ # just planning for now for safety and until review
101+ run : |
102+ mkdir -p ./build
103+ echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=networking tf-command=plan"
104+ make terraform env=$ENVIRONMENT stack=networking tf-command=plan workspace=$WORKSPACE
105+ echo "Running: make terraform env=$ENVIRONMENT workspace=$WORKSPACE stack=api-layer tf-command=plan"
106+ make terraform env=$ENVIRONMENT stack=api-layer tf-command=plan workspace=$WORKSPACE
107+ working-directory : ./infrastructure
108+
109+ - name : " Tag the dev deployment"
110+ run : |
111+ git config user.name "github-actions"
112+ git config user.email "github-actions@github.com"
113+ git tag ${{ needs.metadata.outputs.version }}
114+ git push origin ${{ needs.metadata.outputs.version }}
115+
116+ # --- Keeping these just in case: Uncomment to release to GitHub ---
117+ # - name: "Create release"
118+ # id: create_release
119+ # uses: actions/create-release@v1
120+ # env:
121+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
122+ # with:
123+ # tag_name: ${{ needs.metadata.outputs.version }}
124+ # release_name: Release ${{ needs.metadata.outputs.version }}
125+ # body: |
126+ # Release of ${{ needs.metadata.outputs.version }}
127+ # draft: false
128+ # prerelease: true
129+
76130 # - name: "Upload release asset"
77131 # uses: actions/upload-release-asset@v1
78132 # env:
79133 # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
80134 # with:
81135 # upload_url: "${{ steps.create_release.outputs.upload_url }}"
82- # asset_path: ./*
83- # asset_name: repository-template- ${{ needs.metadata.outputs.version }}.tar.gz
84- # asset_content_type: " application/gzip"
136+ # asset_path: ./build/lambda.zip
137+ # asset_name: lambda- ${{ needs.metadata.outputs.version }}.zip
138+ # asset_content_type: application/zip
85139 - name : " Notify Slack on PR merge"
86140 uses : slackapi/slack-github-action@v2.1.0
87141 with :
0 commit comments