Merge branch 'master' into chinyao/feat/unsubscribe-from-phonebook #1125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy serverless-redaction-digest | |
| on: | |
| push: | |
| branches: | |
| - staging | |
| - master | |
| # Making sure that the current deployment is completed before the next one | |
| concurrency: deploy-serverless-redaction-digest-${{ github.ref }} | |
| env: | |
| # Update this common config | |
| DIRECTORY: serverless/redaction-digest | |
| FUNCTION: redaction-digest | |
| jobs: | |
| set_environment: | |
| outputs: | |
| current_env: "${{ steps.set-environment.outputs.current_env }}" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: set-environment | |
| run: | | |
| echo "Running on branch ${{ github.ref }}" | |
| if [ "${{ github.ref }}" = "refs/heads/master" ]; then | |
| echo "::set-output name=current_env::production" | |
| else | |
| echo "::set-output name=current_env::staging" | |
| fi | |
| lint-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "16" | |
| - name: Lint lock file | |
| run: cd "$DIRECTORY" && npx lockfile-lint --type npm --path package-lock.json -o "https:" -o "file:" --allowed-hosts npm | |
| - name: Test app code | |
| run: cd "$DIRECTORY" && npm test | |
| build_deploy_application: | |
| needs: [set_environment, lint-test] | |
| environment: | |
| name: "${{ needs.set_environment.outputs.current_env }}" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: "16" | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| aws-secret-access-key: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| aws-region: "${{ vars.AWS_DEFAULT_REGION }}" | |
| - name: Set function name according to environment | |
| id: function-name | |
| run: echo "::set-output name=value::$FUNCTION-${{ needs.set_environment.outputs.current_env }}" | |
| - name: Build | |
| id: build-lambda | |
| env: | |
| ZIP_FILE: code.zip | |
| run: | | |
| pushd shared/ | |
| npm ci | |
| npm run build | |
| npm prune --production | |
| popd | |
| pushd "$DIRECTORY" | |
| npm ci | |
| npm run build | |
| npm prune --production | |
| popd | |
| sudo zip -qr "$ZIP_FILE" $DIRECTORY shared | |
| echo "::set-output name=zip_path::$ZIP_FILE" | |
| - name: Check if lambda can be updated (1) | |
| run: | | |
| result=$(aws lambda get-function --function-name "${{ steps.function-name.outputs.value }}" --query 'Configuration.[State, LastUpdateStatus]') | |
| echo "$result" | |
| if [[ ! "$result" =~ "Successful" ]] || [[ ! "$result" =~ "Active" ]]; then | |
| sleep 10; | |
| fi | |
| - name: Update function code | |
| run: | | |
| aws lambda update-function-code --function-name "${{ steps.function-name.outputs.value }}" \ | |
| --zip-file=fileb://${{ steps.build-lambda.outputs.zip_path }} --publish 2>&1 | |
| - name: Check if lambda can be updated (2) | |
| run: | | |
| result=$(aws lambda get-function --function-name "${{ steps.function-name.outputs.value }}" --query 'Configuration.[State, LastUpdateStatus]') | |
| echo "$result" | |
| if [[ ! "$result" =~ "Successful" ]] || [[ ! "$result" =~ "Active" ]]; then | |
| sleep 10; | |
| fi | |
| - name: Update function config | |
| env: | |
| # Update the configuration | |
| ROLE: "${{ secrets.REDACTION_ROLE }}" | |
| RUNTIME: nodejs12.x | |
| HANDLER: serverless/redaction-digest/build/index.handler | |
| TIMEOUT: 600 | |
| MEMORY_SIZE: 256 | |
| TAG: "github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}}" | |
| # Update env vars | |
| NODE_ENV: "${{ needs.set_environment.outputs.current_env }}" | |
| DB_URI: "${{ secrets.REDACTION_DIGEST_DB_URI }}" | |
| DB_READ_REPLICA_URI: "${{ secrets.REDACTION_DIGEST_DB_READ_REPLICA_URI }}" | |
| DB_USE_IAM: "${{ secrets.DB_USE_IAM }}" | |
| SENTRY_DSN: "${{ secrets.SERVERLESS_SENTRY_DSN }}" | |
| CRONITOR_CODE: "${{ secrets.REDACTION_CRONITOR }}" | |
| SES_FROM: "${{ secrets.SES_FROM }}" | |
| SES_HOST: "${{ secrets.SES_HOST }}" | |
| SES_PASS: "${{ secrets.SES_PASS }}" | |
| SES_USER: "${{ secrets.SES_USER }}" | |
| SES_PORT: "${{ secrets.SES_PORT }}" | |
| EMAIL_CALLBACK_HASH_SECRET: "${{ secrets.EMAIL_CALLBACK_HASH_SECRET }}" | |
| # Update environment variables in the command | |
| run: | | |
| aws lambda update-function-configuration --function-name="${{ steps.function-name.outputs.value }}" \ | |
| --role="$ROLE" --description="$TAG" --timeout="$TIMEOUT" --memory-size="$MEMORY_SIZE" --runtime="$RUNTIME" --handler="$HANDLER" \ | |
| --environment "Variables={NODE_ENV=$NODE_ENV,DB_URI=$DB_URI,DB_READ_REPLICA_URI=$DB_READ_REPLICA_URI,DB_USE_IAM=$DB_USE_IAM,SENTRY_DSN=$SENTRY_DSN,CRONITOR_CODE=$CRONITOR_CODE,SES_FROM=$SES_FROM,SES_HOST=$SES_HOST,SES_PASS=$SES_PASS,SES_USER=$SES_USER,SES_PORT=$SES_PORT,EMAIL_CALLBACK_HASH_SECRET=$EMAIL_CALLBACK_HASH_SECRET}" \ | |
| 2>&1 |