Merge branch 'development' into release/0.1.0 #40
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Main build pipeline that verifies, builds, and deploys the software | |
name: Build and Deploy | |
# Events that trigger the workflow | |
on: | |
# Trigger based on push to all branches | |
push: | |
branches: | |
- 'development' | |
- 'feature/**' | |
- 'release/**' | |
- 'main' | |
tags-ignore: | |
- '*' | |
# Run workflow manually from the Actions tab | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build and Deploy | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
steps: | |
# SIT environment variables | |
- name: Set Environment Variables | |
if: | | |
startsWith(github.ref, 'refs/heads/development') || | |
startsWith(github.ref, 'refs/heads/feature') | |
run: | | |
echo "TARGET_ENV=SIT" >> $GITHUB_ENV | |
echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV | |
# UAT environment variables | |
- name: Set Environment Variables | |
if: startsWith(github.ref, 'refs/heads/release') | |
run: | | |
echo "TARGET_ENV=UAT" >> $GITHUB_ENV | |
echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV | |
# OPS environment variables | |
- name: Set Environment Variables | |
if: startsWith(github.ref, 'refs/heads/main') | |
run: | | |
echo "TARGET_ENV=OPS" >> $GITHUB_ENV | |
echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV | |
# Check out GitHub repo | |
- uses: actions/checkout@v3 | |
# SNYK scan and report | |
- name: Run Snyk to test and report | |
uses: snyk/actions/iac@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: test | |
args: > | |
--org=${{ secrets.SNYK_ORG_ID }} | |
--severity-threshold=high | |
--report | |
# Set up Terraform | |
- name: Setup Terraform | |
uses: hashicorp/[email protected] | |
with: | |
terraform_version: 1.3.7 | |
# Validate Terraform file | |
- name: Validate Terraform | |
run: terraform validate -no-color | |
# Set up TF_VAR and AWS credentials environment variables | |
- name: TF_VAR and AWS credentials | |
run: | | |
echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV | |
echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV | |
echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV | |
echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV | |
echo "TF_VAR_sns_topic_email_alarms=${{ secrets[format('SNS_TOPIC_EMAIL_ALARMS_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV | |
echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV | |
echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV | |
# Deploy Terraform | |
- name: Deploy Terraform | |
working-directory: terraform/ | |
run: | | |
terraform init -reconfigure \ | |
-backend-config="bucket=${PREFIX_ENV}-tf-state" \ | |
-backend-config="key=generate.tfstate" \ | |
-backend-config="region=${AWS_DEFAULT_REGION}" | |
terraform apply -auto-approve |