Skip to content

Merge branch 'development' into release/0.1.0 #40

Merge branch 'development' into release/0.1.0

Merge branch 'development' into release/0.1.0 #40

Workflow file for this run

# Main build pipeline that verifies, builds, and deploys the software
name: Build and Deploy
# Events that trigger the workflow
on:
# Trigger based on push to all branches
push:
branches:
- 'development'
- 'feature/**'
- 'release/**'
- 'main'
tags-ignore:
- '*'
# Run workflow manually from the Actions tab
workflow_dispatch:
jobs:
build:
name: Build and Deploy
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
# SIT environment variables
- name: Set Environment Variables
if: |
startsWith(github.ref, 'refs/heads/development') ||
startsWith(github.ref, 'refs/heads/feature')
run: |
echo "TARGET_ENV=SIT" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV
# UAT environment variables
- name: Set Environment Variables
if: startsWith(github.ref, 'refs/heads/release')
run: |
echo "TARGET_ENV=UAT" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV
# OPS environment variables
- name: Set Environment Variables
if: startsWith(github.ref, 'refs/heads/main')
run: |
echo "TARGET_ENV=OPS" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV
# Check out GitHub repo
- uses: actions/checkout@v3
# SNYK scan and report
- name: Run Snyk to test and report
uses: snyk/actions/iac@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--severity-threshold=high
--report
# Set up Terraform
- name: Setup Terraform
uses: hashicorp/[email protected]
with:
terraform_version: 1.3.7
# Validate Terraform file
- name: Validate Terraform
run: terraform validate -no-color
# Set up TF_VAR and AWS credentials environment variables
- name: TF_VAR and AWS credentials
run: |
echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV
echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV
echo "TF_VAR_cross_account_id=${{ secrets[format('CROSS_ACCOUNT_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV
echo "TF_VAR_sns_topic_email=${{ secrets[format('SNS_TOPIC_EMAIL_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV
echo "TF_VAR_sns_topic_email_alarms=${{ secrets[format('SNS_TOPIC_EMAIL_ALARMS_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV
echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV
echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_{0}', env.TARGET_ENV)] }}" >> $GITHUB_ENV
echo "AWS_DEFAULT_REGION=us-west-2" >> $GITHUB_ENV
# Deploy Terraform
- name: Deploy Terraform
working-directory: terraform/
run: |
terraform init -reconfigure \
-backend-config="bucket=${PREFIX_ENV}-tf-state" \
-backend-config="key=generate.tfstate" \
-backend-config="region=${AWS_DEFAULT_REGION}"
terraform apply -auto-approve