Skip to content

chore: update deployment workflow to support pull requests and configure AWS credentials #146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

chore: update deployment workflow to support pull requests and configure AWS credentials #146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e07c482
chore: update deployment workflow to support pull requests and config…
alukach Apr 18, 2025
cad25e3
update template
alukach Apr 18, 2025
2ea693f
Change email (test deployment trigger)
alukach Apr 18, 2025
c242cb4
Fix deploy
alukach Apr 18, 2025
1a7eee0
re-add default_account
alukach Apr 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 0 additions & 3 deletions .github/pull_request_template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1 @@
## :warning: Checklist if your PR is changing anything else than documentation
- [ ] Posted the link to a successful manually triggered deployment workflow (successful including the resources destruction)

## Merge request description
26 changes: 17 additions & 9 deletions .github/workflows/deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,32 @@ name: Deployment

on:
workflow_dispatch:
pull_request:
paths:
- "lib/**"
- "integration_tests/**"
- "package.json"
- "package-lock.json"

jobs:
build_package_and_deploy:
name: Build, package and deploy
runs-on: ubuntu-latest
timeout-minutes: 90
permissions:
id-token: write
contents: read
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION_DEPLOY }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_DEPLOY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEPLOY }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
AWS_DEFAULT_ACCOUNT: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_DEFAULT_REGION: 'us-west-2'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We might keep this in us-east-1 or any region but us-west-2 to avoid bumping into resource quotas.

steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}

- uses: actions/checkout@v4

- uses: actions/setup-node@v4
Expand All @@ -30,7 +44,6 @@ jobs:
- name: Generate distribution packages
run: npm run package


- name: Install deployment environment
id: install_deploy_env
run: |
Expand All @@ -56,12 +69,7 @@ jobs:
PROJECT_ID: ${{ steps.short-sha.outputs.sha }}
run: |
source .deployment_venv/bin/activate

# synthesize the stack
cd integration_tests/cdk
npx cdk synth --debug --all --require-approval never

# deploy the stack
npx cdk deploy --ci --all --require-approval never
deactivate
cd -
Expand Down
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@
},
"keywords": [],
"author": {
"name": "Anthony Lukach",
"email": "anthony@developmentseed.org"
"name": "DevelopmentSeed",
"email": "eoapi@developmentseed.org"
},
"repository": {
"type": "git",
Expand Down
Loading