-
Notifications
You must be signed in to change notification settings - Fork 2
59 lines (57 loc) · 1.95 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: aws-deploy
on:
push:
branches: [ '*' ]
tags: [ 'v[0-9]+\.[0-9]+\.[0-9]+' ]
pull_request:
branches: [ '*' ]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
- uses: pre-commit/[email protected]
- name: Setup `packer`
uses: hashicorp/setup-packer@main
with:
version: latest
- name: packer validate
run: |
pushd src
packer plugins install github.com/hashicorp/amazon
packer plugins install github.com/hashicorp/ansible
packer validate -var AmiImageName=validate template.json
deploy:
name: Deploy to AWS org-sagebase-imagecentral
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v') }}
needs: [ "validate" ]
permissions:
id-token: write
contents: read
env:
AWS_ROLE_TO_ASSUME: "arn:aws:iam::867686887310:role/sagebase-github-oidc-packer-image-deploy"
AWS_REGION: "us-east-1"
AMI_IMAGE_NAME: ${{ github.event.repository.name }}-${{ github.ref_name }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup `packer`
uses: hashicorp/setup-packer@main
with:
version: "latest"
- name: Assume AWS Role
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ env.AWS_ROLE_TO_ASSUME }}
role-session-name: GA-${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}
role-duration-seconds: 3600
- name: Build and Upload AMI
run: |
pushd src
packer plugins install github.com/hashicorp/amazon
packer plugins install github.com/hashicorp/ansible
AWS_DEFAULT_REGION=${{ env.AWS_REGION }} packer build -force -var AmiImageName=${{ env.AMI_IMAGE_NAME }} template.json