tea-release.1.3.5: Dependency updates #53
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow runs whenever a GitHub release is created. It gets the version | |
# number from the git tag, builds and tests TEA, and then uploads the artifacts | |
# to the public bucket for distribution. | |
name: Release | |
on: | |
release: | |
types: | |
- published | |
jobs: | |
build: | |
uses: ./.github/workflows/re-build.yml | |
with: | |
environment: prod | |
test-e2e: | |
needs: | |
- build | |
if: ${{ vars.RUN_TESTS }} | |
uses: ./.github/workflows/re-test-e2e.yml | |
with: | |
environment: test | |
secrets: inherit | |
publish: | |
runs-on: ubuntu-latest | |
environment: prod | |
needs: | |
- build | |
- test-e2e | |
if: success() || needs.test-e2e.result == 'skipped' | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} | |
AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-west-2' }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Load environment defaults | |
run: cat .github/workflows/config-public/prod.env >> $GITHUB_ENV | |
- uses: actions/download-artifact@v3 | |
- name: Upload to public code bucket | |
env: | |
S3_PATH_PREFIX: s3://${{ env.CODE_BUCKET }}/${{ env.CODE_PREFIX }} | |
run: | | |
aws s3 cp ./dependency-layer/thin-egress-app-dependencies.zip ${S3_PATH_PREFIX}${{ needs.build.outputs.dependency-zip }} --acl bucket-owner-full-control --acl public-read | |
aws s3 cp ./code/thin-egress-app-code.zip ${S3_PATH_PREFIX}${{ needs.build.outputs.code-zip }} --acl bucket-owner-full-control --acl public-read | |
aws s3 cp ./cloudformation/thin-egress-app.yaml ${S3_PATH_PREFIX}${{ needs.build.outputs.cloudformation-yaml }} --acl bucket-owner-full-control --acl public-read | |
aws s3 cp ./terraform/thin-egress-app-terraform.zip ${S3_PATH_PREFIX}${{ needs.build.outputs.terraform-zip }} --acl bucket-owner-full-control --acl public-read | |
echo '{"schemaVersion": 1, "label": "Last Release", "message": "'$GITHUB_REF_NAME'", "color": "success"}' > lastrelease.json | |
aws s3 cp lastrelease.json s3://${CODE_BUCKET}/thin-egress-app/ \ | |
--metadata-directive REPLACE \ | |
--cache-control no-cache \ | |
--expires '2016-06-14T00:00:00Z' \ | |
--content-type 'application/json' \ | |
--acl bucket-owner-full-control --acl public-read | |
release-assets: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- test-e2e | |
if: success() || needs.test-e2e.result == 'skipped' | |
steps: | |
- uses: actions/download-artifact@v3 | |
- uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./dependency-layer/thin-egress-app-dependencies.zip | |
asset_name: ${{ needs.build.outputs.dependency-zip }} | |
asset_content_type: application/zip | |
- uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./code/thin-egress-app-code.zip | |
asset_name: ${{ needs.build.outputs.code-zip }} | |
asset_content_type: application/zip | |
- uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./cloudformation/thin-egress-app.yaml | |
asset_name: ${{ needs.build.outputs.cloudformation-yaml }} | |
asset_content_type: application/vnd.yaml | |
- uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./terraform/thin-egress-app-terraform.zip | |
asset_name: ${{ needs.build.outputs.terraform-zip }} | |
asset_content_type: application/zip | |
status: | |
if: always() | |
needs: | |
- build | |
- publish | |
uses: ./.github/workflows/re-status.yml | |
with: | |
environment: prod | |
build_tag: ${{ needs.build.outputs.version }} | |
success: ${{ needs.build.result != 'failure' && needs.publish.result != 'failure' }} | |
secrets: inherit |