diff --git a/.github/iac/.terraform/terraform.tfstate b/.github/iac/.terraform/terraform.tfstate new file mode 100644 index 0000000..459434f --- /dev/null +++ b/.github/iac/.terraform/terraform.tfstate @@ -0,0 +1,74 @@ +{ + "version": 3, + "serial": 3, + "lineage": "f9336342-bf35-8916-008a-9dcff5880ffc", + "backend": { + "type": "s3", + "config": { + "access_key": null, + "acl": null, + "allowed_account_ids": null, + "assume_role": null, + "assume_role_duration_seconds": null, + "assume_role_policy": null, + "assume_role_policy_arns": null, + "assume_role_tags": null, + "assume_role_transitive_tag_keys": null, + "assume_role_with_web_identity": null, + "bucket": "demeter-tf", + "custom_ca_bundle": null, + "dynamodb_endpoint": null, + "dynamodb_table": null, + "ec2_metadata_service_endpoint": null, + "ec2_metadata_service_endpoint_mode": null, + "encrypt": null, + "endpoint": null, + "endpoints": null, + "external_id": null, + "forbidden_account_ids": null, + "force_path_style": null, + "http_proxy": null, + "https_proxy": null, + "iam_endpoint": null, + "insecure": null, + "key": "github/demeter-fabric.tfstate", + "kms_key_id": null, + "max_retries": null, + "no_proxy": null, + "profile": null, + "region": "us-west-2", + "retry_mode": null, + "role_arn": null, + "secret_key": null, + "session_name": null, + "shared_config_files": null, + "shared_credentials_file": null, + "shared_credentials_files": null, + "skip_credentials_validation": null, + "skip_metadata_api_check": null, + "skip_region_validation": null, + "skip_requesting_account_id": null, + "skip_s3_checksum": null, + "sse_customer_key": null, + "sts_endpoint": null, + "sts_region": null, + "token": null, + "use_dualstack_endpoint": null, + "use_fips_endpoint": null, + "use_legacy_workflow": null, + "use_path_style": null, + "workspace_key_prefix": null + }, + "hash": 2450725169 + }, + "modules": [ + { + "path": [ + "root" + ], + "outputs": {}, + "resources": {}, + "depends_on": [] + } + ] +} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3d8a0a4..229c294 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: build +name: Build on: workflow_dispatch: {} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..27d3d4c --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,41 @@ +name: Deploy + +on: + check_run: + workflows: ["Build"] + types: [completed] + +jobs: + rpc: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ secrets.AWS_REGION }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/ClusterAdminRole + role-session-name: Github-Actions-Demeter + role-duration-seconds: 1200 + + - name: setup kubeconfig + run: aws eks update-kubeconfig --name ${{ secrets.AWS_CLUSTER_NAME }} + + - name: setup terraform + uses: hashicorp/setup-terraform@v3 + + - name: init terraform + working-directory: .github/iac + run: terraform init -reconfigure + + - name: validate terraform + working-directory: .github/iac + run: terraform validate + + - name: apply terraform + working-directory: .github/iac + env: + IMAGE_TAG: ${{ github.sha }} + run: terraform apply -auto-approve -input=false -var="rpc_image=ghcr.io/demeter-run/fabric-rpc:${{ github.sha }}"