1479 on chain sidebar (#1516) #325
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy IAM Server to Review | |
| # trigger: on push to `main` branch, AND only on changes to `iam/*` and `infra/review/**` files | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # run tests | |
| - name: Use Node.js 16 | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 16 | |
| cache: "yarn" | |
| - name: Install Packages | |
| run: yarn install | |
| - name: Run Tests | |
| run: | | |
| yarn test:iam | |
| yarn test:identity | |
| - name: Run Linter | |
| run: | | |
| yarn lint:iam | |
| yarn lint:identity | |
| # get sha shorthand | |
| - name: Declare some variables | |
| id: vars | |
| shell: bash | |
| run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" | |
| # configure AWS credentials | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_REVIEW }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_REVIEW }} | |
| aws-region: us-east-1 | |
| # login to docker for AWS | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| # build, tag, and push to ECR | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: passport | |
| IMAGE_TAG: ${{ steps.vars.outputs.sha_short }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f iam/Dockerfile . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| outputs: | |
| dockerTag: ${{ steps.vars.outputs.sha_short }} | |
| deploy-review: | |
| needs: build-and-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js | |
| uses: actions/setup-node@v2 | |
| with: | |
| cache: "yarn" | |
| cache-dependency-path: infra/review/package-lock.json | |
| # Update the pulumi stack with new image | |
| - run: | | |
| npm install | |
| pulumi stack select -c gitcoin/dpopp/review | |
| pulumi config -s gitcoin/dpopp/review set aws:region us-east-1 --non-interactive | |
| working-directory: infra/review | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| - uses: pulumi/actions@v3 | |
| id: pulumi | |
| with: | |
| command: up | |
| stack-name: gitcoin/dpopp/review | |
| upsert: false | |
| work-dir: infra/review | |
| env: | |
| PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_REVIEW }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_REVIEW }} | |
| DOCKER_GTC_PASSPORT_IAM_IMAGE: ${{secrets.ECR_URL_REVIEW}}:${{ needs.build-and-test.outputs.dockerTag }} | |
| ROUTE_53_ZONE: ${{ secrets.ROUTE53_ZONE_ID_REVIEW }} | |
| DOMAIN: ${{ secrets.DOMAIN_REVIEW }} | |
| IAM_SERVER_SSM_ARN: ${{ secrets.IAM_SERVER_SSM_ARN_REVIEW }} |