Merge pull request #137 from govuk-one-login/PSREDEV-1911-dev-platfor… #123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Package for Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: # Deploy Manually | |
| jobs: | |
| deploy: | |
| name: Package for build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| env: | |
| AWS_REGION: eu-west-2 | |
| ENVIRONMENT: build | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Check out repository code | |
| uses: actions/checkout@v3 | |
| - name: Assume temporary AWS role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.BUILD_GH_ACTIONS_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: SAM Validate | |
| run: sam validate --region ${{ env.AWS_REGION }} -t infrastructure/template.yaml --lint | |
| - name: SAM build | |
| run: | | |
| mkdir out | |
| sam build -t infrastructure/template.yaml -b out/ | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Install Cosign | |
| uses: sigstore/cosign-installer@main | |
| with: | |
| cosign-release: "v1.9.0" | |
| - name: Build, tag, and push testing images to Amazon ECR | |
| env: | |
| CONTAINER_SIGN_KMS_KEY: ${{ secrets.CONTAINER_SIGN_KMS_KEY }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY_BUILD: ${{ secrets.ECR_REPOSITORY_BUILD }} | |
| ECR_REPOSITORY_STAGING: ${{ secrets.ECR_REPOSITORY_STAGING }} | |
| IMAGE_TAG: latest | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY_BUILD:$IMAGE_TAG feature-tests | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY_BUILD:$IMAGE_TAG | |
| cosign sign --key awskms:///${CONTAINER_SIGN_KMS_KEY} $ECR_REGISTRY/$ECR_REPOSITORY_BUILD:$IMAGE_TAG | |
| - name: Deploy SAM app | |
| uses: govuk-one-login/[email protected] | |
| with: | |
| artifact-bucket-name: "${{ secrets.BUILD_ARTIFACT_SOURCE_BUCKET_NAME }}" | |
| signing-profile-name: "${{ secrets.BUILD_SIGNING_PROFILE_NAME }}" | |
| working-directory: ./out |