deploy #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| workflow_run: | |
| workflows: | |
| - check | |
| types: | |
| - completed | |
| branches: | |
| - dev | |
| # Ensures that only one deploy task per branch/environment will run at a time. | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| cdk-deploy: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Install AWS CLI | |
| run: sudo snap install aws-cli --classic | |
| - name: Install AWS CDK CLI | |
| run: npm install -g aws-cdk | |
| - name: Install python dependencies | |
| run: pip install -r requirements.txt -r requirements-dev.txt | |
| - name: Assume AWS Role | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-east-1 | |
| role-to-assume: 'arn:aws:iam::804034162148:role/sagebase-github-oidc-openchallenges-deploy' | |
| role-session-name: ${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }} | |
| role-duration-seconds: 1200 | |
| - name: CDK deploy | |
| run: cdk deploy --all --require-approval never | |
| env: | |
| ENV: ${{ github.head_ref || github.ref_name }} | |
| SECRETS: "ssm" |