Skip to content

Deploy

Deploy #64

Workflow file for this run

name: Deploy
on:
# workflow_run:
# workflows: [Docker build and publish]
# types:
# - completed
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
strategy:
matrix:
project: [users-chis-civ]
# if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: "Configure"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{vars.AWS_REGION}}
aws-access-key-id: ${{ secrets.DEPLOY_KEY_ID }}
aws-secret-access-key: ${{ secrets.DEPLOY_ACCESS_KEY }}
- name: install oathtool
run: sudo apt-get install -y oathtool jq
- id: auth
name: Authenticate to STS
run: |
mfa_serial="arn:aws:iam::${{vars.AWS_ACCOUNT_NUMBER}}:mfa/gh-action"
mfa_code=$(oathtool -b --totp ${{secrets.MFA_KEY}})
STS=$(aws sts get-session-token --region "${{vars.AWS_REGION}}" --serial-number "$mfa_serial" --token-code "$mfa_code")
aws_access_key_id=$(echo "$STS" | jq -r '.Credentials.AccessKeyId')
echo "::add-mask::$aws_access_key_id"
aws_secret_access_key=$(echo "$STS" | jq -r '.Credentials.SecretAccessKey')
echo "::add-mask::$aws_secret_access_key"
aws_session_token=$(echo "$STS" | jq -r '.Credentials.SessionToken')
echo "::add-mask::$aws_session_token"
echo "AWS_ACCESS_KEY_ID=$aws_access_key_id" >> "$GITHUB_OUTPUT"
echo "AWS_SECRET_ACCESS_KEY=$aws_secret_access_key" >> "$GITHUB_OUTPUT"
echo "AWS_SESSION_TOKEN=$aws_session_token" >> "$GITHUB_OUTPUT"
- name: Assume role
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{vars.AWS_REGION}}
aws-access-key-id: ${{ steps.auth.outputs.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ steps.auth.outputs.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ steps.auth.outputs.AWS_SESSION_TOKEN }}
role-skip-session-tagging: true
role-to-assume: "arn:aws:iam::${{vars.AWS_ACCOUNT_NUMBER}}:role/eks-${{vars.AWS_USER}}"
- uses: actions/checkout@v2
- name: Upgrade ${{matrix.project}}
run: |
aws eks update-kubeconfig --name ${{vars.CLUSTER}} --region ${{vars.AWS_REGION}}
helm repo add medic https://docs.communityhealthtoolkit.org/helm-charts
helm upgrade --namespace ${{vars.NAMESPACE}} --values scripts/deploy/values/${{matrix.project}}.yaml ${{matrix.project}} medic/cht-user-management