updated sam template #28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment pipeline for Menu_Get svc | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: "Target environment" | |
| required: true | |
| default: "test" | |
| type: choice | |
| options: | |
| - test | |
| - staging | |
| - uat | |
| - prod | |
| env: | |
| STACK_NAME: MenuGetStack | |
| REGION_US_EAST1: us-east-1 | |
| concurrency: | |
| group: deploy-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| build_and_deploy: | |
| name: Deploy to ${{ github.event.inputs.environment || 'dev' }} | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.environment || 'dev' }} | |
| if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Setup aws-sam cli | |
| uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Determine target environment | |
| id: set-env | |
| run: | | |
| ENVIRONMENT=${{ github.event.inputs.environment || 'dev' }} | |
| echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV | |
| echo "ENVIRONMENT_UPPER=$(echo $ENVIRONMENT | tr '[:lower:]' '[:upper:]')" >> $GITHUB_ENV | |
| - name: Extract AWS Account ID from Secret | |
| id: account | |
| run: | | |
| case "$ENVIRONMENT" in | |
| dev) echo "ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_DEV }}" >> $GITHUB_ENV ;; | |
| test) echo "ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_TEST }}" >> $GITHUB_ENV ;; | |
| staging) echo "ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_STAGING }}" >> $GITHUB_ENV ;; | |
| uat) echo "ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_UAT }}" >> $GITHUB_ENV ;; | |
| prod) echo "ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID_PROD }}" >> $GITHUB_ENV ;; | |
| esac | |
| - name: Configure AWS credentials using OIDC token | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ env.ACCOUNT_ID }}:role/GitHubActionsDeployRole | |
| role-session-name: menu-get-svc-${{ env.ENVIRONMENT }}-session | |
| aws-region: ${{ env.REGION_US_EAST1 }} | |
| - name: Build app | |
| run: | | |
| echo "Account ID - ${{ env.ACCOUNT_ID }}" | |
| sam build | |
| - name: Deploy the app | |
| run: | | |
| sam deploy \ | |
| --stack-name ${{ env.STACK_NAME }}-${{ env.ENVIRONMENT }} \ | |
| --region ${{ env.REGION_US_EAST1 }} \ | |
| --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \ | |
| --role-arn arn:aws:iam::${{ env.ACCOUNT_ID }}:role/GitHubActionsDeployRole \ | |
| --resolve-s3 \ | |
| --no-progressbar | |