add create s3 backend and destroy infra workflow #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'terraform/**' | |
| - '.github/workflows/deploy.yml' | |
| - 'lambda_function/**' | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Package Lambda function | |
| run: | | |
| cd lambda_function | |
| zip -r ../terraform/lambda_function.zip . -x "venv/*" | |
| echo "Lambda function zipped" | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| - name: Make scripts executable | |
| working-directory: ./terraform | |
| run: | | |
| chmod +x ./scripts/upload_to_s3.sh | |
| chmod +x ./scripts/upload_resume.py | |
| chmod +x ./scripts/s3_backend.sh | |
| chmod +x ./empty_bucket.py | |
| - name: Install dependencies | |
| run: | | |
| python3 -m pip install --upgrade pip | |
| pip install boto3 | |
| - name: Create s3 backend | |
| working-directory: ./terraform/scripts | |
| run: ./s3_backend.sh | |
| - name: Decrypt tfvars file, Initialize and Deploy infrastructure with Terraform | |
| run: | | |
| working-directory: ./terraform | |
| gpg --quiet --batch --yes --decrypt --passphrase="$SECRET_PASSPHRASE" --output variables.tfvars variables.tfvars.gpg | |
| terraform init | |
| terraform apply -auto-approve -var-file="variables.tfvars" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| SECRET_PASSPHRASE: ${{ secrets.SECRET_PASSPHRASE }} | |
| - name: Check for failure | |
| if: ${{ failure() }} | |
| run: echo "A previous step failed. Proceeding to destroy infrastructure." | |
| - name: Empty S3 bucket | |
| if: ${{ failure() }} | |
| working-directory: ./terraform | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: python3 empty_bucket.py | |
| - name: Destroy Terraform | |
| if: ${{ failure() }} | |
| run: | | |
| working-directory: ./terraform | |
| terraform destroy -var-file=variables.tfvars -auto-approve | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |