add workflow abstractions for pr and main

pubpub · Feb 13, 2024 · d0549d7 · d0549d7
1 parent ce7693c
commit d0549d7
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 15 deletions.
diff --git a/.github/workflows/awsdeploy.yml b/.github/workflows/awsdeploy.yml
@@ -1,19 +1,29 @@
 # Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
 
-name: aws ecs deploy - blake
+name: aws ecs deploy
 
 on:
-  push:
-    branches:
-      - main
+  workflow_call:
+    inputs:
+      proper-name:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+    secrets:
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
 
 jobs:
   deploy-core:
     uses: ./.github/workflows/deploy-template.yml
     with:
       service-name: core
-      environment: staging
-      env-proper-name: blake
+      environment: ${{ inputs.environment }}
+      env-proper-name: ${{ inputs.proper-name }}
     secrets:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -23,8 +33,8 @@ jobs:
     needs: deploy-core
     with:
       service-name: jobs
-      environment: staging
-      env-proper-name: blake
+      environment: ${{ inputs.environment }}
+      env-proper-name: ${{ inputs.proper-name }}
     secrets:
       AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
       AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/deploy-template.yml b/.github/workflows/deploy-template.yml
@@ -41,6 +41,7 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
+          role-to-assume: ${{ vars.IAM_ROLE_TO_ASSUME }}
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ env.AWS_REGION }}

diff --git a/.github/workflows/ecrbuild-all.yml b/.github/workflows/ecrbuild-all.yml
@@ -3,13 +3,12 @@
 name: docker build to ECR
 
 on:
-  push:
-    branches:
-      - main
-  pull_request:
-    types:
-      - opened
-      - synchronize
+  workflow_call:
+    secrets:
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
 
 jobs:
   build-core:

diff --git a/.github/workflows/on_main.yml b/.github/workflows/on_main.yml
@@ -0,0 +1,26 @@
+# Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
+
+name: Promote from main
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-all:
+    uses: ./.github/workflows/ecrbuild-all.yml
+    secrets:
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+
+  deploy-all:
+    uses: ./.github/workflows/awsdeploy.yml
+    environment: staging
+    needs: build-all
+    inputs:
+      proper-name: blake
+      environment: staging
+    secrets:
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml
@@ -0,0 +1,16 @@
+# Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service
+
+name: Promote from main
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  build-all:
+    uses: ./.github/workflows/ecrbuild-all.yml
+    secrets:
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}