diff --git a/.github/workflows/awsdeploy.yml b/.github/workflows/awsdeploy.yml index 9d73404ad..f0d46f860 100644 --- a/.github/workflows/awsdeploy.yml +++ b/.github/workflows/awsdeploy.yml @@ -1,19 +1,29 @@ # Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service -name: aws ecs deploy - blake +name: aws ecs deploy on: - push: - branches: - - main + workflow_call: + inputs: + proper-name: + required: true + type: string + environment: + required: true + type: string + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true jobs: deploy-core: uses: ./.github/workflows/deploy-template.yml with: service-name: core - environment: staging - env-proper-name: blake + environment: ${{ inputs.environment }} + env-proper-name: ${{ inputs.proper-name }} secrets: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -23,8 +33,8 @@ jobs: needs: deploy-core with: service-name: jobs - environment: staging - env-proper-name: blake + environment: ${{ inputs.environment }} + env-proper-name: ${{ inputs.proper-name }} secrets: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/deploy-template.yml b/.github/workflows/deploy-template.yml index 17daa25c8..330a98089 100644 --- a/.github/workflows/deploy-template.yml +++ b/.github/workflows/deploy-template.yml @@ -41,6 +41,7 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: + role-to-assume: ${{ vars.IAM_ROLE_TO_ASSUME }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ env.AWS_REGION }} diff --git a/.github/workflows/ecrbuild-all.yml b/.github/workflows/ecrbuild-all.yml index 412cf65e1..4fd8daec0 100644 --- a/.github/workflows/ecrbuild-all.yml +++ b/.github/workflows/ecrbuild-all.yml @@ -3,13 +3,12 @@ name: docker build to ECR on: - push: - branches: - - main - pull_request: - types: - - opened - - synchronize + workflow_call: + secrets: + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true jobs: build-core: diff --git a/.github/workflows/on_main.yml b/.github/workflows/on_main.yml new file mode 100644 index 000000000..725e275ea --- /dev/null +++ b/.github/workflows/on_main.yml @@ -0,0 +1,26 @@ +# Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service + +name: Promote from main + +on: + push: + branches: + - main + +jobs: + build-all: + uses: ./.github/workflows/ecrbuild-all.yml + secrets: + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + + deploy-all: + uses: ./.github/workflows/awsdeploy.yml + environment: staging + needs: build-all + inputs: + proper-name: blake + environment: staging + secrets: + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} diff --git a/.github/workflows/on_pr.yml b/.github/workflows/on_pr.yml new file mode 100644 index 000000000..571749fc9 --- /dev/null +++ b/.github/workflows/on_pr.yml @@ -0,0 +1,16 @@ +# Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service + +name: Promote from main + +on: + pull_request: + types: + - opened + - synchronize + +jobs: + build-all: + uses: ./.github/workflows/ecrbuild-all.yml + secrets: + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}