mirror of
https://github.com/Hestia-Homes/Model.git
synced 2026-06-08 11:17:27 +00:00
98 lines
3.3 KiB
YAML
98 lines
3.3 KiB
YAML
name: Deploy infrastructure
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- "**"
|
||
|
||
jobs:
|
||
determine_stage:
|
||
runs-on: ubuntu-latest
|
||
outputs:
|
||
stage: ${{ steps.set-stage.outputs.stage }}
|
||
|
||
steps:
|
||
- name: Determine stage from branch
|
||
id: set-stage
|
||
shell: bash
|
||
run: |
|
||
BRANCH="${GITHUB_REF_NAME}"
|
||
|
||
if [[ "$BRANCH" == "prod" ]]; then
|
||
echo "stage=prod" >> "$GITHUB_OUTPUT"
|
||
|
||
elif [[ "$BRANCH" == "dev" ]]; then
|
||
echo "stage=dev" >> "$GITHUB_OUTPUT"
|
||
|
||
else
|
||
echo "stage=dev" >> "$GITHUB_OUTPUT"
|
||
fi
|
||
|
||
# ============================================================
|
||
# 1️⃣ Shared Terraform (infra)
|
||
# ============================================================
|
||
shared_terraform:
|
||
needs: determine_stage
|
||
runs-on: ubuntu-latest
|
||
env:
|
||
STAGE: ${{ needs.determine_stage.outputs.stage }}
|
||
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
|
||
- uses: aws-actions/configure-aws-credentials@v4
|
||
with:
|
||
aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||
aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||
aws-region: ${{ secrets.DEV_AWS_REGION }}
|
||
|
||
- uses: hashicorp/setup-terraform@v3
|
||
|
||
- name: Terraform Init
|
||
working-directory: infrastructure/terraform/shared
|
||
run: terraform init -reconfigure
|
||
|
||
- name: Terraform Workspace
|
||
working-directory: infrastructure/terraform/shared
|
||
run: terraform workspace select ${STAGE} || terraform workspace new ${STAGE}
|
||
|
||
- name: Terraform Plan
|
||
working-directory: infrastructure/terraform/shared
|
||
run: terraform plan -var-file=${STAGE}.tfvars -out=tfplan
|
||
|
||
- name: Terraform Apply
|
||
if: env.STAGE == 'prod'
|
||
working-directory: infrastructure/terraform/shared
|
||
run: terraform apply -auto-approve tfplan
|
||
|
||
# ============================================================
|
||
# 2️⃣ Build Address 2 UPRN image and Push
|
||
# ============================================================
|
||
address2uprn_image:
|
||
needs: [determine_stage, shared_terraform]
|
||
uses: ./.github/workflows/_build_image.yml
|
||
with:
|
||
ecr_repo: address2uprn-${{ needs.determine_stage.outputs.stage }}
|
||
dockerfile_path: backend/address2UPRN/Dockerfile
|
||
build_context: backend/address2UPRN
|
||
secrets:
|
||
AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||
AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
|
||
|
||
# ============================================================
|
||
# 3️⃣ Deploy Address 2 UPRN Lambda
|
||
# ============================================================
|
||
address2uprn_lambda:
|
||
needs: [address2uprn_image, determine_stage]
|
||
uses: ./.github/workflows/_deploy_lambda.yml
|
||
with:
|
||
lambda_name: address2uprn
|
||
lambda_path: infrastructure/terraform/lambda/address2UPRN
|
||
stage: ${{ needs.determine_stage.outputs.stage }}
|
||
ecr_repo_url: ${{ needs.address2uprn_image.outputs.ecr_repo_url }}
|
||
image_digest: ${{ needs.address2uprn_image.outputs.image_digest }}
|
||
secrets:
|
||
AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||
AWS_REGION: ${{ secrets.DEV_AWS_REGION }}
|