mirror of
https://github.com/whekin/household-bot.git
synced 2026-03-31 20:24:03 +00:00
89 lines
2.7 KiB
YAML
89 lines
2.7 KiB
YAML
name: CD / AWS
|
|
|
|
# on:
|
|
# workflow_run:
|
|
# workflows:
|
|
# - CI
|
|
# types:
|
|
# - completed
|
|
# branches:
|
|
# - main
|
|
# workflow_dispatch:
|
|
# inputs:
|
|
# stack:
|
|
# description: 'Pulumi stack'
|
|
# required: true
|
|
# default: 'dev'
|
|
# ref:
|
|
# description: 'Git ref to deploy (branch, tag, or SHA)'
|
|
# required: true
|
|
# default: 'main'
|
|
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
concurrency:
|
|
group: cd-aws-${{ github.event_name == 'workflow_dispatch' && inputs.stack || github.ref_name }}
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
deploy:
|
|
name: Deploy AWS target
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 45
|
|
if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
|
|
env:
|
|
AWS_REGION: ${{ vars.AWS_REGION }}
|
|
PULUMI_STACK: ${{ github.event_name == 'workflow_dispatch' && inputs.stack || vars.PULUMI_STACK }}
|
|
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
|
|
BOT_API_URL: ${{ vars.BOT_API_URL }}
|
|
|
|
steps:
|
|
- name: Checkout deployment ref
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ github.event_name == 'workflow_dispatch' && inputs.ref || github.event.workflow_run.head_sha }}
|
|
|
|
- name: Setup Bun
|
|
uses: oven-sh/setup-bun@v2
|
|
with:
|
|
bun-version-file: .bun-version
|
|
|
|
- name: Install dependencies
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: Configure AWS credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME }}
|
|
aws-region: ${{ vars.AWS_REGION }}
|
|
|
|
- name: Setup Pulumi
|
|
uses: pulumi/actions@v6
|
|
with:
|
|
command: login
|
|
|
|
- name: Select Pulumi stack
|
|
working-directory: infra/pulumi/aws
|
|
run: pulumi stack select "$PULUMI_STACK"
|
|
|
|
- name: Preview infrastructure
|
|
run: bun run infra:aws:preview -- --stack "$PULUMI_STACK" --non-interactive
|
|
|
|
- name: Apply infrastructure
|
|
run: bun run infra:aws:up -- --stack "$PULUMI_STACK" --yes --non-interactive
|
|
|
|
- name: Resolve miniapp bucket
|
|
id: outputs
|
|
working-directory: infra/pulumi/aws
|
|
run: |
|
|
echo "miniapp_bucket=$(pulumi stack output miniAppBucketName --stack "$PULUMI_STACK")" >> "$GITHUB_OUTPUT"
|
|
echo "bot_origin_url=$(pulumi stack output botOriginUrl --stack "$PULUMI_STACK")" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Publish miniapp assets
|
|
env:
|
|
AWS_MINIAPP_BUCKET: ${{ steps.outputs.outputs.miniapp_bucket }}
|
|
BOT_API_URL: ${{ vars.BOT_API_URL || steps.outputs.outputs.bot_origin_url }}
|
|
run: bun run ops:aws:miniapp:publish
|