From a965ca9a37d78945b3283ef811024c01546653a1 Mon Sep 17 00:00:00 2001 From: luke-h1 Date: Sat, 23 Mar 2024 16:12:39 +0000 Subject: [PATCH] feat(infrastructure): setup ci for lambda --- .github/workflows/deploy-lambda.yml | 176 +++++++++++++++++++++++++++ .gitignore | 6 +- terraform/lambda/envs/example.tfvars | 5 + 3 files changed, 185 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/deploy-lambda.yml create mode 100644 terraform/lambda/envs/example.tfvars diff --git a/.github/workflows/deploy-lambda.yml b/.github/workflows/deploy-lambda.yml new file mode 100644 index 000000000..0823d06c2 --- /dev/null +++ b/.github/workflows/deploy-lambda.yml @@ -0,0 +1,176 @@ +name: Deploy lambda +on: + pull_request: + push: + branches: + - dev + - main + workflow_dispatch: +env: + TERRAFORM_ROOT: terraform/lambda + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + PNPM_VERSION: 8.13.1 + + # terraform + ############################################################ + TF_VAR_env: staging + TF_VAR_env_vars: '{ "SPOTIFY_CLIENT_ID": ${{ secrets.SPOTIFY_CLIENT_ID }}, "SPOTIFY_CLIENT_SECRET": ${{ secrets.SPOTIFY_CLIENT_SECRET }}, "SPOTIFY_REFRESH_TOKEN": ${{ secrets.SPOTIFY_REFRESH_TOKEN}}, "SHOULD_CALL_SPOTIFY": true }' + TF_VAR_zone_id: ${{ secrets.LAMBDA_ZONE_ID }} + TF_VAR_domain_name: lhowsam.com + TF_VAR_sub_domain: nowplaying.lhowsam.com + +jobs: + deploy-staging: + runs-on: ubuntu-latest + name: Deploy lambda to staging + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + + steps: + # https://github.com/actions/virtual-environments/issues/1187 + - name: tune linux network + run: sudo ethtool -K eth0 tx off rx off + + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ github.head_ref }} + + - name: Setup pnpm + uses: pnpm/action-setup@v2 + with: + version: ${{ env.PNPM_VERSION }} + + - name: Setup Node + uses: actions/setup-node@v3 + with: + node-version-file: .nvmrc + cache: pnpm + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache@v3 + name: Setup pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store- + + - name: Cache turbo build setup + uses: actions/cache@v4 + with: + path: .turbo + key: ${{ runner.os }}-turbo-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-turbo- + + - uses: pnpm/action-setup@v2 + name: Install pnpm + with: + version: ${{ env.PNPM_VERSION }} + run_install: false + + - name: Install dependencies + run: pnpm i + + - uses: actions/labeler@v4 + with: + sync-labels: true + + - name: Check commit message + run: pnpm commitlint --from=HEAD^1 + + - name: format:check + run: pnpm format:check + + - name: lint + run: pnpm lint + + - name: jest + run: pnpm test + + - name: tsc + run: pnpm tsc + + - name: build lambda + working-directory: apps/lambda + run: pnpm build + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v3 + with: + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-west-2 + mask-aws-account-id: true + + - name: Terraform init + id: init + # run: terraform init + run: terraform init -backend-config="region=eu-west-2" -backend-config="bucket=nowplaying-staging-terraform-state" -backend-config="key=vpc/staging.tfstate"" -input=false + working-directory: ${{ env.TERRAFORM_ROOT }} + - name: terraform workspace select + run: terraform workspace select staging -or-create + working-directory: ${{ env.TERRAFORM_ROOT }} + + - name: Terraform fmt -check + id: fmt + run: terraform fmt -check + working-directory: ${{ env.TERRAFORM_ROOT }} + + - name: Terraform validate + id: validate + run: terraform validate + working-directory: ${{ env.TERRAFORM_ROOT }} + + - name: Terraform plan + id: plan + run: terraform plan -no-color -input=false + working-directory: ${{ env.TERRAFORM_ROOT }} + + - uses: actions/github-script@v6 + if: github.event_name == 'pull_request' + env: + PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" + with: + script: | + const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\` + #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\` + #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\` + #### Terraform Plan 📖\`${{ steps.plan.outcome }}\` + +
Show Plan + + \`\`\`\n + ${process.env.PLAN} + \`\`\` + +
+ *Pushed by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }) + + - name: Terraform Plan Status + if: steps.plan.outcome == 'failure' + run: exit 1 + + - uses: trstringer/manual-approval@v1 + with: + secret: ${{ github.TOKEN }} + approvers: luke-h1 + + - name: Terraform Apply + if: github.ref == 'refs/heads/dev' && github.event_name == 'push' + run: terraform apply -auto-approve -input=false diff --git a/.gitignore b/.gitignore index 73d6fad96..a14c3a0b0 100644 --- a/.gitignore +++ b/.gitignore @@ -35,10 +35,12 @@ newrelic_agent.log .terraform playwright-report .turbo -*.tfvars *.tfstate .turbo dist lambda.zip .terraform.lock.hcl -certs \ No newline at end of file +certs +live.tfvars +staging.tfvars +!example.tfvars \ No newline at end of file diff --git a/terraform/lambda/envs/example.tfvars b/terraform/lambda/envs/example.tfvars new file mode 100644 index 000000000..9464fbbc1 --- /dev/null +++ b/terraform/lambda/envs/example.tfvars @@ -0,0 +1,5 @@ +zone_id = "" +env = "" +env_vars = {} +root_domain = "" +sub_domain = "" \ No newline at end of file