Sign upLogin

CMSgov/macpro-platform-doc-conversion

View on GitHub
Star
.github/workflows/deploy-support.yml

Summary

Maintainability
Test Coverage
name: Deploy Support

on:
  push:
    branches:
      # # List of all branches which should control underlying infrastructure.
      - master

permissions:
  id-token: write
  contents: read
  actions: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    env:
      SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
    steps:
      - name: set branch_name
        run: |
          if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then # Dependabot builds very long branch names.  This is a switch to make it shorter.
            echo "branch_name=`echo ${GITHUB_REF#refs/heads/} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
          else
            echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
          fi
      - uses: actions/checkout@v3
      - name: Validate branch name
        run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
      - name: set branch specific variable names
        run: ./.github/build_vars.sh set_names
      - name: set variable values
        run: ./.github/build_vars.sh set_values
        env:
          AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
          STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
      - name: Configure AWS credentials for GitHub Actions
        uses: aws-actions/configure-aws-credentials@v1
        with:
          role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: ${{ env.AWS_DEFAULT_REGION }}
      - name: lock this branch to prevent concurrent builds
        run: ./.github/github-lock.sh $branch_name
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: read .nvmrc
        id: node_version
        run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
      - uses: actions/setup-node@v3
        with:
          node-version: ${{ steps.node_version.outputs.NODE_VERSION }}
      - uses: actions/cache@v2
        with:
          path: "**/node_modules"
          key: deploy-support-${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}
      - name: set path
        run: |
          echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
      - name: deploy
        run: |
          # When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other.
          # This can optionally be set as an GitHub Actions Secret
          ./deploySupport.sh $STAGE_PREFIX$branch_name
      - name: Slack Notification
        uses: rtCamp/action-slack-notify@v2
        if: env.SLACK_WEBHOOK_URL != '' && contains(fromJson('["master", "val", "production"]'), env.branch_name) && failure ()
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_USERNAME: GitHub Actions Alerts
          SLACK_ICON_EMOJI: ":bell:"
          SLACK_COLOR: ${{job.status}}
          SLACK_FOOTER: ""
          MSG_MINIMAL: actions url,commit,ref