Skip to content

chore: with the new infra update LOCAL_LAMBDA_ENDPOINT is now replaced by LOCAL_AWS_ENDPOINT #3556

chore: with the new infra update LOCAL_LAMBDA_ENDPOINT is now replaced by LOCAL_AWS_ENDPOINT

chore: with the new infra update LOCAL_LAMBDA_ENDPOINT is now replaced by LOCAL_AWS_ENDPOINT #3556

name: Deploy PR Review Client environment
on:
pull_request:
branches:
- develop
- feature/*
types:
- labeled
- opened
- reopened
- synchronize
env:
AWS_DEFAULT_REGION: ca-central-1
FUNCTION_NAME: "forms-client-pr"
IMAGE: pr_review
REGISTRY: 687401027353.dkr.ecr.ca-central-1.amazonaws.com
ROLE_ARN: arn:aws:iam::687401027353:role/forms-lambda-client
COGNITO_APP_CLIENT_ID: ${{secrets.STAGING_COGNITO_APP_CLIENT_ID}}
COGNITO_USER_POOL_ID: ${{ secrets.STAGING_COGNITO_USER_POOL_ID}}
jobs:
run-check:
runs-on: ubuntu-latest
outputs:
has-migrations: ${{ steps.filter.outputs.migrations }}
steps:
- name: path-filter
uses: cds-snc/paths-filter@b316143212d841aed668b7b29240c719d603a9b9 # tag=v2.10.4
id: filter
with:
filters: |
migrations:
- 'prisma/migrations/**'
build-and-push-container:
needs: [run-check]
if: ${{ !contains(github.event.pull_request.labels.*.name, 'Renovate') && needs.run-check.outputs.has-migrations == 'false' }}
runs-on: ubuntu-latest
steps:
- name: Set envs
run: echo "PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
- name: Configure AWS credentials
id: aws-creds
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ca-central-1
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
- name: Build Docker image
run: |
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.PR_NUMBER }} \
-f Dockerfile.pr \
--build-arg COGNITO_APP_CLIENT_ID=$COGNITO_APP_CLIENT_ID \
--build-arg COGNITO_USER_POOL_ID=$COGNITO_USER_POOL_ID .
- name: Push Docker image to ECR
run: |
docker push ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ env.PR_NUMBER }}
- name: Delete old images
run: |
IMAGES_TO_DELETE="$(aws ecr list-images --repository-name $IMAGE --filter "tagStatus=UNTAGGED" --query 'imageIds[*]' --output json)"
aws ecr batch-delete-image \
--repository-name $IMAGE \
--image-ids "$IMAGES_TO_DELETE" || true
- name: Logout of Amazon ECR
run: docker logout $REGISTRY
deploy-test-client:
if: ${{ !contains(github.event.pull_request.labels.*.name, 'Renovate') }}
runs-on: ubuntu-latest
needs: build-and-push-container
steps:
- name: Set envs
run: echo "PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH")" >> $GITHUB_ENV
- name: Configure AWS credentials
id: aws-creds
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ca-central-1
- name: Create/Update lambda function
run: |
if aws lambda get-function --function-name $FUNCTION_NAME-$PR_NUMBER > /dev/null 2>&1; then
aws lambda update-function-code \
--function-name $FUNCTION_NAME-$PR_NUMBER \
--image-uri $REGISTRY/$IMAGE:$PR_NUMBER > /dev/null 2>&1
else
aws lambda create-function \
--function-name $FUNCTION_NAME-$PR_NUMBER \
--package-type Image \
--role $ROLE_ARN \
--timeout 15 \
--memory-size 2048 \
--code ImageUri=$REGISTRY/$IMAGE:$PR_NUMBER \
--description "$GITHUB_REPOSITORY/pull/$PR_NUMBER" \
--vpc-config SubnetIds=${{ secrets.PR_REVIEW_ENV_SUBNET_IDS }},SecurityGroupIds=${{ secrets.PR_REVIEW_ENV_SECURITY_GROUP_IDS }} > /dev/null 2>&1
aws lambda wait function-active --function-name $FUNCTION_NAME-$PR_NUMBER
aws lambda add-permission \
--function-name $FUNCTION_NAME-$PR_NUMBER \
--statement-id FunctionURLAllowPublicAccess \
--action lambda:InvokeFunctionUrl \
--principal "*" \
--function-url-auth-type NONE > /dev/null 2>&1
URL="$(aws lambda create-function-url-config --function-name $FUNCTION_NAME-$PR_NUMBER --auth-type NONE | jq .FunctionUrl)"
echo "URL=$URL" >> $GITHUB_ENV
aws lambda update-function-configuration \
--function-name $FUNCTION_NAME-$PR_NUMBER > /dev/null 2>&1
aws logs create-log-group --log-group-name /aws/lambda/$FUNCTION_NAME-$PR_NUMBER > /dev/null 2>&1
aws logs put-retention-policy --log-group-name /aws/lambda/$FUNCTION_NAME-$PR_NUMBER --retention-in-days 14 > /dev/null 2>&1
fi
aws lambda wait function-updated --function-name $FUNCTION_NAME-$PR_NUMBER
aws lambda put-function-concurrency \
--function-name $FUNCTION_NAME-$PR_NUMBER \
--reserved-concurrent-executions 10 > /dev/null 2>&1
- name: Update PR
if: env.URL != ''
uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## :test_tube: Review environment\n${process.env.URL.slice(1, -1)}`
})