-
-
Notifications
You must be signed in to change notification settings - Fork 20
129 lines (109 loc) · 3.62 KB
/
aws-sam.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: "AWS SAM"
# https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_run
on:
workflow_call:
secrets:
AWS_OIDC_ROLE_TO_ASSUME:
required: true
SAM_APP_BUCKET:
required: true
workflow_dispatch:
permissions:
id-token: write
actions: read
env:
AWS_REGION: us-east-1
jobs:
publish:
name: Publish
runs-on: ubuntu-latest
strategy:
matrix:
AWS_REGIONS:
- us-east-1
# - us-east-2
# - us-west-1
# - us-west-2
# - eu-west-1
# - eu-west-2
# - eu-west-3
# - eu-central-1
# - eu-north-1
# - ap-southeast-2
# - ap-southeast-1
# - ap-northeast-1
# - ap-northeast-2
# - ap-south-1
# - ca-central-1
# - sa-east-1
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Set up Go 1.x
id: go
uses: actions/setup-go@v5
with:
go-version-file: ./go.mod
- name: Go version
run: |
go version
- name: Git Current branch name (Version)
run: |
echo ${{ github.ref_name }}
- name: Set up Python 3.x
uses: actions/setup-python@v5
- name: Set up AWS SAM
uses: aws-actions/setup-sam@v2
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
role-session-name: publish-sam-app
aws-region: ${{ env.AWS_REGION }}
- name: AWS SAM Validate template
run: |
aws cloudformation validate-template --template-body file://template.yaml 1>/dev/null
sam validate
- name: AWS SAM Build template
run: |
GIT_VERSION=${{ github.ref_name }} sam build
- name: AWS SAM Package
env:
SAM_APP_BUCKET: ${{ secrets.SAM_APP_BUCKET }}
run: |
sam package --output-template-file packaged.yaml --s3-bucket $SAM_APP_BUCKET
- name: Set SemVer format version
id: semver
run: |
VERSION=$(echo ${{ github.ref_name }} | cut -d 'v' -f 2)
echo "version=$VERSION" >> $GITHUB_OUTPUT
- name: Shows SemVer format version
run: |
echo ${{ steps.semver.outputs.version }}
# iterate over regions
- name: AWS SAM Publish
env:
AWS_PUBLIC_REGION: ${{ matrix.AWS_REGIONS }}
SAM_APP_VERSION: ${{ steps.semver.outputs.version }}
run: |
sam publish --semantic-version $SAM_APP_VERSION --template packaged.yaml --region $AWS_PUBLIC_REGION
- name: Get the AWS SAM published application ARN
id: set-arn
env:
AWS_PUBLIC_REGION: ${{ matrix.AWS_REGIONS }}
run: |
AWS_SAM_APP_ARN=$(\
aws serverlessrepo list-applications --max-items 100 --region $AWS_PUBLIC_REGION \
| jq -c '.Applications[] | select(.ApplicationId | contains("idp-scim-sync"))' \
| jq -r '.ApplicationId' \
)
echo "arn=$AWS_SAM_APP_ARN" >> $GITHUB_OUTPUT
- name: Show AWS SAM Application ARN
run: |
echo ${{ steps.set-arn.outputs.arn }}
- name: Get the AWS SAM published application ARN
env:
AWS_PUBLIC_REGION: ${{ matrix.AWS_REGIONS }}
AWS_SAM_APP_ARN: ${{ steps.set-arn.outputs.arn }}
run: |
aws serverlessrepo put-application-policy --application-id $AWS_SAM_APP_ARN --statements Principals='*',Actions='Deploy' --region $AWS_PUBLIC_REGION