128 lines (103 loc) · 3.81 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Deploy to ECR and Lambda
on:
push:
branches: [ "main" ]
pull_request:
permissions:
contents: read
env:
ECR_REPOSITORY: lambda-python-custom
TF_DIR: infra/tf
jobs:
build-push-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- uses: docker/setup-buildx-action@v3
- name: Docker Build
uses: docker/build-push-action@v5
with:
context: .
load: true
tags: |
${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false
# - name: Test Docker Image
# run: |
# docker run -p 9000:8080 --rm --init ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
# curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{}
- name: Docker Build and Push
uses: docker/build-push-action@v5
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
with:
context: .
push: true
tags: |
${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
provenance: false
- uses: actions/cache@v3
name: Cache TFLint plugin dir
with:
path: ~/.tflint.d/plugins
key: ${{ runner.os }}-tflint-${{ hashFiles('**/.tflint.hcl') }}
- uses: terraform-linters/setup-tflint@v4
name: Setup TFLint
with:
tflint_version: v0.48.0
- name: Init TFLint
run: cd ${{ env.TF_DIR }} && tflint --init
- name: Show TFLint version
run: cd ${{ env.TF_DIR }} && tflint --version
- name: Run TFLint
run: cd ${{ env.TF_DIR }} && tflint -f compact
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.5.7
- name: Config Terraform plugin cache
run: |
echo 'plugin_cache_dir="$HOME/.terraform.d/plugin-cache"' >~/.terraformrc
mkdir --parents ~/.terraform.d/plugin-cache
- name: Cache Terraform
uses: actions/cache@v3
with:
path: |
~/.terraform.d/plugin-cache
key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
restore-keys: |
${{ runner.os }}-terraform-
- name: Check Terraform Format
id: fmt
run: terraform -chdir='${{ env.TF_DIR }}' fmt -check
- name: Terraform Init
id: init
run: terraform -chdir='${{ env.TF_DIR }}' init
- name: Terraform Validate
id: validate
run: terraform -chdir='${{ env.TF_DIR }}' validate -no-color
- name: Terraform Plan
id: plan
run: terraform -chdir='${{ env.TF_DIR }}' plan -var 'image_tag=${{ github.sha }}' -no-color -out=tfplan
continue-on-error: true
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
id: apply
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
run: terraform -chdir='${{ env.TF_DIR }}' apply -auto-approve tfplan
continue-on-error: true