Skip to content

Merge pull request #11 from Haven-Code/main #19

Merge pull request #11 from Haven-Code/main

Merge pull request #11 from Haven-Code/main #19

name: Deploy KMA Score API - Prod environment
env:
DB_URL: ${{ secrets.DB_URL }}
CERTIFICATE_ARN: ${{ secrets.CERTIFICATE_ARN }}
CUSTOM_DOMAIN: ${{ secrets.CUSTOM_DOMAIN }}
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-22.04
steps:
- name: Checkout main branch
uses: actions/checkout@v2
- name: Setup AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Get SSMS parameters
uses: dkershner6/aws-ssm-getparameters-action@v1
with:
parameterPairs: "/regiogn/primary = ap-southeast-1,
/sst/kma-score-serverless/prod/Secret/DB_HOST/value=DB_HOST,
/sst/kma-score-serverless/prod/Secret/DB_NAME/value=DB_NAME,
/sst/kma-score-serverless/prod/Secret/DB_PASSWORD/value=DB_PASSWORD,
/sst/kma-score-serverless/prod/Secret/DB_PORT/value=DB_PORT,
/sst/kma-score-serverless/prod/Secret/DB_USERNAME/value=DB_USERNAME
/sst/kma-score-serverless/prod/Secret/KC_URL/value=KC_URL
/sst/kma-score-serverless/prod/Secret/KC_REALM/value=KC_REALM
/sst/kma-score-serverless/prod/Secret/KC_CLIENT_ID/value=KC_CLIENT_ID
/sst/kma-score-serverless/prod/Secret/KC_CLIENT_SECRET/value=KC_CLIENT_SECRET
/sst/kma-score-serverless/prod/Secret/SCHEDULE_GRPC/value=SCHEDULE_GRPC"
withDecryption: "true"
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: 18
- uses: pnpm/action-setup@v2
name: Install pnpm
with:
version: 8
run_install: false
- name: Get pnpm store directory
shell: bash
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
- uses: actions/cache@v3
name: Setup pnpm cache
with:
path: ${{ env.STORE_PATH }}
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
restore-keys: |
${{ runner.os }}-pnpm-store-
- name: Install dependencies
run: pnpm i --frozen-lockfile
- name: Lint
run: pnpm lint && pnpm typecheck
# https://stackoverflow.com/questions/68119012/create-env-file-in-gh-action-using-repo-secrets
- name: Apply all pending migrations to the database
run: |
echo $DB_URL > .env
pnpm db:migrate
working-directory: packages/core
- name: Deploy
run: pnpm sst deploy --stage prod