Removed unnecessary policy #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Updates development Elastic Beanstalk environment" | |
| on: push | |
| env: | |
| STACK_NAME: MCM | |
| PARAMETER_FILE: params.json | |
| EB_APP_NAME: MCM | |
| EB_ENV: MCMDevEnvironment | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Read parameters | |
| id: read_params | |
| run: | | |
| echo "VERSION=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| echo "BUCKET=$(cat ${PARAMETER_FILE} | jq -r '.S3Bucket')" >> "$GITHUB_OUTPUT" | |
| echo "S3KEYPREFIX=$(cat ${PARAMETER_FILE} | jq -r '.S3KeyPrefix')" >> "$GITHUB_OUTPUT" | |
| - name: Create S3 Key | |
| id: create_s3_key | |
| run: | | |
| echo "S3KEY=${{ steps.read_params.outputs.S3KEYPREFIX }}_${{ steps.read_params.outputs.VERSION }}.zip" >> "$GITHUB_OUTPUT" | |
| - name: Get VPC ID | |
| id: get_vpc | |
| run: | | |
| echo "VPC_ID=$(aws ec2 describe-vpcs --filters Name=tag:AWS_Solutions,Values=LandingZoneStackSet --output=json | jq -r '.Vpcs[].VpcId')" >> "$GITHUB_OUTPUT" | |
| - name: Get Subnets | |
| id: get_subnets | |
| run: | | |
| echo "SUB1=$(aws ec2 describe-subnets --filters Name=vpc-id,Values=${{ steps.get_vpc.outputs.VPC_ID }} Name=tag:Name,Values='Public subnet 1' | jq -r '.Subnets[].SubnetId')" >> "$GITHUB_OUTPUT" | |
| echo "SUB2=$(aws ec2 describe-subnets --filters Name=vpc-id,Values=${{ steps.get_vpc.outputs.VPC_ID }} Name=tag:Name,Values='Public subnet 2' | jq -r '.Subnets[].SubnetId')" >> "$GITHUB_OUTPUT" | |
| - name: Deploy to AWS CloudFormation | |
| uses: aws-actions/aws-cloudformation-github-deploy@v1 | |
| with: | |
| name: MCM # Annoyingly this stack won't allow using the env var | |
| template: cloudformation.json | |
| no-fail-on-empty-changeset: 1 | |
| parameter-overrides: >- | |
| VpcId=${{ steps.get_vpc.outputs.VPC_ID }}, | |
| S3Bucket=${{ steps.read_params.outputs.BUCKET }}, | |
| Subnets=${{ steps.get_subnets.outputs.SUB1 }}, | |
| Subnets=${{ steps.get_subnets.outputs.SUB2 }} | |
| role-arn: arn:aws:iam::${{ secrets.AWS_USER_ID }}:role/GithubActionsDeploymentRole | |
| capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
| tags: '[{ "Key": "group", "Value": "RESEARCHIT" }, { "Key": "project", "Value": "mcm" }, { "Key": "status", "Value": "prod" }, { "Key": "pushed_by", "Value": "githubaction" }, { "Key": "defined_in", "Value": "cloudformation" }, { "Key": "repo_name", "Value": "wacl-york/mcm-web" }, { "Key": "user", "Value": "sl561" }, { "Key": "team", "Value": "rhpc" }]' | |
| - name: Get Environment name | |
| id: get_eb_env | |
| run: | | |
| echo "EB_ENV_NAME=$(aws cloudformation describe-stack-resources --stack-name $STACK_NAME --logical-resource-id $EB_ENV | jq -r '.[][] | .PhysicalResourceId')" >> "$GITHUB_OUTPUT" | |
| - name: Upload latest code | |
| run: | | |
| zip -r - . -q -x ./.bundle/\* ./vendor/\* ./.git/\* | aws s3 cp - s3://${{ steps.read_params.outputs.BUCKET }}/${{ steps.create_s3_key.outputs.S3KEY }} | |
| - name: Create new application version | |
| run: | | |
| aws elasticbeanstalk create-application-version --application-name $EB_APP_NAME --version-label ${{ steps.read_params.outputs.VERSION }} --description "v.${{ steps.read_params.outputs.VERSION }} release" --source-bundle S3Bucket=${{ steps.read_params.outputs.BUCKET }},S3Key=${{ steps.create_s3_key.outputs.S3KEY }} --tags Key=status,Value=dev | |
| - name: Update environment | |
| run: | | |
| aws elasticbeanstalk update-environment --application-name $EB_APP_NAME --version-label ${{ steps.read_params.outputs.VERSION }} --environment-name ${{ steps.get_eb_env.outputs.EB_ENV_NAME }} |