Bump the npm_and_yarn group with 5 updates (#5130) #971
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Deploy serverless to production' | |
on: | |
push: | |
branches: [main] | |
paths: | |
# Trigger the job only when the serverless config or files have been changed | |
- .github/workflows/deploy_serverless_prod.yml | |
- package-lock.json | |
- serverless/** | |
- serverless.yml | |
- lib/** | |
jobs: | |
deploy: | |
name: deploy | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
function_name: ['webhook-queueWorker', 'webhookChecker'] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
uses: ./.github/actions/install | |
- name: populate env file | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: us-east-1 | |
run: | | |
secrets_pattern='^(.+)=.*pull:secretsmanager:(.*):SecretString:([^:]+):?(.*)}}' | |
cat .ebstalk.apps.env/serverless.env | while read line; do | |
if [[ $line =~ $secrets_pattern ]]; then | |
env_var_name=${BASH_REMATCH[1]} | |
secret_name=${BASH_REMATCH[2]} | |
secret_json_key=${BASH_REMATCH[3]} | |
secret_version=${BASH_REMATCH[4]:-AWSCURRENT} | |
if [[ $secret_version =~ ^AWS ]]; then | |
secret_version_option=(--version-stage "$secret_version") | |
else | |
secret_version_option=(--version-id "$secret_version") | |
fi | |
secret_value=$(aws secretsmanager get-secret-value \ | |
--region us-east-1 \ | |
--secret-id "$secret_name" \ | |
--query "SecretString" \ | |
"${secret_version_option[@]}" \ | |
| jq -r --arg keyname $secret_json_key '. | fromjson | .[$keyname]') | |
[ -z "$secret_value" ] && { | |
echo "$secret_name or $secret_json_key not found." | |
secret_value="SECRET_NOT_FOUND" | |
} | |
echo "$env_var_name=\"$secret_value\"" >> .env | |
fi | |
done | |
- name: Copy Prisma files | |
run: node copyPrismaFiles.js | |
ls -lA ./serverless/ | |
- name: serverless deploy ${{ matrix.function_name }} | |
uses: ryanlawson/[email protected] | |
with: | |
args: deploy function -f ${{ matrix.function_name }} --stage prod | |
env: | |
SERVERLESS_ACCESS_KEY: ${{ secrets.SERVERLESS_ACCESS_KEY }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: us-east-1 |