-
Notifications
You must be signed in to change notification settings - Fork 0
64 lines (56 loc) · 2.1 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: deploy
on:
push:
branches:
- master
concurrency:
group: ${{ github.workflow }}
jobs:
deploy-cdk-stack:
runs-on: ubuntu-latest
permissions:
contents: read
# Allows JWT to be requested from GitHub's OIDC provider.
id-token: write
steps:
- uses: actions/checkout@v4
- id: cache
uses: actions/cache@v4
with:
# Use contents of Mamba environment file, NPM lock file and Poetry lock file as cache key.
key: ${{ hashFiles('environment.yml', 'package-lock.json', 'poetry.lock') }}
# Cache micromamba binary, environments and pipx installs.
path: |
./bin/micromamba
~/micromamba/envs
~/.local/pipx
- if: steps.cache.outputs.cache-hit != 'true'
run: |
# Install micromamba.
wget -qO- https://micro.mamba.pm/api/micromamba/linux-64/latest | tar -xvj bin/micromamba
# Install Poetry.
pipx install poetry~=1.8
# Create Mamba environment.
eval "$(./bin/micromamba shell hook -s posix)"
export MAMBA_ROOT_PREFIX=~/micromamba
./bin/micromamba create --file environment.yml --yes
./bin/micromamba activate "${PWD##*/}" # If dir name == environment name...
# Install Python package dependencies.
poetry install
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::961672313229:role/Account-GithubOidcRole20798CD3-LZP3AHTIPJU2
aws-region: ap-southeast-2
- run: |
eval "$(./bin/micromamba shell hook -s posix)"
MAMBA_ROOT_PREFIX=~/micromamba ./bin/micromamba activate "${PWD##*/}"
# Set timezone so that Sphinx uses local dates.
sudo timedatectl set-timezone Australia/Queensland
# Build Sphinx website.
sphinx-build --builder html brodie.id.au _build
# Install Node.js package dependencies.
npm ci
# Show CDK stack diff.
npx cdk diff
# Deploy CDK stack.
npx cdk deploy --require-approval never