deploy #414
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| push: | |
| branches: | |
| - master | |
| # Allow workflow to be triggered from portfolio-ledger workflow. | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }} | |
| jobs: | |
| deploy-portfolio: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| # Allows JWT to be requested from GitHub's OIDC provider. | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: eidorb/portfolio-ledger | |
| token: ${{ secrets.TOKEN }} | |
| path: portfolio-ledger | |
| - id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| # Use contents of Mamba environment file, NPM lock file and Poetry lock file as cache key. | |
| key: ${{ hashFiles('environment.yml', 'package-lock.json', 'poetry.lock') }} | |
| # Cache micromamba binary, environments and pipx installs. | |
| path: | | |
| ./bin/micromamba | |
| ~/micromamba/envs | |
| ~/.local/pipx | |
| - if: steps.cache.outputs.cache-hit != 'true' | |
| run: | | |
| # Install micromamba. | |
| wget -qO- https://micro.mamba.pm/api/micromamba/linux-64/latest | tar -xvj bin/micromamba | |
| # Install Poetry. | |
| pipx install poetry~=1.8 | |
| # Create Mamba environment. | |
| export MAMBA_ROOT_PREFIX=~/micromamba | |
| eval "$(./bin/micromamba shell hook -s posix)" | |
| micromamba create --file environment.yml --yes | |
| micromamba activate portfolio | |
| # Install Python package dependencies. | |
| poetry install | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::961672313229:role/Account-GithubOidcRole20798CD3-LZP3AHTIPJU2 | |
| aws-region: ap-southeast-2 | |
| - run: | | |
| export MAMBA_ROOT_PREFIX=~/micromamba | |
| eval "$(./bin/micromamba shell hook -s posix)" | |
| micromamba activate portfolio | |
| # Convert portfolio Beancount ledger to SQLite. | |
| bean-sql portfolio-ledger/portfolio.beancount cdk/function/portfolio.db 2>/dev/null | |
| # Create target allocation table. | |
| sqlite3 cdk/function/portfolio.db < portfolio-ledger/target_allocation.sql | |
| # Create additional tables. | |
| sqlite3 cdk/function/portfolio.db < tables.sql | |
| # Precalculate table counts for immutable mode. | |
| cd cdk/function; datasette inspect portfolio.db --inspect-file=inspect_data.json; cd - | |
| # Do the same for demo data. | |
| bean-sql cdk/demo-function/demo-portfolio.beancount cdk/demo-function/portfolio.db 2>/dev/null | |
| sqlite3 cdk/demo-function/portfolio.db < cdk/demo-function/target_allocation.sql | |
| sqlite3 cdk/demo-function/portfolio.db < tables.sql | |
| cd cdk/demo-function; datasette inspect portfolio.db --inspect-file=inspect_data.json; cd - | |
| # Demo function dependencies are identical to the main function. | |
| cp cdk/function/pyproject.toml cdk/function/poetry.lock cdk/demo-function | |
| # Install Node.js package dependencies. | |
| npm ci | |
| # Show CDK stack diff. | |
| npx cdk diff | |
| # Deploy CDK stack, writing CloudFormation outputs to file. | |
| npx cdk deploy --require-approval never Portfolio --outputs-file outputs.json | |
| # Invalidate CloudFront caches. | |
| aws cloudfront create-invalidation \ | |
| --distribution-id $(jq --raw-output '.Portfolio.DistributionId' < outputs.json) \ | |
| --paths "/*" | |
| aws cloudfront create-invalidation \ | |
| --distribution-id $(jq --raw-output '.Portfolio.DemoDistributionId' < outputs.json) \ | |
| --paths "/*" |