oneidentity/.github/workflows/deploy-lambda-client-registration.yml at main · pagopa/oneidentity · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Deploy Lambda client registration

on:
  push:
    branches:
      - "main"
    paths:
      - "**/src/oneid/oneid-lambda-client-registration/**/CHANGELOG.md"
      - "**/src/oneid/oneid-common/**/CHANGELOG.md"
  workflow_dispatch:
    inputs:
      environment:
        description: 'Choose environment'
        type: choice
        required: true
        default: dev
        options:
          - dev
          - uat
          - prod
jobs:
  setup:
    runs-on: ubuntu-22.04
    outputs:
      matrix: ${{ steps.setmatrix.outputs.matrix }}

    steps:
      - name: Set Dynamic Env Matrix
        id: setmatrix
        run: |
          echo "github.ref $GITHUB_REF"
          echo "event name $EVENT_NAME"

          if [ "$EVENT_NAME" == "workflow_dispatch" ]; then
            if [ "$INPUTS_ENVIRONMENT" == "prod" ]; then
              matrixStringifiedObject="{\"include\":[{\"environment\":\"prod\", \"region\":\"eu-south-1\"}, {\"environment\":\"prod\", \"region\":\"eu-central-1\"}]}"
            else
              matrixStringifiedObject="{\"include\":[{\"environment\":\"$INPUTS_ENVIRONMENT\", \"region\":\"eu-south-1\"}]}"
            fi
          else
            matrixStringifiedObject="{\"include\":[{\"environment\":\"dev\", \"region\":\"eu-south-1\"}, {\"environment\":\"uat\", \"region\":\"eu-south-1\"}, {\"environment\":\"prod\", \"region\":\"eu-south-1\"}, {\"environment\":\"prod\", \"region\":\"eu-central-1\"}]}"
          fi

          echo "matrix=$matrixStringifiedObject" >> $GITHUB_OUTPUT
        env:
          GITHUB_REF: ${{ github.ref }}
          EVENT_NAME: ${{ github.event_name }}
          INPUTS_ENVIRONMENT: ${{ github.event.inputs.environment }}
  build:
    runs-on: ubuntu-22.04

    steps:
      - name: Checkout code
        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 https://github.com/actions/checkout/releases/tag/v4.1.7

      - name: Set up JDK 21
        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 https://github.com/actions/setup-java/releases/tag/v4.2.1
        with:
          distribution: 'temurin'
          java-version: '21'
          cache: 'maven'

      - name: Set up Maven settings.xml
        env:
          GH_TOKEN_READ_PACKAGES: ${{ secrets.GH_TOKEN_READ_PACKAGES }}
          GH_TOKEN_READ_PACKAGES_USER: ${{ secrets.GH_TOKEN_READ_PACKAGES_USER }}
        shell: bash
        run: |
          echo "<settings><servers><server><id>github</id><username>${GH_TOKEN_READ_PACKAGES_USER}</username><password>${GH_TOKEN_READ_PACKAGES}</password></server></servers></settings>" >> src/oneid/settings.xml

      - name: Build with Maven
        working-directory: src/oneid
        run: ./mvnw -f pom.xml -B package -Dnative -DskipTests -Dquarkus.native.container-build=true -P oneid-lambda-client-registration-aggregate -s settings.xml

      - name: Archive build artifacts
        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 https://github.com/actions/upload-artifact/releases/tag/v4.3.3
        with:
          name: client-registration-lambda
          path: ./src/oneid/oneid-lambda-client-registration/target/function.zip

  deploy:
    name: Deploy lambda client registration ${{ matrix.environment }}-${{ matrix.region }}
    if: ${{ needs.setup.outputs.matrix != '' }}
    runs-on: ubuntu-22.04
    needs: [ setup, build ]

    strategy:
      matrix: ${{ fromJson(needs.setup.outputs.matrix) }}

    continue-on-error: false
    environment: ${{ matrix.environment == 'prod' && format('{0}/{1}', matrix.environment, matrix.region) || matrix.environment }}
    env:
      ENV_SHORT: ${{ fromJSON('{"dev":"d","uat":"u","prod":"p"}')[matrix.environment] }}
      REGION_SHORT: ${{ fromJSON('{"eu-south-1":"es-1","eu-central-1":"ec-1"}')[matrix.region] }}
    permissions:
      id-token: write
      contents: read

    steps:
      - name: Download build artifacts
        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 https://github.com/actions/download-artifact/releases/tag/v4.1.7
        with:
          name: client-registration-lambda
          path: ./src/oneid/oneid-lambda-client-registration/target

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 https://github.com/aws-actions/configure-aws-credentials/releases/tag/v4.0.2
        with:
          role-to-assume: ${{ vars.IAM_ROLE_DEPLOY_LAMBDA }}
          aws-region: ${{ matrix.region }}

      - name: Update Lambda function (${{ matrix.environment }})
        run: |
          aws s3 cp src/oneid/oneid-lambda-client-registration/target/function.zip s3://$LAMBDA_CODE_BUCKET_NAME/$LAMBDA_CLIENT_REGISTRATION_KEY
        env:
          LAMBDA_CODE_BUCKET_NAME: ${{ vars.LAMBDA_CODE_BUCKET_NAME }}
          LAMBDA_CLIENT_REGISTRATION_KEY: ${{ vars.LAMBDA_CLIENT_REGISTRATION_KEY }}

      - name: Deploy Lambda function (${{ matrix.environment }})
        run: |
          aws lambda update-function-code \
          --function-name oneid-$REGION_SHORT-$ENV_SHORT-client-registration \
          --s3-bucket $LAMBDA_CODE_BUCKET_NAME --s3-key $LAMBDA_CLIENT_REGISTRATION_KEY
        env:
          REGION_SHORT: ${{ env.REGION_SHORT }}
          ENV_SHORT: ${{ env.ENV_SHORT }}
          LAMBDA_CODE_BUCKET_NAME: ${{ vars.LAMBDA_CODE_BUCKET_NAME }}
          LAMBDA_CLIENT_REGISTRATION_KEY: ${{ vars.LAMBDA_CLIENT_REGISTRATION_KEY }}