From f18cc83836209e6a99470b0d53631c5f0504fa20 Mon Sep 17 00:00:00 2001 From: Kurtis Seebaldt Date: Mon, 19 Sep 2022 16:25:25 -0500 Subject: [PATCH] Deploy wheel file in github actions --- .github/workflows/build.yml | 10 ++++ tf/modules/deploy/main.tf | 49 +++++++++++++++++++ .../deploy/policies/deploy_policy.json.tpl | 17 +++++++ tf/modules/deploy/vars.tf | 11 +++++ tf/test/main.tf | 8 +++ 5 files changed, 95 insertions(+) create mode 100644 tf/modules/deploy/main.tf create mode 100644 tf/modules/deploy/policies/deploy_policy.json.tpl create mode 100644 tf/modules/deploy/vars.tf diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 51e2cf0..3e36c73 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,3 +21,13 @@ jobs: run: poetry install - name: Run tests run: bin/test + - name: Build wheel + run: poetry build -f wheel + - uses: jakejarvis/s3-sync-action@master + env: + AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: 'us-east-1' + SOURCE_DIR: 'dist' + DEST_DIR: 'dist' diff --git a/tf/modules/deploy/main.tf b/tf/modules/deploy/main.tf new file mode 100644 index 0000000..976ca3a --- /dev/null +++ b/tf/modules/deploy/main.tf @@ -0,0 +1,49 @@ +terraform { + required_version = "~> 1.2.9" + + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.30.0" + } + github = { + source = "integrations/github" + version = "~> 4.0" + } + } +} + +resource "aws_iam_user" "deploy_user" { + name = "${var.app_prefix}-deploy" + +} + +resource "aws_iam_policy" "deploy_policy" { + name = "${var.app_prefix}-deploy" + description = "${var.app_prefix} Deploy Policy" + policy = templatefile("${path.module}/policies/deploy_policy.json.tpl", { + data_bucket = var.data_bucket + }) +} + +resource "aws_iam_access_key" "deploy_user_access_key" { + user = aws_iam_user.deploy_user.name +} + +resource "github_actions_secret" "deploy_access_key_id" { + repository = var.github_repository + secret_name = "AWS_ACCESS_KEY_ID" + plaintext_value = aws_iam_access_key.deploy_user_access_key.id +} + +resource "github_actions_secret" "deploy_secret_access_key" { + repository = var.github_repository + secret_name = "AWS_SECRET_ACCESS_KEY" + plaintext_value = aws_iam_access_key.deploy_user_access_key.secret +} + +resource "github_actions_secret" "deploy_bucket" { + repository = var.github_repository + secret_name = "AWS_S3_BUCKET" + plaintext_value = var.data_bucket +} diff --git a/tf/modules/deploy/policies/deploy_policy.json.tpl b/tf/modules/deploy/policies/deploy_policy.json.tpl new file mode 100644 index 0000000..18a882b --- /dev/null +++ b/tf/modules/deploy/policies/deploy_policy.json.tpl @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:DeleteObject" + ], + "Resource": [ + "arn:aws:s3:::${data_bucket}/dist/*" + ] + } + ] +} diff --git a/tf/modules/deploy/vars.tf b/tf/modules/deploy/vars.tf new file mode 100644 index 0000000..f3d4d47 --- /dev/null +++ b/tf/modules/deploy/vars.tf @@ -0,0 +1,11 @@ +variable "app_prefix" { + type = string +} + +variable "data_bucket" { + type = string +} + +variable "github_repository" { + type = string +} diff --git a/tf/test/main.tf b/tf/test/main.tf index 65aa01d..3e6b312 100644 --- a/tf/test/main.tf +++ b/tf/test/main.tf @@ -26,6 +26,14 @@ module "glue" { data_bucket = module.buckets.data_bucket } +module "deploy" { + source = "../modules/deploy" + + app_prefix = "kurtis-test" + data_bucket = module.buckets.data_bucket + github_repository = "sample_glue_pipelines" +} + module "pipelines" { source = "../pipelines"