Skip to content

Dev kit #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ziomarco wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Dev kit #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6af8d42
add workflow_on tag on yml file
Nov 14, 2022
66cb7fa
add authentication before aws cache invalidation step
Nov 14, 2022
4a84f19
add secret workflow
Nov 14, 2022
31d7dec
change required input
Nov 14, 2022
b60caa9
remove secret on call
Nov 14, 2022
11a4181
add vault secret
Nov 14, 2022
cb24675
test: Testing workdir path
marcorossi-cb Nov 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .github/workflows/build-image-on-ecr-with-vault.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ on:
required: false
type: string
default: .
WORKDIR:
required: false
type: string

jobs:
build_docker_image:
Expand All @@ -46,6 +49,11 @@ jobs:
- name: Login ECR registry
run: aws ecr get-login-password --region ${{ inputs.AWS_REGION }} | docker login --username AWS --password-stdin ${{ inputs.BASE_REGISTRY_PATH }}/${{ inputs.PROJECT_NAME }}
- name: Build the Docker image
if: ${{ inputs.WORKDIR == '' }}
run: docker build -t ${{ inputs.BASE_REGISTRY_PATH }}/${{ inputs.PROJECT_NAME }}:${{ github.sha }}-${{ github.ref_name }} ${{ inputs.CUSTOM_DOCKER_OPTIONS }}
- name: Build the Docker image in specific workdir
if: ${{ inputs.WORKDIR != '' }}
working-directory: ./${{ inputs.WORKDIR }}
run: docker build -t ${{ inputs.BASE_REGISTRY_PATH }}/${{ inputs.PROJECT_NAME }}:${{ github.sha }}-${{ github.ref_name }} ${{ inputs.CUSTOM_DOCKER_OPTIONS }}
- name: Tag image with additional custom tag
if: ${{ inputs.CUSTOM_IMAGE_TAG != '' }}
Expand Down
34 changes: 27 additions & 7 deletions .github/workflows/cloudfront-cache-invalidation.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,37 @@
name: Cloudfront cache invalidation

on:
inputs:
DISTRIBUTION_ID:
required: true
type: string
AWS_REGION:
required: true
type: string
workflow_call:
secrets:
vault_token:
required: true
inputs:
DISTRIBUTION_ID:
required: true
type: string
VAULT_AWS_NAME:
required: false
type: string
default: aws_devops_tools
AWS_REGION:
required: true
type: string

jobs:
cloudfront-cache-invalidation:
runs-on: ubuntu-latest
steps:
- name: Import Secrets
uses: hashicorp/vault-action@v2.4.2
with:
url: https://vault.crispybacon.it
token: ${{ secrets.vault_token }}
secrets: |
${{ inputs.VAULT_AWS_NAME }}/creds/github-pipeline-access-role access_key | AWS_ACCESS_KEY_ID ;
${{ inputs.VAULT_AWS_NAME }}/creds/github-pipeline-access-role secret_key | AWS_SECRET_ACCESS_KEY ;

- name: Wait for IAM credentials to be ready
run: sleep 10

- name: cache invalidation on distribution ID ${{ inputs.DISTRIBUTION_ID }}
run: aws cloudfront create-invalidation --distribution-id ${{ inputs.DISTRIBUTION_ID }} --paths "/*" "/**/*" --region ${{ inputs.AWS_REGION }}