update workflows: prettier --write in ci and permisions in npm-updat… #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Probot App to AWS Lambda | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code 📥 | |
| uses: actions/checkout@v4 | |
| - name: Set up Node.js 🛠️ | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install dependencies 📦🚀 | |
| run: npm install | |
| - name: Package application using AWS SAM 📦 | |
| run: sam build --use-container | |
| - name: Mask Secrets 🎭 | |
| run: | | |
| echo "::add-mask::$(aws sts get-caller-identity --query Account --output text)" | |
| echo "::add-mask::${{ secrets.S3_BUCKET_NAME }}" | |
| echo "::add-mask::${{ secrets.ROLE_ARN }}" | |
| echo "::add-mask::${{ secrets.WEBHOOK_SECRET }}" | |
| echo "::add-mask::${{ secrets.APP_ID }}" | |
| echo "::add-mask::${{ secrets.PRIVATE_KEY }}" | |
| echo "::add-mask::${{ secrets.PROBOT_GITHUB_TOKEN }}" | |
| echo "::add-mask::rupert-stack-2-ProbotFunction-xTxVStVIYCcR" | |
| echo "::add-mask::arn:aws:lambda:eu-north-1::runtime:92c5bcb1529200756eb64a0d90d4ab606fdaf21421321da6c202187b88833f52" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: 'eu-north-1' | |
| - name: Deploy to AWS Lambda 🚀 | |
| id: deploy | |
| run: | | |
| OUTPUT=$(sam deploy --no-fail-on-empty-changeset --stack-name rupert-stack-2 --capabilities CAPABILITY_IAM --role-arn ${{ secrets.ROLE_ARN }} --region eu-north-1 --s3-bucket ${{ secrets.S3_BUCKET_NAME }} --parameter-overrides 'SAMDeploymentRole=${{ secrets.ROLE_ARN }} WebhookSecret=${{ secrets.WEBHOOK_SECRET }} AppId=${{ secrets.APP_ID }} GitHubToken=${{ secrets.PROBOT_GITHUB_TOKEN }}') | |
| echo "::add-mask::$(echo "$OUTPUT" | grep -oP 'https://[^\s]*')" | |
| echo "$OUTPUT" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: 'eu-north-1' | |
| APP_ID: ${{ secrets.APP_ID }} | |
| PROBOT_GITHUB_TOKEN: ${{ secrets.PROBOT_GITHUB_TOKEN }} | |
| - name: Update PrivateKey environment variable | |
| id: update | |
| run: | | |
| OUTPUT=$(aws lambda update-function-configuration --function-name rupert-stack-2-ProbotFunction-xTxVStVIYCcR --environment 'Variables={PRIVATE_KEY=${{ secrets.PRIVATE_KEY }}, PROBOT_GITHUB_TOKEN=${{ secrets.PROBOT_GITHUB_TOKEN }}}') | |
| echo "::add-mask::$(echo "$OUTPUT" | grep -oP 'arn:aws:lambda:[^\s]*')" | |
| echo "::add-mask::$(echo "$OUTPUT" | grep -oP 'arn:aws:iam::[^\s]*')" | |
| echo "$OUTPUT" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: 'eu-north-1' |