Skip to content

PYIC-7651: Add non-uk-no-app exit page (#1649) #817

PYIC-7651: Add non-uk-no-app exit page (#1649)

PYIC-7651: Add non-uk-no-app exit page (#1649) #817

name: SecurePipeline Docker build, ECR push, template copy to S3
on:
push:
branches:
- main
jobs:
dockerBuildAndPush:
name: Docker build and push
runs-on: ubuntu-latest
timeout-minutes: 15
env:
AWS_REGION: eu-west-2
permissions:
id-token: write
contents: read
packages: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Set up AWS creds #push assets to S3
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.UPLOAD_ASSETS_GH_ACTIONS_ROLE_ARN }}
aws-region: eu-west-2
- uses: actions/setup-node@v4
with:
node-version: 20
- name: Setup .npmrc
run: |
cp .npmrc.template .npmrc && \
sed -i s/TOKEN_WITH_READ_PACKAGE_PERMISSION/${{ secrets.GITHUB_TOKEN }}/ .npmrc
- name: npm build assets, zip and sign
uses: govuk-one-login/github-actions/govuk/upload-assets@main
with:
signing-key-arn: ${{ secrets.UPLOAD_ASSETS_ZIP_SIGNING_KEY }}
stack-name: 'core-front'
destination-bucket-name: ${{ secrets.UPLOAD_ASSETS_ARTIFACT_SOURCE_BUCKET_NAME }}
- name: Set up AWS creds #push to ECR and do sam deploy
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.GH_ACTIONS_ROLE_ARN }}
aws-region: eu-west-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Login to GDS Dev Dynatrace Container Registry
uses: docker/login-action@v3
with:
registry: khw46367.live.dynatrace.com
username: khw46367
password: ${{ secrets.DYNATRACE_PAAS_TOKEN }}
- name: Deploy SAM app to ECR
uses: govuk-one-login/[email protected]
with:
artifact-bucket-name: ${{ secrets.ARTIFACT_BUCKET_NAME }}
container-sign-kms-key-arn: ${{ secrets.CONTAINER_SIGN_KMS_KEY }}
working-directory: ./deploy
docker-build-path: .
template-file: template.yaml
role-to-assume-arn: ${{ secrets.GH_ACTIONS_ROLE_ARN }}
ecr-repo-name: ${{ secrets.ECR_REPOSITORY }}
checkout-repo: false