deploy.yml

name: deploy

on:
  push:
    branches:
      - main
    paths:
      - '.github/workflows/deploy.yml'
      - 'src/lambdas/**'
      - 'src/layers/**'
      - 'samconfig.toml'
      - 'template.yml'
      - 'poetry.lock'
      - 'pyproject.toml'

permissions:
  id-token: write
  contents: read

concurrency: deploy

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - uses: actions/setup-python@v4
        with:
          python-version: "3.9"

      - uses: aws-actions/setup-sam@v2

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@master
        with:
          aws-region: eu-west-1
          role-to-assume: ${{ secrets.DEPLOY_ROLE_ARN }}
          role-session-name: GitHubDeploySession

      - name: Export requirements
        shell: bash
        run: |
          pip install poetry
          mkdir ./src/layers/fastapi
          poetry export --with api --output ./src/lambdas/api/requirements.txt
          poetry export --with layers-api --output ./src/layers/api/requirements.txt
          poetry export --with layers-databases --output ./src/layers/databases/requirements.txt
          poetry export --with layers-fastapi --output ./src/layers/fastapi/requirements.txt
          poetry export --with layers-utils --output ./src/layers/utils/requirements.txt

      - name: build
        run: sam build --use-container --build-image public.ecr.aws/sam/build-python3.9

      - name: deploy
        run: |
          sam deploy --parameter-overrides \
            DomainName="moshan.fulder.dev" \
            TmdbToken=${{ secrets.TMDB_TOKEN }} \
            LocalCognitoClient=${{ secrets.LOCAL_COGNITO_CLIENT }}