diff --git a/.github/workflows/deploy-dry-run.yml b/.github/workflows/deploy-dry-run.yml new file mode 100644 index 0000000..3a31e29 --- /dev/null +++ b/.github/workflows/deploy-dry-run.yml @@ -0,0 +1,73 @@ +name: Deploy (dry run) + +on: + workflow_dispatch: + pull_request: + branches: [main] + +concurrency: + group: deploy-dry-run-${{ github.ref }} + cancel-in-progress: true + +permissions: + id-token: write + contents: read + +env: + AWS_REGION: ${{ vars.AWS_REGION }} + ENVIRONMENT: prod + TF_DIR: terraform + +jobs: + deploy-dry-run: + runs-on: ubuntu-latest + environment: prod + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "~1.0" + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: ${{ env.AWS_REGION }} + + - name: Install Poetry + run: pip install poetry poetry-plugin-export + + - name: Build Lambda layer (local only) + run: | + mkdir -p build/lambda-layer/python + poetry export -f requirements.txt --without-hashes -o build/requirements.txt + pip install \ + --target build/lambda-layer/python \ + --platform manylinux2014_x86_64 \ + --python-version 3.11 \ + --only-binary=:all: \ + -r build/requirements.txt + cd build/lambda-layer + zip -r ../python-deps.zip python/ > /dev/null + + - name: Terraform init + working-directory: ${{ env.TF_DIR }} + run: | + terraform init \ + -backend-config="bucket=aztec-circ-supply-terraform" \ + -backend-config="key=circulating-supply-api" \ + -backend-config="region=${AWS_REGION}" + + - name: Terraform plan + working-directory: ${{ env.TF_DIR }} + run: terraform plan -out=tfplan -input=false + env: + TF_VAR_eth_rpc_url: ${{ secrets.ETH_RPC_URL }} + TF_VAR_route53_zone_id: ${{ secrets.ROUTE53_ZONE_ID }} + TF_VAR_aws_region: ${{ env.AWS_REGION }} + TF_VAR_environment: ${{ env.ENVIRONMENT }} + diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fea6993..d445ac4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -11,16 +11,15 @@ concurrency: permissions: id-token: write contents: read - deployments: write - env: - AWS_REGION: eu-west-2 + AWS_REGION: ${{ vars.AWS_REGION }} ENVIRONMENT: prod TF_DIR: terraform jobs: deploy: runs-on: ubuntu-latest + environment: prod steps: - uses: actions/checkout@v4 @@ -37,14 +36,6 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} - - name: Create deployment - uses: chrnorm/deployment-action@v2 - id: deployment - with: - token: ${{ github.token }} - environment: production - description: "Deploy ${{ github.sha }}" - - name: Install Poetry run: pip install poetry poetry-plugin-export @@ -97,19 +88,3 @@ jobs: echo "Warning: API returned $STATUS (may need time for DNS propagation)" fi - - name: Update deployment status (success) - if: success() - uses: chrnorm/deployment-status@v2 - with: - token: ${{ github.token }} - state: success - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - environment-url: https://supply.aztec.network - - - name: Update deployment status (failure) - if: failure() - uses: chrnorm/deployment-status@v2 - with: - token: ${{ github.token }} - state: failure - deployment-id: ${{ steps.deployment.outputs.deployment_id }} diff --git a/terraform/main.tf b/terraform/main.tf index a3663b5..dc3d6a7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -13,14 +13,13 @@ terraform { } backend "s3" { - bucket = "aztec-foundation-terraform-state" + bucket = "aztec-circ-supply-terraform" key = "circulating-supply-api" region = "eu-west-2" } } provider "aws" { - profile = "foundation" region = var.aws_region default_tags { @@ -34,9 +33,8 @@ provider "aws" { # ACM certificates for CloudFront must be in us-east-1 provider "aws" { - alias = "us_east_1" - profile = "foundation" - region = "us-east-1" + alias = "us_east_1" + region = "us-east-1" default_tags { tags = {