From cd5a993642c69c976d059cb44d9ce7a32e9dc84c Mon Sep 17 00:00:00 2001 From: randyquaye Date: Wed, 11 Feb 2026 17:12:00 +0000 Subject: [PATCH 1/6] Dry run action + workflow cleanup --- .github/workflows/deploy-dry-run.yml | 72 ++++++++++++++++++++++++++++ .github/workflows/deploy.yml | 27 +---------- 2 files changed, 73 insertions(+), 26 deletions(-) create mode 100644 .github/workflows/deploy-dry-run.yml diff --git a/.github/workflows/deploy-dry-run.yml b/.github/workflows/deploy-dry-run.yml new file mode 100644 index 0000000..d167a0e --- /dev/null +++ b/.github/workflows/deploy-dry-run.yml @@ -0,0 +1,72 @@ +name: Deploy (dry run) + +on: + workflow_dispatch: + pull_request: + branches: [main] + +concurrency: + group: deploy-dry-run-${{ github.ref }} + cancel-in-progress: true + +permissions: + id-token: write + contents: read + +env: + AWS_REGION: eu-west-2 + ENVIRONMENT: prod + TF_DIR: terraform + +jobs: + deploy-dry-run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-python@v5 + with: + python-version: "3.11" + + - uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "~1.0" + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: ${{ env.AWS_REGION }} + + - name: Install Poetry + run: pip install poetry poetry-plugin-export + + - name: Build Lambda layer (local only) + run: | + mkdir -p build/lambda-layer/python + poetry export -f requirements.txt --without-hashes -o build/requirements.txt + pip install \ + --target build/lambda-layer/python \ + --platform manylinux2014_x86_64 \ + --python-version 3.11 \ + --only-binary=:all: \ + -r build/requirements.txt + cd build/lambda-layer + zip -r ../python-deps.zip python/ > /dev/null + + - name: Terraform init + working-directory: ${{ env.TF_DIR }} + run: | + terraform init \ + -backend-config="bucket=aztec-foundation-terraform-state" \ + -backend-config="key=circulating-supply-api" \ + -backend-config="region=${AWS_REGION}" + + - name: Terraform plan (no apply) + working-directory: ${{ env.TF_DIR }} + run: terraform plan -out=tfplan -input=false + env: + TF_VAR_eth_rpc_url: ${{ secrets.ETH_RPC_URL }} + TF_VAR_route53_zone_id: ${{ secrets.ROUTE53_ZONE_ID }} + TF_VAR_aws_region: ${{ env.AWS_REGION }} + TF_VAR_environment: ${{ env.ENVIRONMENT }} + diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fea6993..7ab28e9 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -11,8 +11,6 @@ concurrency: permissions: id-token: write contents: read - deployments: write - env: AWS_REGION: eu-west-2 ENVIRONMENT: prod @@ -21,6 +19,7 @@ env: jobs: deploy: runs-on: ubuntu-latest + environment: prod steps: - uses: actions/checkout@v4 @@ -37,14 +36,6 @@ jobs: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ env.AWS_REGION }} - - name: Create deployment - uses: chrnorm/deployment-action@v2 - id: deployment - with: - token: ${{ github.token }} - environment: production - description: "Deploy ${{ github.sha }}" - - name: Install Poetry run: pip install poetry poetry-plugin-export @@ -97,19 +88,3 @@ jobs: echo "Warning: API returned $STATUS (may need time for DNS propagation)" fi - - name: Update deployment status (success) - if: success() - uses: chrnorm/deployment-status@v2 - with: - token: ${{ github.token }} - state: success - deployment-id: ${{ steps.deployment.outputs.deployment_id }} - environment-url: https://supply.aztec.network - - - name: Update deployment status (failure) - if: failure() - uses: chrnorm/deployment-status@v2 - with: - token: ${{ github.token }} - state: failure - deployment-id: ${{ steps.deployment.outputs.deployment_id }} From 4776808675083401b629732eeb6e6a5b99c4b973 Mon Sep 17 00:00:00 2001 From: randyquaye Date: Wed, 11 Feb 2026 18:16:36 +0000 Subject: [PATCH 2/6] update env variables for AWS region --- .github/workflows/deploy-dry-run.yml | 3 ++- .github/workflows/deploy.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-dry-run.yml b/.github/workflows/deploy-dry-run.yml index d167a0e..1d27abe 100644 --- a/.github/workflows/deploy-dry-run.yml +++ b/.github/workflows/deploy-dry-run.yml @@ -14,13 +14,14 @@ permissions: contents: read env: - AWS_REGION: eu-west-2 + AWS_REGION: ${{ vars.AWS_REGION }} ENVIRONMENT: prod TF_DIR: terraform jobs: deploy-dry-run: runs-on: ubuntu-latest + environment: prod steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 7ab28e9..d445ac4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -12,7 +12,7 @@ permissions: id-token: write contents: read env: - AWS_REGION: eu-west-2 + AWS_REGION: ${{ vars.AWS_REGION }} ENVIRONMENT: prod TF_DIR: terraform From 808808056116c920d1b990da74b4bbf87d242ffe Mon Sep 17 00:00:00 2001 From: randyquaye Date: Wed, 11 Feb 2026 19:29:01 +0000 Subject: [PATCH 3/6] migrated tf state --- terraform/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/main.tf b/terraform/main.tf index a3663b5..85f1c5d 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -13,7 +13,7 @@ terraform { } backend "s3" { - bucket = "aztec-foundation-terraform-state" + bucket = "aztec-circ-supply-terraform" key = "circulating-supply-api" region = "eu-west-2" } From 12d2086588197bd4139919010bcb097dc154db05 Mon Sep 17 00:00:00 2001 From: randyquaye <69855400+randyquaye@users.noreply.github.com> Date: Wed, 11 Feb 2026 19:34:23 +0000 Subject: [PATCH 4/6] Update Terraform backend bucket in deploy workflow --- .github/workflows/deploy-dry-run.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dry-run.yml b/.github/workflows/deploy-dry-run.yml index 1d27abe..d918821 100644 --- a/.github/workflows/deploy-dry-run.yml +++ b/.github/workflows/deploy-dry-run.yml @@ -58,7 +58,7 @@ jobs: working-directory: ${{ env.TF_DIR }} run: | terraform init \ - -backend-config="bucket=aztec-foundation-terraform-state" \ + -backend-config="bucket=aztec-circ-supply-terraform" \ -backend-config="key=circulating-supply-api" \ -backend-config="region=${AWS_REGION}" From 795d6a09e245d1b4558774be1ed044f6b0c8d68e Mon Sep 17 00:00:00 2001 From: randyquaye Date: Wed, 11 Feb 2026 19:39:07 +0000 Subject: [PATCH 5/6] remove foundation profile --- terraform/main.tf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/terraform/main.tf b/terraform/main.tf index 85f1c5d..dc3d6a7 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -20,7 +20,6 @@ terraform { } provider "aws" { - profile = "foundation" region = var.aws_region default_tags { @@ -34,9 +33,8 @@ provider "aws" { # ACM certificates for CloudFront must be in us-east-1 provider "aws" { - alias = "us_east_1" - profile = "foundation" - region = "us-east-1" + alias = "us_east_1" + region = "us-east-1" default_tags { tags = { From d8f75ace436c68a625c1d0765d49ba8d58aad274 Mon Sep 17 00:00:00 2001 From: randyquaye <69855400+randyquaye@users.noreply.github.com> Date: Wed, 11 Feb 2026 19:57:50 +0000 Subject: [PATCH 6/6] Rename Terraform plan step for clarity --- .github/workflows/deploy-dry-run.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-dry-run.yml b/.github/workflows/deploy-dry-run.yml index d918821..3a31e29 100644 --- a/.github/workflows/deploy-dry-run.yml +++ b/.github/workflows/deploy-dry-run.yml @@ -62,7 +62,7 @@ jobs: -backend-config="key=circulating-supply-api" \ -backend-config="region=${AWS_REGION}" - - name: Terraform plan (no apply) + - name: Terraform plan working-directory: ${{ env.TF_DIR }} run: terraform plan -out=tfplan -input=false env: