vmanne229/Hello-World
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Hello-World/.forgejo/workflows/deploy-cfn.yml
Vijaya Krishna Manne 7102aa3232
Some checks failed
Deploy Hello Lambda CFT / deploy (push) Failing after 11s
Details
Auto-install AWS CLI in runner if missing
2026-05-29 14:14:19 -04:00

92 lines
3.4 KiB
YAML
Raw Blame History

name: Deploy Hello Lambda CFT
on:
workflow_dispatch:
push:
branches: [ main ]
jobs:
deploy:
runs-on: nas-safe
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
AWS_DEFAULT_REGION: ${{ secrets.LOWER }}
steps:
- name: Prepare source
run: |
set -e
SRC_DIR="."
if [ ! -f "infra/hello-lambda.yml" ]; then
echo "Repository files not present in workspace. Cloning from Forgejo..."
git clone --depth 1 "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" _src
SRC_DIR="_src"
fi
[ -f "${SRC_DIR}/infra/hello-lambda.yml" ] || { echo "infra/hello-lambda.yml not found"; exit 1; }
echo "SRC_DIR=${SRC_DIR}" >> "$GITHUB_ENV"
echo "Using source directory: ${SRC_DIR}"
- name: Ensure AWS CLI
run: |
set -e
if command -v aws >/dev/null 2>&1; then
aws --version
exit 0
fi
# Try local AWS CLI v2 install (no root required).
if command -v curl >/dev/null 2>&1 && command -v unzip >/dev/null 2>&1; then
TMP_DIR="$(mktemp -d)"
curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "${TMP_DIR}/awscliv2.zip"
unzip -q "${TMP_DIR}/awscliv2.zip" -d "${TMP_DIR}"
"${TMP_DIR}/aws/install" -i "$HOME/.aws-cli" -b "$HOME/.local/bin" || true
if [ -x "$HOME/.local/bin/aws" ]; then
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
"$HOME/.local/bin/aws" --version
exit 0
fi
fi
# Fallback to pip user install.
if command -v python3 >/dev/null 2>&1; then
python3 -m pip install --user --upgrade awscli
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
"$HOME/.local/bin/aws" --version
exit 0
fi
echo "Unable to install aws CLI on this runner."
exit 1
- name: Check required AWS secrets
run: |
[ -n "$AWS_ACCESS_KEY_ID" ] || { echo "Missing required secret/env: AWS_ACCESS_KEY_ID"; exit 1; }
[ -n "$AWS_SECRET_ACCESS_KEY" ] || { echo "Missing required secret/env: AWS_SECRET_ACCESS_KEY"; exit 1; }
[ -n "$AWS_DEFAULT_REGION" ] || { echo "Missing required secret/env: AWS_DEFAULT_REGION (mapped from secret LOWER)"; exit 1; }
if [ -z "${AWS_SESSION_TOKEN}" ]; then
echo "AWS_SESSION_TOKEN is empty. Proceeding with long-lived access keys."
else
echo "AWS_SESSION_TOKEN is set. Proceeding with STS temporary credentials."
fi
- name: Verify AWS identity
run: |
set -e
if ! aws sts get-caller-identity; then
echo "AWS authentication failed. If using STS creds, regenerate and update all 3 secrets: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN."
exit 1
fi
- name: Validate CFT
run: |
aws cloudformation validate-template \
--template-body "file://${SRC_DIR}/infra/hello-lambda.yml"
- name: Deploy CFT
run: |
aws cloudformation deploy \
--stack-name hello-lambda-stack \
--template-file "${SRC_DIR}/infra/hello-lambda.yml" \
--capabilities CAPABILITY_NAMED_IAM
Reference in a new issue View git blame Copy permalink