Last active
February 20, 2023 20:32
-
-
Save wenqiglantz/cc169a51345455833f6971d1270b01a3 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Multi-env deployment tracker | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image-tag: | |
| description: 'Image tag' | |
| type: string | |
| required: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| deployment-tracker: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 | |
| with: | |
| egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
| - name: Retrieve environment data from deployment-tracking table | |
| run: | | |
| echo image tag ${{ inputs.image-tag }} has been deployed to the following environments: | |
| aws configure set region ${{ secrets.AWS_REGION }} | |
| aws configure set aws_access_key_id ${{ secrets.DYNAMODB_AWS_ACCESS_KEY_ID }} | |
| aws configure set aws_secret_access_key ${{ secrets.DYNAMODB_AWS_SECRET_ACCESS_KEY }} | |
| aws dynamodb query \ | |
| --table-name deployment-tracking \ | |
| --key-condition-expression "image_tag = :tag" \ | |
| --expression-attribute-values '{":tag": {"S": "${{ inputs.image-tag }}"}}' \ | |
| --projection-expression "environment" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment