pipeline.yml

name: FastAPI CI/CD Pipeline

on:
  push:
    branches: ["terraform"]
  pull_request:
    branches: ["terraform"]

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true

# These permissions are needed to interact with GitHub's OIDC Token endpoint.
jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      id-token: write # This is required for requesting the JWT
      contents: read # This is required for actions/checkout
    environment: dev
    defaults:
      run:
        working-directory: "backend"
    steps:
      - name: Configure AWS Credentials For GitHub Actions
        uses: aws-actions/configure-aws-credentials@v2
        with:
          role-to-assume: ${{ vars.AWS_ASSUME_ROLE_ARN }}
          role-session-name: github-actions
          aws-region: ap-southeast-2

      - name: Setup SAM CLI
        uses: aws-actions/setup-sam@v2
        with:
          use-installer: true

      - name: Checkout code
        uses: actions/checkout@v3

      # Build inside Docker containers
      - run: sam build --use-container
      # Prevent prompts and failure when the stack is unchanged
      - run: >
        sam deploy
        --no-confirm-changeset
        --no-fail-on-empty-changeset
        --image-repository ${{ vars.AWS_ECR_REPO }}
        --stack-name fastapi-backend-lambda
        --parameter-overrides
          SecretKeyArn=${{ vars.SECRET_ARN }}
          DBPwdArn=${{ vars.DB_PASSWORD_ARN }}
          DBEndpoint=${{ vars.DB_ENDPOINT }}