Skip to content

Commit 1833419

Browse files
aplraplr
committed
add deployment protection
1 parent e77e124 commit 1833419

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

.github/workflows/deploy.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -99,13 +99,15 @@ jobs:
9999
build-context: ${{ inputs.build-context }}
100100
build-target: ${{ inputs.build-target }}
101101
build-args: ${{ inputs.build-args }}
102+
build-push: ${{ github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch) }}
102103
secrets:
103104
aws-key-id: ${{ secrets.aws-key-id }}
104105
aws-secret-key: ${{ secrets.aws-secret-key }}
105106
build-secrets: ${{ secrets.build-secrets }}
106107

107108
deploy-staging:
108109
uses: ./.github/workflows/lambda_deploy.yml
110+
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch)
109111
needs: [setup, build]
110112
with:
111113
environment: staging
@@ -120,7 +122,7 @@ jobs:
120122

121123
deploy-production:
122124
uses: ./.github/workflows/lambda_deploy.yml
123-
if: github.repository != inputs.template-repository-name
125+
if: github.repository != inputs.template-repository-name && github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && github.ref_name == github.event.repository.default_branch)
124126
needs: [setup, build]
125127
with:
126128
environment: production
@@ -131,4 +133,4 @@ jobs:
131133
secrets:
132134
aws-key-id: ${{ secrets.aws-key-id }}
133135
aws-secret-key: ${{ secrets.aws-secret-key }}
134-
function-admin-api-key: ${{ secrets.function-admin-api-key }}
136+
function-admin-api-key: ${{ secrets.function-admin-api-key }}

.github/workflows/lambda_build.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,11 @@ on:
3434
type: string
3535
description: "The build arguments to pass to the Docker build"
3636
required: false
37+
build-push:
38+
type: boolean
39+
description: "Whether to push the image to the registry"
40+
required: false
41+
default: true
3742
secrets:
3843
aws-key-id:
3944
description: "The AWS access key ID"
@@ -103,11 +108,11 @@ jobs:
103108
file: ${{ inputs.build-file || 'Dockerfile' }}
104109
context: ${{ inputs.build-context || '.'}}
105110
target: ${{ inputs.build-target }}
106-
push: true
111+
push: ${{ inputs.build-push }}
107112
provenance: false
108113
tags: ${{ steps.meta.outputs.tags }}
109114
labels: ${{ steps.meta.outputs.labels }}
110115
cache-from: type=gha
111116
cache-to: type=gha,mode=max,ignore-error=true
112117
build-args: ${{ inputs.build-args }}
113-
secrets: ${{ secrets.build-secrets }}
118+
secrets: ${{ secrets.build-secrets }}

0 commit comments

Comments
 (0)