update pipelines

Tom McLaughlin · Tom McLaughlin · commit 62ed4f28bd37 · 2025-10-09T20:46:51.000-04:00
diff --git a/.github/workflows/branch.yml b/.github/workflows/branch.yml
@@ -1,4 +1,5 @@
-name: Branches
+name: Branch
+
 on:
   workflow_dispatch:
   push:
@@ -16,51 +17,22 @@ jobs:
       - name: Setup job workspace
         uses: ServerlessOpsIO/gha-setup-workspace@v1
 
-      - name: Assume AWS credentials
-        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
-        with:
-          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
-
-      - name: Install AWS SAM
-        uses: aws-actions/setup-sam@v2
-
-      - name: Validate template
-        run: sam validate --lint
-
-      - name: Build deployment artifact
-        run: sam build
-
-      - name: Store artifacts
-        uses: ServerlessOpsIO/gha-store-artifacts@v1
-        with:
-          use_aws_sam: true
-
-  deploy:
-    needs:
-      - build
-
-    environment: production
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-
-    steps:
-      - name: Setup job workspace
-        uses: ServerlessOpsIO/gha-setup-workspace@v1
-        with:
-          checkout_artifact: true
-
-      - name: Assume AWS credentials
+      - name: Assume AWS Credentials
         uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
         with:
           build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
-          deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
 
-      - name: Deploy via AWS SAM
-        uses: ServerlessOpsIO/gha-deploy-aws-sam@v1
+      - name: Build container image
+        uses: kciter/aws-ecr-action@v4
         with:
-          aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
-          env_json: ${{ toJson(env) }}
-          vars_json: ${{ toJson(vars) }}
-          secrets_json: ${{ toJson(secrets) }}
+          account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+          region: ${{ env.AWS_REGION }}
+          tags: ${{ env.GITHUB_EVENT_REF_SLUG }},${{ env.GITHUB_SHA_SHORT }},${{ env.GITHUB_SHA }}
+          repo: ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG}}
+          create_repo: true
+          # FIXME: This is a workaround to deal with how the action works and so we can
+          # continue to use the aws-actions/configure-aws-credentials
+          access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
+          secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          set_repo_policy: true
+          repo_policy_file: .github/workflows/ecr-policy.json
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -17,51 +17,22 @@ jobs:
       - name: Setup job workspace
         uses: ServerlessOpsIO/gha-setup-workspace@v1
 
-      - name: Assume AWS credentials
+      - name: Assume AWS Credentials
         uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
         with:
           build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
 
-      - name: Install AWS SAM
-        uses: aws-actions/setup-sam@v2
-
-      - name: Validate template
-        run: sam validate --lint
-
-      - name: Build deployment artifact
-        run: sam build
-
-      - name: Store artifacts
-        uses: ServerlessOpsIO/gha-store-artifacts@v1
-        with:
-          use_aws_sam: true
-
-  deploy:
-    needs:
-      - build
-
-    environment: production
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      contents: read
-
-    steps:
-      - name: Setup job workspace
-        uses: ServerlessOpsIO/gha-setup-workspace@v1
-        with:
-          checkout_artifact: true
-
-      - name: Assume AWS credentials
-        uses: ServerlessOpsIO/gha-assume-aws-credentials@v1
-        with:
-          build_aws_account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
-          deploy_aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
-
-      - name: Deploy via AWS SAM
-        uses: ServerlessOpsIO/gha-deploy-aws-sam@v1
+      - name: Build container image
+        uses: kciter/aws-ecr-action@v4
         with:
-          aws_account_id: ${{ secrets.DEPLOYMENT_ACCOUNT_ID }}
-          env_json: ${{ toJson(env) }}
-          vars_json: ${{ toJson(vars) }}
-          secrets_json: ${{ toJson(secrets) }}
+          account_id: ${{ secrets.AWS_CICD_ACCOUNT_ID }}
+          region: ${{ env.AWS_REGION }}
+          tags: latest,${{ env.GITHUB_EVENT_REF_SLUG }},${{ env.GITHUB_SHA_SHORT }},${{ env.GITHUB_SHA }}
+          repo: ${{ env.GITHUB_REPOSITORY_OWNER_PART_SLUG }}/${{ env.GITHUB_REPOSITORY_NAME_PART_SLUG}}
+          create_repo: true
+          # FIXME: This is a workaround to deal with how the action works and so we can
+          # continue to use the aws-actions/configure-aws-credentials
+          access_key_id: ${{ env.AWS_ACCESS_KEY_ID }}
+          secret_access_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          set_repo_policy: true
+          repo_policy_file: .github/workflows/ecr-policy.json
