|
| 1 | +# amplify-preview |
| 2 | + |
| 3 | + |
| 4 | +This gha-tool is basically re-implements what [AWS Amplify's GitHub integration should be doing](https://docs.aws.amazon.com/amplify/latest/userguide/pr-previews.html), |
| 5 | +however because of following limitations, we can't really use it for some of the repos: |
| 6 | +- [No way to filter for which PRs to generate preview deployments](https://github.com/aws-amplify/amplify-hosting/issues/3960) |
| 7 | +- [Hard limit of 50 preview branches per amplify app][https://docs.aws.amazon.com/amplify/latest/userguide/quotas-chapter.html] |
| 8 | +- [No way to create PR preview programmatically](https://github.com/aws-amplify/amplify-hosting/issues/3963) |
| 9 | + |
| 10 | +This action accepts of AWS Amplify App IDs, checks if current git branch is connected to the apps and posts deployment status and PR preview in PR comments. |
| 11 | + |
| 12 | +If `--create-branches` is enabled, then it will also connect git branch to one of the AWS Amplify apps (where hard limit of 50 branches hasn't been reached yet) and kick of new build. |
| 13 | +If `--wait` is enabled, then it will also wait for deployment to be completed and fail the GHA run if deployment had failed. |
| 14 | + |
| 15 | +## Usage |
| 16 | + |
| 17 | +```shell |
| 18 | +usage: amplify-preview --amplify-app-ids=AMPLIFY-APP-IDS --git-branch-name=GIT-BRANCH-NAME [<flags>] |
| 19 | + |
| 20 | +Flags: |
| 21 | + --[no-]help Show context-sensitive help (also try --help-long and --help-man). |
| 22 | + --amplify-app-ids=AMPLIFY-APP-IDS ... |
| 23 | + List of Amplify App IDs ($AMPLIFY_APP_IDS) |
| 24 | + --git-branch-name=GIT-BRANCH-NAME |
| 25 | + Git branch name ($GIT_BRANCH_NAME) |
| 26 | + --[no-]create-branches Defines whether Amplify branches should be created if missing, or just lookup existing ones ($CREATE_BRANCHES) |
| 27 | + --[no-]wait Wait for pending/running job to complete ($WAIT) |
| 28 | +``` |
| 29 | +
|
| 30 | +Example GHA workflow: |
| 31 | +
|
| 32 | +```yaml |
| 33 | +name: Amplify Preview |
| 34 | +on: |
| 35 | + pull_request: |
| 36 | + workflow_dispatch: |
| 37 | + |
| 38 | +permissions: |
| 39 | + # Permissions to write PR comment |
| 40 | + pull-requests: write |
| 41 | + id-token: write |
| 42 | + |
| 43 | +jobs: |
| 44 | + amplify-preview: |
| 45 | + name: Get and post Amplify preview URL |
| 46 | + runs-on: ubuntu-22.04-2core-arm64 |
| 47 | + environment: docs-amplify |
| 48 | + steps: |
| 49 | + - name: Checkout shared-workflow |
| 50 | + uses: actions/checkout@v4 |
| 51 | + with: |
| 52 | + repository: gravitational/shared-workflows |
| 53 | + sparse-checkout: | |
| 54 | + tools |
| 55 | + |
| 56 | + - name: Configure AWS credentials |
| 57 | + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4 |
| 58 | + with: |
| 59 | + aws-region: us-west-2 |
| 60 | + role-to-assume: ${{ vars.IAM_ROLE }} |
| 61 | + |
| 62 | + - name: Check Amplify job status test |
| 63 | + uses: ./tools/amplify-preview |
| 64 | + with: |
| 65 | + app_ids: ${{ vars.AMPLIFY_APP_IDS }} |
| 66 | + create_branches: "true" |
| 67 | + github_token: ${{ secrets.GITHUB_TOKEN }} |
| 68 | + wait: "true" |
| 69 | +``` |
| 70 | +
|
| 71 | +## AWS Permissions |
| 72 | +
|
| 73 | +For this action to work, AWS role with following IAM permissions is required: |
| 74 | +```json |
| 75 | +{ |
| 76 | + "Statement": [ |
| 77 | + { |
| 78 | + "Action": [ |
| 79 | + "amplify:CreateBranch", |
| 80 | + "amplify:GetBranch", |
| 81 | + "amplify:ListJobs" |
| 82 | + "amplify:StartJob", |
| 83 | + ], |
| 84 | + "Effect": "Allow", |
| 85 | + "Resource": [ |
| 86 | + "arn:aws:amplify:<region>:<account_id>:apps/<app_id>/branches/*" |
| 87 | + ] |
| 88 | + } |
| 89 | + ], |
| 90 | + "Version": "2012-10-17" |
| 91 | +} |
| 92 | +``` |
| 93 | +
|
| 94 | +Where `amplify:CreateBranch` and `amplify:StartJob` are needed only when `--create-branches` is enabled. |
0 commit comments