ci(stacks.api): update generated deploy workflow

Signed-off-by: Braden Mars <bradenmars@bradenmars.me>
CrisisCleanup · Aug 14, 2023 · eec99cd · eec99cd
1 parent 1880500
commit eec99cd
Showing 1 changed file with 44 additions and 10 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -551,6 +551,38 @@ jobs:
       - id: Publish
         name: Publish Assets-FileAsset21
         run: /bin/bash ./cdk.out/publish-Assets-FileAsset21-step.sh
+  Assets-FileAsset22:
+    name: Publish Assets Assets-FileAsset22
+    needs:
+      - Build-crisiscleanup-infra-pipeline-synth
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    outputs:
+      asset-hash: ${{ steps.Publish.outputs.asset-hash }}
+    steps:
+      - name: Authenticate Via OIDC Role
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          aws-region: us-east-1
+          role-duration-seconds: 1800
+          role-skip-session-tagging: true
+          role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
+      - name: Pull assets
+        env:
+          SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
+          DESTINATION: cdk.out
+        run: |-
+          echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
+          echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
+          echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
+          aws s3 sync $SOURCE $DESTINATION
+      - name: Install
+        run: npm install --no-save cdk-assets
+      - id: Publish
+        name: Publish Assets-FileAsset22
+        run: /bin/bash ./cdk.out/publish-Assets-FileAsset22-step.sh
   Assets-FileAsset3:
     name: Publish Assets Assets-FileAsset3
     needs:
@@ -829,7 +861,7 @@ jobs:
       url: https://app.staging.crisiscleanup.io
     needs:
       - Build-crisiscleanup-infra-pipeline-synth
-      - Assets-FileAsset17
+      - Assets-FileAsset18
     runs-on: ${{inputs.runner || 'ubuntu-latest'}}
     steps:
       - name: Authenticate Via OIDC Role
@@ -855,7 +887,7 @@ jobs:
         with:
           name: staging-staging-network
           template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
-            needs.Assets-FileAsset17.outputs.asset-hash }}.json
+            needs.Assets-FileAsset18.outputs.asset-hash }}.json
           no-fail-on-empty-changeset: "1"
           capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
           role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
@@ -873,6 +905,7 @@ jobs:
       - Build-crisiscleanup-infra-pipeline-synth
       - Assets-FileAsset2
       - Assets-FileAsset3
+      - Assets-FileAsset4
       - deploy-development-development-network-Deploy
     runs-on: ${{inputs.runner || 'ubuntu-latest'}}
     steps:
@@ -915,8 +948,9 @@ jobs:
       url: https://app.staging.crisiscleanup.io
     needs:
       - Build-crisiscleanup-infra-pipeline-synth
-      - Assets-FileAsset18
+      - Assets-FileAsset19
       - Assets-FileAsset3
+      - Assets-FileAsset4
       - deploy-staging-staging-network-Deploy
     runs-on: ${{inputs.runner || 'ubuntu-latest'}}
     steps:
@@ -943,7 +977,7 @@ jobs:
         with:
           name: staging-staging-data
           template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
-            needs.Assets-FileAsset18.outputs.asset-hash }}.json
+            needs.Assets-FileAsset19.outputs.asset-hash }}.json
           no-fail-on-empty-changeset: "1"
           capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
           role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
@@ -960,7 +994,6 @@ jobs:
       url: https://app.dev.crisiscleanup.io
     needs:
       - Build-crisiscleanup-infra-pipeline-synth
-      - Assets-FileAsset4
       - Assets-FileAsset5
       - Assets-FileAsset6
       - Assets-FileAsset7
@@ -973,6 +1006,7 @@ jobs:
       - Assets-FileAsset14
       - Assets-FileAsset15
       - Assets-FileAsset16
+      - Assets-FileAsset17
       - deploy-development-development-network-Deploy
       - deploy-development-development-data-Deploy
     runs-on: ${{inputs.runner || 'ubuntu-latest'}}
@@ -1000,7 +1034,7 @@ jobs:
         with:
           name: development-development-blueprint
           template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{
-            needs.Assets-FileAsset4.outputs.asset-hash }}.json
+            needs.Assets-FileAsset5.outputs.asset-hash }}.json
           no-fail-on-empty-changeset: "1"
           capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
           role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
@@ -1016,8 +1050,7 @@ jobs:
       url: https://app.staging.crisiscleanup.io
     needs:
       - Build-crisiscleanup-infra-pipeline-synth
-      - Assets-FileAsset19
-      - Assets-FileAsset5
+      - Assets-FileAsset20
       - Assets-FileAsset6
       - Assets-FileAsset7
       - Assets-FileAsset8
@@ -1027,8 +1060,9 @@ jobs:
       - Assets-FileAsset12
       - Assets-FileAsset13
       - Assets-FileAsset14
-      - Assets-FileAsset20
+      - Assets-FileAsset15
       - Assets-FileAsset21
+      - Assets-FileAsset22
       - deploy-staging-staging-network-Deploy
       - deploy-staging-staging-data-Deploy
     runs-on: ${{inputs.runner || 'ubuntu-latest'}}
@@ -1056,7 +1090,7 @@ jobs:
         with:
           name: staging-staging-blueprint
           template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
-            needs.Assets-FileAsset19.outputs.asset-hash }}.json
+            needs.Assets-FileAsset20.outputs.asset-hash }}.json
           no-fail-on-empty-changeset: "1"
           capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
           role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1