From eec99cda0c3add52cdbf4f5f02d848c5781aa691 Mon Sep 17 00:00:00 2001 From: Braden Mars Date: Mon, 14 Aug 2023 05:03:41 -0500 Subject: [PATCH] ci(stacks.api): update generated deploy workflow Signed-off-by: Braden Mars --- .github/workflows/deploy.yml | 54 +++++++++++++++++++++++++++++------- 1 file changed, 44 insertions(+), 10 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9086dc01..fcc612d7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -551,6 +551,38 @@ jobs: - id: Publish name: Publish Assets-FileAsset21 run: /bin/bash ./cdk.out/publish-Assets-FileAsset21-step.sh + Assets-FileAsset22: + name: Publish Assets Assets-FileAsset22 + needs: + - Build-crisiscleanup-infra-pipeline-synth + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + outputs: + asset-hash: ${{ steps.Publish.outputs.asset-hash }} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Pull assets + env: + SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out + DESTINATION: cdk.out + run: |- + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} + echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} + aws s3 sync $SOURCE $DESTINATION + - name: Install + run: npm install --no-save cdk-assets + - id: Publish + name: Publish Assets-FileAsset22 + run: /bin/bash ./cdk.out/publish-Assets-FileAsset22-step.sh Assets-FileAsset3: name: Publish Assets Assets-FileAsset3 needs: @@ -829,7 +861,7 @@ jobs: url: https://app.staging.crisiscleanup.io needs: - Build-crisiscleanup-infra-pipeline-synth - - Assets-FileAsset17 + - Assets-FileAsset18 runs-on: ${{inputs.runner || 'ubuntu-latest'}} steps: - name: Authenticate Via OIDC Role @@ -855,7 +887,7 @@ jobs: with: name: staging-staging-network template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ - needs.Assets-FileAsset17.outputs.asset-hash }}.json + needs.Assets-FileAsset18.outputs.asset-hash }}.json no-fail-on-empty-changeset: "1" capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 @@ -873,6 +905,7 @@ jobs: - Build-crisiscleanup-infra-pipeline-synth - Assets-FileAsset2 - Assets-FileAsset3 + - Assets-FileAsset4 - deploy-development-development-network-Deploy runs-on: ${{inputs.runner || 'ubuntu-latest'}} steps: @@ -915,8 +948,9 @@ jobs: url: https://app.staging.crisiscleanup.io needs: - Build-crisiscleanup-infra-pipeline-synth - - Assets-FileAsset18 + - Assets-FileAsset19 - Assets-FileAsset3 + - Assets-FileAsset4 - deploy-staging-staging-network-Deploy runs-on: ${{inputs.runner || 'ubuntu-latest'}} steps: @@ -943,7 +977,7 @@ jobs: with: name: staging-staging-data template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ - needs.Assets-FileAsset18.outputs.asset-hash }}.json + needs.Assets-FileAsset19.outputs.asset-hash }}.json no-fail-on-empty-changeset: "1" capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 @@ -960,7 +994,6 @@ jobs: url: https://app.dev.crisiscleanup.io needs: - Build-crisiscleanup-infra-pipeline-synth - - Assets-FileAsset4 - Assets-FileAsset5 - Assets-FileAsset6 - Assets-FileAsset7 @@ -973,6 +1006,7 @@ jobs: - Assets-FileAsset14 - Assets-FileAsset15 - Assets-FileAsset16 + - Assets-FileAsset17 - deploy-development-development-network-Deploy - deploy-development-development-data-Deploy runs-on: ${{inputs.runner || 'ubuntu-latest'}} @@ -1000,7 +1034,7 @@ jobs: with: name: development-development-blueprint template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ - needs.Assets-FileAsset4.outputs.asset-hash }}.json + needs.Assets-FileAsset5.outputs.asset-hash }}.json no-fail-on-empty-changeset: "1" capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 @@ -1016,8 +1050,7 @@ jobs: url: https://app.staging.crisiscleanup.io needs: - Build-crisiscleanup-infra-pipeline-synth - - Assets-FileAsset19 - - Assets-FileAsset5 + - Assets-FileAsset20 - Assets-FileAsset6 - Assets-FileAsset7 - Assets-FileAsset8 @@ -1027,8 +1060,9 @@ jobs: - Assets-FileAsset12 - Assets-FileAsset13 - Assets-FileAsset14 - - Assets-FileAsset20 + - Assets-FileAsset15 - Assets-FileAsset21 + - Assets-FileAsset22 - deploy-staging-staging-network-Deploy - deploy-staging-staging-data-Deploy runs-on: ${{inputs.runner || 'ubuntu-latest'}} @@ -1056,7 +1090,7 @@ jobs: with: name: staging-staging-blueprint template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ - needs.Assets-FileAsset19.outputs.asset-hash }}.json + needs.Assets-FileAsset20.outputs.asset-hash }}.json no-fail-on-empty-changeset: "1" capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1