feat(stacks.api): update staging stack to add defaultAddons, app addons #40

Workflow file for this run

	# AUTOMATICALLY GENERATED FILE, DO NOT EDIT MANUALLY.
	# Generated by AWS CDK and [cdk-pipelines-github](https://github.com/cdklabs/cdk-pipelines-github)

	name: deploy
	on:
	push:
	branches:
	- main
	workflow_dispatch: {}
	workflow_call:
	inputs:
	runner:
	description: Runner to use.
	type: string
	default: ubuntu-latest
	required: false
	jobs:
	Build-crisiscleanup-infra-pipeline-synth:
	name: Synthesize
	permissions:
	contents: read
	id-token: write
	runs-on: ${{inputs.runner \|\| 'ubuntu-latest'}}
	needs: []
	env:
	GIGET_AUTH: ${{ secrets.GH_CONFIGS_RO_PAT }}
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	repository: CrisisCleanup/infrastructure
	ref: main
	- name: Mask values
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	- name: Install Helm
	uses: azure/setup-helm@v3
	with:
	version: 3.12.2
	- name: Install AWS CLI
	uses: unfor19/install-aws-cli-action@v1
	if: inputs.runner == 'self-hosted'
	with:
	arch: arm64
	- name: Setup PNPM
	uses: pnpm/[email protected]
	- name: Setup Node
	uses: actions/setup-node@v3
	with:
	node-version: "18"
	cache: pnpm
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Install
	run: >-
	echo Installing Sops...

	ARCH=$(uname -m)

	if [ "$ARCH" = "aarch64" ]; then
	curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.arm64 -o sops
	else
	curl -L https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux -o sops
	fi

	chmod 755 sops

	mv sops /usr/local/bin

	sops --version

	pnpm install
	- name: Build
	run: \|-
	pnpm build
	pnpm -F 'stacks.api' run synth:silent
	cp -r packages/stacks/api/cdk.out ./cdk.out
	- name: Push assets
	env:
	SOURCE: cdk.out
	DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	Assets-FileAsset1:
	name: Publish Assets Assets-FileAsset1
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset1
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset1-step.sh
	Assets-FileAsset10:
	name: Publish Assets Assets-FileAsset10
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset10
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset10-step.sh
	Assets-FileAsset11:
	name: Publish Assets Assets-FileAsset11
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset11
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset11-step.sh
	Assets-FileAsset12:
	name: Publish Assets Assets-FileAsset12
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset12
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset12-step.sh
	Assets-FileAsset13:
	name: Publish Assets Assets-FileAsset13
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset13
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset13-step.sh
	Assets-FileAsset14:
	name: Publish Assets Assets-FileAsset14
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset14
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset14-step.sh
	Assets-FileAsset15:
	name: Publish Assets Assets-FileAsset15
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset15
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset15-step.sh
	Assets-FileAsset16:
	name: Publish Assets Assets-FileAsset16
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset16
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset16-step.sh
	Assets-FileAsset2:
	name: Publish Assets Assets-FileAsset2
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset2
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset2-step.sh
	Assets-FileAsset3:
	name: Publish Assets Assets-FileAsset3
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset3
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset3-step.sh
	Assets-FileAsset4:
	name: Publish Assets Assets-FileAsset4
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset4
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset4-step.sh
	Assets-FileAsset5:
	name: Publish Assets Assets-FileAsset5
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset5
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset5-step.sh
	Assets-FileAsset6:
	name: Publish Assets Assets-FileAsset6
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset6
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset6-step.sh
	Assets-FileAsset7:
	name: Publish Assets Assets-FileAsset7
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset7
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset7-step.sh
	Assets-FileAsset8:
	name: Publish Assets Assets-FileAsset8
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset8
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset8-step.sh
	Assets-FileAsset9:
	name: Publish Assets Assets-FileAsset9
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	permissions:
	contents: read
	id-token: write
	runs-on: ubuntu-latest
	outputs:
	asset-hash: ${{ steps.Publish.outputs.asset-hash }}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Pull assets
	env:
	SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
	DESTINATION: cdk.out
	run: \|-
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
	echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
	echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
	aws s3 sync $SOURCE $DESTINATION
	- name: Install
	run: npm install --no-save cdk-assets
	- id: Publish
	name: Publish Assets-FileAsset9
	run: /bin/bash ./cdk.out/publish-Assets-FileAsset9-step.sh
	development-development-blueprint-Deploy:
	name: Deploy
	crisiscleanupinfrapipelinestackdevelopmentdevelopmentblueprint44D37614
	permissions:
	contents: read
	id-token: write
	environment:
	name: development
	url: https://app.dev.crisiscleanup.io
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	- Assets-FileAsset1
	- Assets-FileAsset2
	- Assets-FileAsset3
	- Assets-FileAsset4
	- Assets-FileAsset5
	- Assets-FileAsset6
	- Assets-FileAsset7
	- Assets-FileAsset8
	- Assets-FileAsset9
	- Assets-FileAsset10
	- Assets-FileAsset11
	- Assets-FileAsset12
	- Assets-FileAsset13
	runs-on: ${{inputs.runner \|\| 'ubuntu-latest'}}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Assume CDK Deploy Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
	aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
	role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
	role-external-id: Pipeline
	- id: Deploy
	uses: aws-actions/[email protected]
	with:
	name: development-development-blueprint
	template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{
	needs.Assets-FileAsset1.outputs.asset-hash }}.json
	no-fail-on-empty-changeset: "1"
	capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
	role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
	staging-staging-blueprint-Deploy:
	name: Deploy crisiscleanupinfrapipelinestackstagingstagingblueprint5D1F778A
	permissions:
	contents: read
	id-token: write
	environment:
	name: staging
	url: https://app.staging.crisiscleanup.io
	needs:
	- Build-crisiscleanup-infra-pipeline-synth
	- Assets-FileAsset14
	- Assets-FileAsset2
	- Assets-FileAsset3
	- Assets-FileAsset4
	- Assets-FileAsset5
	- Assets-FileAsset6
	- Assets-FileAsset7
	- Assets-FileAsset8
	- Assets-FileAsset9
	- Assets-FileAsset10
	- Assets-FileAsset11
	- Assets-FileAsset15
	- Assets-FileAsset16
	- development-development-blueprint-Deploy
	runs-on: ${{inputs.runner \|\| 'ubuntu-latest'}}
	steps:
	- name: Authenticate Via OIDC Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
	- name: Assume CDK Deploy Role
	uses: aws-actions/configure-aws-credentials@v1-node16
	with:
	aws-region: us-east-1
	role-duration-seconds: 1800
	role-skip-session-tagging: true
	aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
	aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
	role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
	role-external-id: Pipeline
	- id: Deploy
	uses: aws-actions/[email protected]
	with:
	name: staging-staging-blueprint
	template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
	needs.Assets-FileAsset14.outputs.asset-hash }}.json
	no-fail-on-empty-changeset: "1"
	capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
	role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
	concurrency:
	group: deploy-infra
	cancel-in-progress: false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(stacks.api): update staging stack to add defaultAddons, app addons #40

Workflow file

feat(stacks.api): update staging stack to add defaultAddons, app addons #40

Jobs

Run details

Workflow file for this run