Deploy #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AUTOMATICALLY GENERATED FILE, DO NOT EDIT MANUALLY. | |
# Generated by AWS CDK and [cdk-pipelines-github](https://github.com/cdklabs/cdk-pipelines-github) | |
name: deploy | |
on: | |
workflow_call: | |
inputs: | |
runner: | |
type: string | |
default: ubuntu-latest | |
description: Runner to use. | |
required: false | |
environments: | |
type: string | |
description: Environments to deploy. | |
default: development,staging | |
required: false | |
workflow_dispatch: | |
inputs: | |
runner: | |
type: choice | |
description: Runner to use. | |
options: | |
- ubuntu-latest | |
- self-hosted | |
default: ubuntu-latest | |
environments: | |
type: choice | |
description: Environments to deploy. | |
options: | |
- development | |
- staging | |
- production | |
- development,staging | |
- development,staging,production | |
default: development,staging | |
jobs: | |
Build-crisiscleanup-infra-pipeline-synth: | |
name: Synthesize | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
needs: [] | |
env: | |
GIGET_AUTH: ${{secrets.GH_CONFIGS_RO_PAT}} | |
CI: "true" | |
NX_NON_NATIVE_HASHER: "true" | |
NX_BRANCH: ${{github.event.number}} | |
NX_RUN_GROUP: ${{github.run_id}} | |
NX_CLOUD_ACCESS_TOKEN: ${{secrets.NX_CLOUD_ACCESS_TOKEN}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
repository: CrisisCleanup/infrastructure | |
ref: main | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: 3.12.2 | |
- name: Install AWS CLI | |
uses: unfor19/install-aws-cli-action@v1 | |
if: inputs.runner == 'self-hosted' | |
with: | |
arch: arm64 | |
- name: Install SOPs | |
uses: CrisisCleanup/mozilla-sops-action@main | |
with: | |
version: 3.7.3 | |
- name: Setup PNPM | |
uses: pnpm/[email protected] | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
cache: pnpm | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Install | |
run: pnpm install | |
- name: Build | |
run: |- | |
pnpm build | |
pnpm -F 'stacks.api' run synth:silent | |
cp -r packages/stacks/api/cdk.out ./cdk.out | |
- name: Push assets | |
env: | |
SOURCE: cdk.out | |
DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
Assets-FileAsset1: | |
name: Publish Assets Assets-FileAsset1 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset1 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset1-step.sh | |
Assets-FileAsset10: | |
name: Publish Assets Assets-FileAsset10 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset10 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset10-step.sh | |
Assets-FileAsset11: | |
name: Publish Assets Assets-FileAsset11 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset11 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset11-step.sh | |
Assets-FileAsset12: | |
name: Publish Assets Assets-FileAsset12 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset12 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset12-step.sh | |
Assets-FileAsset13: | |
name: Publish Assets Assets-FileAsset13 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset13 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset13-step.sh | |
Assets-FileAsset14: | |
name: Publish Assets Assets-FileAsset14 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset14 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset14-step.sh | |
Assets-FileAsset15: | |
name: Publish Assets Assets-FileAsset15 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset15 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset15-step.sh | |
Assets-FileAsset16: | |
name: Publish Assets Assets-FileAsset16 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset16 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset16-step.sh | |
Assets-FileAsset17: | |
name: Publish Assets Assets-FileAsset17 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset17 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset17-step.sh | |
Assets-FileAsset18: | |
name: Publish Assets Assets-FileAsset18 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset18 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset18-step.sh | |
Assets-FileAsset19: | |
name: Publish Assets Assets-FileAsset19 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset19 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset19-step.sh | |
Assets-FileAsset2: | |
name: Publish Assets Assets-FileAsset2 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset2 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset2-step.sh | |
Assets-FileAsset20: | |
name: Publish Assets Assets-FileAsset20 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset20 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset20-step.sh | |
Assets-FileAsset21: | |
name: Publish Assets Assets-FileAsset21 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset21 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset21-step.sh | |
Assets-FileAsset3: | |
name: Publish Assets Assets-FileAsset3 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset3 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset3-step.sh | |
Assets-FileAsset4: | |
name: Publish Assets Assets-FileAsset4 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset4 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset4-step.sh | |
Assets-FileAsset5: | |
name: Publish Assets Assets-FileAsset5 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset5 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset5-step.sh | |
Assets-FileAsset6: | |
name: Publish Assets Assets-FileAsset6 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset6 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset6-step.sh | |
Assets-FileAsset7: | |
name: Publish Assets Assets-FileAsset7 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset7 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset7-step.sh | |
Assets-FileAsset8: | |
name: Publish Assets Assets-FileAsset8 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset8 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset8-step.sh | |
Assets-FileAsset9: | |
name: Publish Assets Assets-FileAsset9 | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
outputs: | |
asset-hash: ${{ steps.Publish.outputs.asset-hash }} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Pull assets | |
env: | |
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
DESTINATION: cdk.out | |
run: |- | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
aws s3 sync $SOURCE $DESTINATION | |
- name: Install | |
run: npm install --no-save cdk-assets | |
- id: Publish | |
name: Publish Assets-FileAsset9 | |
run: /bin/bash ./cdk.out/publish-Assets-FileAsset9-step.sh | |
deploy-development-development-network-Deploy: | |
name: Deploy crisiscleanupinfrapipelinestackdevelopmentdevelopmentnetwork9BE60577 | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'development') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: development | |
url: https://app.dev.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- Assets-FileAsset1 | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: development-development-network | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.Assets-FileAsset1.outputs.asset-hash }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
deploy-staging-staging-network-Deploy: | |
name: Deploy crisiscleanupinfrapipelinestackstagingstagingnetworkF6BE5B3F | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'staging') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: staging | |
url: https://app.staging.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- Assets-FileAsset17 | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: staging-staging-network | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.Assets-FileAsset17.outputs.asset-hash }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
deploy-development-development-data-Deploy: | |
name: Deploy crisiscleanupinfrapipelinestackdevelopmentdevelopmentdataE98C910D | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'development') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: development | |
url: https://app.dev.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- Assets-FileAsset2 | |
- Assets-FileAsset3 | |
- deploy-development-development-network-Deploy | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: development-development-data | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.Assets-FileAsset2.outputs.asset-hash }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
deploy-staging-staging-data-Deploy: | |
name: Deploy crisiscleanupinfrapipelinestackstagingstagingdataE88954EF | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'staging') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: staging | |
url: https://app.staging.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- Assets-FileAsset18 | |
- Assets-FileAsset3 | |
- deploy-staging-staging-network-Deploy | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: staging-staging-data | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.Assets-FileAsset18.outputs.asset-hash }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
deploy-development-development-blueprint-Deploy: | |
name: Deploy | |
crisiscleanupinfrapipelinestackdevelopmentdevelopmentblueprint44D37614 | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'development') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: development | |
url: https://app.dev.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- Assets-FileAsset4 | |
- Assets-FileAsset5 | |
- Assets-FileAsset6 | |
- Assets-FileAsset7 | |
- Assets-FileAsset8 | |
- Assets-FileAsset9 | |
- Assets-FileAsset10 | |
- Assets-FileAsset11 | |
- Assets-FileAsset12 | |
- Assets-FileAsset13 | |
- Assets-FileAsset14 | |
- Assets-FileAsset15 | |
- Assets-FileAsset16 | |
- deploy-development-development-network-Deploy | |
- deploy-development-development-data-Deploy | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: development-development-blueprint | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.Assets-FileAsset4.outputs.asset-hash }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
deploy-staging-staging-blueprint-Deploy: | |
name: Deploy crisiscleanupinfrapipelinestackstagingstagingblueprint5D1F778A | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'staging') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: staging | |
url: https://app.staging.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- Assets-FileAsset19 | |
- Assets-FileAsset5 | |
- Assets-FileAsset6 | |
- Assets-FileAsset7 | |
- Assets-FileAsset8 | |
- Assets-FileAsset9 | |
- Assets-FileAsset10 | |
- Assets-FileAsset11 | |
- Assets-FileAsset12 | |
- Assets-FileAsset13 | |
- Assets-FileAsset14 | |
- Assets-FileAsset20 | |
- Assets-FileAsset21 | |
- deploy-staging-staging-network-Deploy | |
- deploy-staging-staging-data-Deploy | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: staging-staging-blueprint | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.Assets-FileAsset19.outputs.asset-hash }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
concurrency: | |
group: deploy-infra | |
cancel-in-progress: false |