Skip to content

Deploy

Deploy #58

Workflow file for this run

# AUTOMATICALLY GENERATED FILE, DO NOT EDIT MANUALLY.
# Generated by AWS CDK and [cdk-pipelines-github](https://github.com/cdklabs/cdk-pipelines-github)
name: deploy
on:
workflow_call:
inputs:
runner:
type: string
default: ubuntu-latest
description: Runner to use.
required: false
environments:
type: string
description: Environments to deploy.
default: development,staging
required: false
workflow_dispatch:
inputs:
runner:
type: choice
description: Runner to use.
options:
- ubuntu-latest
- self-hosted
default: ubuntu-latest
environments:
type: choice
description: Environments to deploy.
options:
- development
- staging
- production
- development,staging
- development,staging,production
default: development,staging
jobs:
Build-crisiscleanup-infra-pipeline-synth:
name: Synthesize
permissions:
contents: read
id-token: write
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
needs: []
env:
GIGET_AUTH: ${{secrets.GH_CONFIGS_RO_PAT}}
CI: "true"
NX_NON_NATIVE_HASHER: "true"
NX_BRANCH: ${{github.event.number}}
NX_RUN_GROUP: ${{github.run_id}}
NX_CLOUD_ACCESS_TOKEN: ${{secrets.NX_CLOUD_ACCESS_TOKEN}}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
repository: CrisisCleanup/infrastructure
ref: main
- name: Mask values
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: 3.12.2
- name: Install AWS CLI
uses: unfor19/install-aws-cli-action@v1
if: inputs.runner == 'self-hosted'
with:
arch: arm64
- name: Install SOPs
uses: CrisisCleanup/mozilla-sops-action@main
with:
version: 3.7.3
- name: Setup PNPM
uses: pnpm/[email protected]
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: "18"
cache: pnpm
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Install
run: pnpm install
- name: Build
run: |-
pnpm build
pnpm -F 'stacks.api' run synth:silent
cp -r packages/stacks/api/cdk.out ./cdk.out
- name: Push assets
env:
SOURCE: cdk.out
DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
Assets-FileAsset1:
name: Publish Assets Assets-FileAsset1
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset1
run: /bin/bash ./cdk.out/publish-Assets-FileAsset1-step.sh
Assets-FileAsset10:
name: Publish Assets Assets-FileAsset10
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset10
run: /bin/bash ./cdk.out/publish-Assets-FileAsset10-step.sh
Assets-FileAsset11:
name: Publish Assets Assets-FileAsset11
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset11
run: /bin/bash ./cdk.out/publish-Assets-FileAsset11-step.sh
Assets-FileAsset12:
name: Publish Assets Assets-FileAsset12
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset12
run: /bin/bash ./cdk.out/publish-Assets-FileAsset12-step.sh
Assets-FileAsset13:
name: Publish Assets Assets-FileAsset13
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset13
run: /bin/bash ./cdk.out/publish-Assets-FileAsset13-step.sh
Assets-FileAsset14:
name: Publish Assets Assets-FileAsset14
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset14
run: /bin/bash ./cdk.out/publish-Assets-FileAsset14-step.sh
Assets-FileAsset15:
name: Publish Assets Assets-FileAsset15
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset15
run: /bin/bash ./cdk.out/publish-Assets-FileAsset15-step.sh
Assets-FileAsset16:
name: Publish Assets Assets-FileAsset16
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset16
run: /bin/bash ./cdk.out/publish-Assets-FileAsset16-step.sh
Assets-FileAsset17:
name: Publish Assets Assets-FileAsset17
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset17
run: /bin/bash ./cdk.out/publish-Assets-FileAsset17-step.sh
Assets-FileAsset18:
name: Publish Assets Assets-FileAsset18
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset18
run: /bin/bash ./cdk.out/publish-Assets-FileAsset18-step.sh
Assets-FileAsset19:
name: Publish Assets Assets-FileAsset19
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset19
run: /bin/bash ./cdk.out/publish-Assets-FileAsset19-step.sh
Assets-FileAsset2:
name: Publish Assets Assets-FileAsset2
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset2
run: /bin/bash ./cdk.out/publish-Assets-FileAsset2-step.sh
Assets-FileAsset20:
name: Publish Assets Assets-FileAsset20
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset20
run: /bin/bash ./cdk.out/publish-Assets-FileAsset20-step.sh
Assets-FileAsset21:
name: Publish Assets Assets-FileAsset21
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset21
run: /bin/bash ./cdk.out/publish-Assets-FileAsset21-step.sh
Assets-FileAsset3:
name: Publish Assets Assets-FileAsset3
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset3
run: /bin/bash ./cdk.out/publish-Assets-FileAsset3-step.sh
Assets-FileAsset4:
name: Publish Assets Assets-FileAsset4
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset4
run: /bin/bash ./cdk.out/publish-Assets-FileAsset4-step.sh
Assets-FileAsset5:
name: Publish Assets Assets-FileAsset5
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset5
run: /bin/bash ./cdk.out/publish-Assets-FileAsset5-step.sh
Assets-FileAsset6:
name: Publish Assets Assets-FileAsset6
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset6
run: /bin/bash ./cdk.out/publish-Assets-FileAsset6-step.sh
Assets-FileAsset7:
name: Publish Assets Assets-FileAsset7
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset7
run: /bin/bash ./cdk.out/publish-Assets-FileAsset7-step.sh
Assets-FileAsset8:
name: Publish Assets Assets-FileAsset8
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset8
run: /bin/bash ./cdk.out/publish-Assets-FileAsset8-step.sh
Assets-FileAsset9:
name: Publish Assets Assets-FileAsset9
needs:
- Build-crisiscleanup-infra-pipeline-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Pull assets
env:
SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out
DESTINATION: cdk.out
run: |-
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}}
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
aws s3 sync $SOURCE $DESTINATION
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset9
run: /bin/bash ./cdk.out/publish-Assets-FileAsset9-step.sh
deploy-development-development-network-Deploy:
name: Deploy crisiscleanupinfrapipelinestackdevelopmentdevelopmentnetwork9BE60577
if: contains((github.event.inputs.environments || inputs.environments),
'development')
permissions:
contents: read
id-token: write
environment:
name: development
url: https://app.dev.crisiscleanup.io
needs:
- Build-crisiscleanup-infra-pipeline-synth
- Assets-FileAsset1
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Assume CDK Deploy Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
role-external-id: Pipeline
- id: Deploy
uses: aws-actions/[email protected]
with:
name: development-development-network
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset1.outputs.asset-hash }}.json
no-fail-on-empty-changeset: "1"
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
deploy-staging-staging-network-Deploy:
name: Deploy crisiscleanupinfrapipelinestackstagingstagingnetworkF6BE5B3F
if: contains((github.event.inputs.environments || inputs.environments),
'staging')
permissions:
contents: read
id-token: write
environment:
name: staging
url: https://app.staging.crisiscleanup.io
needs:
- Build-crisiscleanup-infra-pipeline-synth
- Assets-FileAsset17
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Assume CDK Deploy Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
role-external-id: Pipeline
- id: Deploy
uses: aws-actions/[email protected]
with:
name: staging-staging-network
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset17.outputs.asset-hash }}.json
no-fail-on-empty-changeset: "1"
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
deploy-development-development-data-Deploy:
name: Deploy crisiscleanupinfrapipelinestackdevelopmentdevelopmentdataE98C910D
if: contains((github.event.inputs.environments || inputs.environments),
'development')
permissions:
contents: read
id-token: write
environment:
name: development
url: https://app.dev.crisiscleanup.io
needs:
- Build-crisiscleanup-infra-pipeline-synth
- Assets-FileAsset2
- Assets-FileAsset3
- deploy-development-development-network-Deploy
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Assume CDK Deploy Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
role-external-id: Pipeline
- id: Deploy
uses: aws-actions/[email protected]
with:
name: development-development-data
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset2.outputs.asset-hash }}.json
no-fail-on-empty-changeset: "1"
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
deploy-staging-staging-data-Deploy:
name: Deploy crisiscleanupinfrapipelinestackstagingstagingdataE88954EF
if: contains((github.event.inputs.environments || inputs.environments),
'staging')
permissions:
contents: read
id-token: write
environment:
name: staging
url: https://app.staging.crisiscleanup.io
needs:
- Build-crisiscleanup-infra-pipeline-synth
- Assets-FileAsset18
- Assets-FileAsset3
- deploy-staging-staging-network-Deploy
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Assume CDK Deploy Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
role-external-id: Pipeline
- id: Deploy
uses: aws-actions/[email protected]
with:
name: staging-staging-data
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset18.outputs.asset-hash }}.json
no-fail-on-empty-changeset: "1"
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
deploy-development-development-blueprint-Deploy:
name: Deploy
crisiscleanupinfrapipelinestackdevelopmentdevelopmentblueprint44D37614
if: contains((github.event.inputs.environments || inputs.environments),
'development')
permissions:
contents: read
id-token: write
environment:
name: development
url: https://app.dev.crisiscleanup.io
needs:
- Build-crisiscleanup-infra-pipeline-synth
- Assets-FileAsset4
- Assets-FileAsset5
- Assets-FileAsset6
- Assets-FileAsset7
- Assets-FileAsset8
- Assets-FileAsset9
- Assets-FileAsset10
- Assets-FileAsset11
- Assets-FileAsset12
- Assets-FileAsset13
- Assets-FileAsset14
- Assets-FileAsset15
- Assets-FileAsset16
- deploy-development-development-network-Deploy
- deploy-development-development-data-Deploy
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Assume CDK Deploy Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
role-external-id: Pipeline
- id: Deploy
uses: aws-actions/[email protected]
with:
name: development-development-blueprint
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset4.outputs.asset-hash }}.json
no-fail-on-empty-changeset: "1"
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1
deploy-staging-staging-blueprint-Deploy:
name: Deploy crisiscleanupinfrapipelinestackstagingstagingblueprint5D1F778A
if: contains((github.event.inputs.environments || inputs.environments),
'staging')
permissions:
contents: read
id-token: write
environment:
name: staging
url: https://app.staging.crisiscleanup.io
needs:
- Build-crisiscleanup-infra-pipeline-synth
- Assets-FileAsset19
- Assets-FileAsset5
- Assets-FileAsset6
- Assets-FileAsset7
- Assets-FileAsset8
- Assets-FileAsset9
- Assets-FileAsset10
- Assets-FileAsset11
- Assets-FileAsset12
- Assets-FileAsset13
- Assets-FileAsset14
- Assets-FileAsset20
- Assets-FileAsset21
- deploy-staging-staging-network-Deploy
- deploy-staging-staging-data-Deploy
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
- name: Assume CDK Deploy Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
role-external-id: Pipeline
- id: Deploy
uses: aws-actions/[email protected]
with:
name: staging-staging-blueprint
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset19.outputs.asset-hash }}.json
no-fail-on-empty-changeset: "1"
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1
concurrency:
group: deploy-infra
cancel-in-progress: false