Deploy #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# AUTOMATICALLY GENERATED FILE, DO NOT EDIT MANUALLY. | |
# Generated by AWS CDK and [cdk-pipelines-github](https://github.com/cdklabs/cdk-pipelines-github) | |
name: Deploy | |
on: | |
workflow_call: | |
inputs: | |
runner: | |
type: string | |
default: ubuntu-latest | |
description: Runner to use. | |
required: false | |
environments: | |
type: string | |
description: Environments to deploy. | |
default: development,staging | |
required: false | |
workflow_dispatch: | |
inputs: | |
runner: | |
type: choice | |
description: Runner to use. | |
options: | |
- ubuntu-latest | |
- self-hosted | |
default: ubuntu-latest | |
environments: | |
type: choice | |
description: Environments to deploy. | |
options: | |
- development | |
- staging | |
- production | |
- development,staging | |
- development,staging,production | |
default: development,staging | |
jobs: | |
build-crisiscleanup-infra-pipeline-synth: | |
name: Synthesize | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
needs: [] | |
env: | |
CI: "true" | |
NX_NON_NATIVE_HASHER: "true" | |
NX_BRANCH: ${{github.event.number}} | |
NX_RUN_GROUP: ${{github.run_id}} | |
NX_CLOUD_ACCESS_TOKEN: ${{secrets.NX_CLOUD_ACCESS_TOKEN}} | |
GIGET_AUTH: ${{secrets.GH_CONFIGS_RO_PAT}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
repository: CrisisCleanup/infrastructure | |
ref: main | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: 3.12.2 | |
- name: Install AWS CLI | |
uses: unfor19/install-aws-cli-action@v1 | |
if: inputs.runner == 'self-hosted' | |
with: | |
arch: arm64 | |
- name: Install SOPs | |
uses: CrisisCleanup/mozilla-sops-action@main | |
with: | |
version: 3.7.3 | |
- name: Setup PNPM | |
uses: pnpm/[email protected] | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: "18" | |
cache: pnpm | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Pull cdk.context.json | |
continue-on-error: true | |
env: | |
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/deploy/cdk.context.json | |
S3_DESTINATION: packages/stacks/api/cdk.context.json | |
run: aws s3 cp ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}} | |
- name: Install | |
run: pnpm install | |
- name: Build | |
run: |- | |
pnpm build | |
pnpm -F 'stacks.api' run synth:silent | |
cp -r packages/stacks/api/cdk.out ./cdk.out | |
- name: Push cdk.context.json | |
continue-on-error: true | |
env: | |
S3_SOURCE: packages/stacks/api/cdk.context.json | |
S3_DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/deploy/cdk.context.json | |
run: aws s3 cp ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}} | |
- name: Push cdk.out | |
env: | |
S3_SOURCE: cdk.out | |
S3_DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/deploy/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}} | |
publish: | |
name: Publish Assets | |
permissions: | |
contents: read | |
id-token: write | |
outputs: | |
asset-hash1: ${{steps.publish.outputs.asset-hash1}} | |
asset-hash10: ${{steps.publish.outputs.asset-hash10}} | |
asset-hash11: ${{steps.publish.outputs.asset-hash11}} | |
asset-hash12: ${{steps.publish.outputs.asset-hash12}} | |
asset-hash13: ${{steps.publish.outputs.asset-hash13}} | |
asset-hash14: ${{steps.publish.outputs.asset-hash14}} | |
asset-hash15: ${{steps.publish.outputs.asset-hash15}} | |
asset-hash16: ${{steps.publish.outputs.asset-hash16}} | |
asset-hash17: ${{steps.publish.outputs.asset-hash17}} | |
asset-hash18: ${{steps.publish.outputs.asset-hash18}} | |
asset-hash19: ${{steps.publish.outputs.asset-hash19}} | |
asset-hash2: ${{steps.publish.outputs.asset-hash2}} | |
asset-hash20: ${{steps.publish.outputs.asset-hash20}} | |
asset-hash21: ${{steps.publish.outputs.asset-hash21}} | |
asset-hash22: ${{steps.publish.outputs.asset-hash22}} | |
asset-hash23: ${{steps.publish.outputs.asset-hash23}} | |
asset-hash24: ${{steps.publish.outputs.asset-hash24}} | |
asset-hash25: ${{steps.publish.outputs.asset-hash25}} | |
asset-hash26: ${{steps.publish.outputs.asset-hash26}} | |
asset-hash27: ${{steps.publish.outputs.asset-hash27}} | |
asset-hash28: ${{steps.publish.outputs.asset-hash28}} | |
asset-hash3: ${{steps.publish.outputs.asset-hash3}} | |
asset-hash4: ${{steps.publish.outputs.asset-hash4}} | |
asset-hash5: ${{steps.publish.outputs.asset-hash5}} | |
asset-hash6: ${{steps.publish.outputs.asset-hash6}} | |
asset-hash7: ${{steps.publish.outputs.asset-hash7}} | |
asset-hash8: ${{steps.publish.outputs.asset-hash8}} | |
asset-hash9: ${{steps.publish.outputs.asset-hash9}} | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
strategy: | |
fail-fast: true | |
matrix: | |
target: | |
- Assets-FileAsset1 | |
- Assets-FileAsset10 | |
- Assets-FileAsset11 | |
- Assets-FileAsset12 | |
- Assets-FileAsset13 | |
- Assets-FileAsset14 | |
- Assets-FileAsset15 | |
- Assets-FileAsset16 | |
- Assets-FileAsset17 | |
- Assets-FileAsset18 | |
- Assets-FileAsset19 | |
- Assets-FileAsset2 | |
- Assets-FileAsset20 | |
- Assets-FileAsset21 | |
- Assets-FileAsset22 | |
- Assets-FileAsset23 | |
- Assets-FileAsset24 | |
- Assets-FileAsset25 | |
- Assets-FileAsset26 | |
- Assets-FileAsset27 | |
- Assets-FileAsset28 | |
- Assets-FileAsset3 | |
- Assets-FileAsset4 | |
- Assets-FileAsset5 | |
- Assets-FileAsset6 | |
- Assets-FileAsset7 | |
- Assets-FileAsset8 | |
- Assets-FileAsset9 | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Pull cdk.out | |
env: | |
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/deploy/${{github.run_id}}-${{github.run_attempt}}/cdk.out | |
S3_DESTINATION: cdk.out | |
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}} | |
- name: Install cdk-assets | |
run: npm install --no-save cdk-assets | |
- name: Publish | |
id: publish | |
run: /bin/bash ./cdk.out/publish-${{matrix.target}}-step.sh | |
deploy-development-development-network-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackdevelopmentdevelopmentnetwork9BE60577 | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'development') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: development | |
url: https://app.dev.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: development-development-network | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash1 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
deploy-staging-staging-network-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackstagingstagingnetworkF6BE5B3F | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'staging') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: staging | |
url: https://app.staging.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: staging-staging-network | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash18 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
deploy-production-production-network-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackproductionproductionnetworkACD050B9 | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'production') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: production | |
url: https://crisiscleanup.org | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: production-production-network | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash23 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
deploy-development-development-data-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackdevelopmentdevelopmentdataE98C910D | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'development') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: development | |
url: https://app.dev.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-development-development-network-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: development-development-data | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash2 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
deploy-staging-staging-data-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackstagingstagingdataE88954EF | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'staging') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: staging | |
url: https://app.staging.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-staging-staging-network-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: staging-staging-data | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash19 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
deploy-production-production-cache-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackproductionproductioncacheE7EE3824 | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'production') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: production | |
url: https://crisiscleanup.org | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-production-production-network-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: production-production-cache | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash24 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
deploy-production-production-data-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackproductionproductiondataFD607C3D | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'production') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: production | |
url: https://crisiscleanup.org | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-production-production-network-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: production-production-data | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash25 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
deploy-development-development-blueprint-deploy: | |
name: Deploy | |
crisiscleanupinfrapipelinestackdevelopmentdevelopmentblueprint44D37614 | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'development') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: development | |
url: https://app.dev.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-development-development-network-Deploy | |
- deploy-development-development-data-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: development-development-blueprint | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash5 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 | |
deploy-staging-staging-blueprint-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackstagingstagingblueprint5D1F778A | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'staging') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: staging | |
url: https://app.staging.crisiscleanup.io | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-staging-staging-network-Deploy | |
- deploy-staging-staging-data-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: staging-staging-blueprint | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash20 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 | |
deploy-production-production-blueprint-deploy: | |
name: Deploy crisiscleanupinfrapipelinestackproductionproductionblueprint6F97D85D | |
if: contains((github.event.inputs.environments || inputs.environments), | |
'production') | |
permissions: | |
contents: read | |
id-token: write | |
environment: | |
name: production | |
url: https://crisiscleanup.org | |
needs: | |
- Build-crisiscleanup-infra-pipeline-synth | |
- deploy-production-production-network-Deploy | |
- deploy-production-production-data-Deploy | |
- publish | |
runs-on: ${{inputs.runner || 'ubuntu-latest'}} | |
steps: | |
- name: Mask values | |
run: |- | |
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} | |
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}} | |
- name: Authenticate Via OIDC Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole | |
role-session-name: deploy | |
- name: Assume CDK Deploy Role | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
aws-region: us-east-1 | |
role-duration-seconds: 1800 | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
role-external-id: Pipeline | |
- id: Deploy | |
uses: aws-actions/[email protected] | |
with: | |
name: production-production-blueprint | |
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1.s3.us-east-1.amazonaws.com/${{ | |
needs.publish.outputs.asset-hash26 }}.json | |
no-fail-on-empty-changeset: "1" | |
capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM | |
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_PRODUCTION}}-us-east-1 | |
concurrency: | |
group: deploy-infra |