From 327294f33ea4cc8588046adbb707390f2ab388f5 Mon Sep 17 00:00:00 2001 From: Braden Mars Date: Sat, 5 Aug 2023 19:22:20 -0500 Subject: [PATCH] chore(stacks.api): disable staging stage for now Signed-off-by: Braden Mars --- .github/workflows/deploy.yml | 163 -------------------------------- packages/stacks/api/src/main.ts | 30 +++--- 2 files changed, 15 insertions(+), 178 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f68b90c0..3ef184d0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,7 +33,6 @@ jobs: - name: Mask values run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} - name: Install Helm uses: azure/setup-helm@v3 @@ -88,7 +87,6 @@ jobs: DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION Assets-FileAsset1: @@ -115,7 +113,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -147,7 +144,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -179,7 +175,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -211,7 +206,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -243,7 +237,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -251,102 +244,6 @@ jobs: - id: Publish name: Publish Assets-FileAsset13 run: /bin/bash ./cdk.out/publish-Assets-FileAsset13-step.sh - Assets-FileAsset14: - name: Publish Assets Assets-FileAsset14 - needs: - - Build-crisiscleanup-infra-pipeline-synth - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - outputs: - asset-hash: ${{ steps.Publish.outputs.asset-hash }} - steps: - - name: Authenticate Via OIDC Role - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-east-1 - role-duration-seconds: 1800 - role-skip-session-tagging: true - role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole - - name: Pull assets - env: - SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out - DESTINATION: cdk.out - run: |- - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} - echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} - aws s3 sync $SOURCE $DESTINATION - - name: Install - run: npm install --no-save cdk-assets - - id: Publish - name: Publish Assets-FileAsset14 - run: /bin/bash ./cdk.out/publish-Assets-FileAsset14-step.sh - Assets-FileAsset15: - name: Publish Assets Assets-FileAsset15 - needs: - - Build-crisiscleanup-infra-pipeline-synth - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - outputs: - asset-hash: ${{ steps.Publish.outputs.asset-hash }} - steps: - - name: Authenticate Via OIDC Role - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-east-1 - role-duration-seconds: 1800 - role-skip-session-tagging: true - role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole - - name: Pull assets - env: - SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out - DESTINATION: cdk.out - run: |- - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} - echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} - aws s3 sync $SOURCE $DESTINATION - - name: Install - run: npm install --no-save cdk-assets - - id: Publish - name: Publish Assets-FileAsset15 - run: /bin/bash ./cdk.out/publish-Assets-FileAsset15-step.sh - Assets-FileAsset16: - name: Publish Assets Assets-FileAsset16 - needs: - - Build-crisiscleanup-infra-pipeline-synth - permissions: - contents: read - id-token: write - runs-on: ubuntu-latest - outputs: - asset-hash: ${{ steps.Publish.outputs.asset-hash }} - steps: - - name: Authenticate Via OIDC Role - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-east-1 - role-duration-seconds: 1800 - role-skip-session-tagging: true - role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole - - name: Pull assets - env: - SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out - DESTINATION: cdk.out - run: |- - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} - echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} - aws s3 sync $SOURCE $DESTINATION - - name: Install - run: npm install --no-save cdk-assets - - id: Publish - name: Publish Assets-FileAsset16 - run: /bin/bash ./cdk.out/publish-Assets-FileAsset16-step.sh Assets-FileAsset2: name: Publish Assets Assets-FileAsset2 needs: @@ -371,7 +268,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -403,7 +299,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -435,7 +330,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -467,7 +361,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -499,7 +392,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -531,7 +423,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -563,7 +454,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -595,7 +485,6 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} - echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -656,58 +545,6 @@ jobs: no-fail-on-empty-changeset: "1" capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 - staging-staging-blueprint-Deploy: - name: Deploy crisiscleanupinfrapipelinestackstagingstagingblueprint5D1F778A - permissions: - contents: read - id-token: write - environment: - name: staging - url: https://app.staging.crisiscleanup.io - needs: - - Build-crisiscleanup-infra-pipeline-synth - - Assets-FileAsset14 - - Assets-FileAsset2 - - Assets-FileAsset3 - - Assets-FileAsset4 - - Assets-FileAsset5 - - Assets-FileAsset6 - - Assets-FileAsset7 - - Assets-FileAsset8 - - Assets-FileAsset9 - - Assets-FileAsset10 - - Assets-FileAsset15 - - Assets-FileAsset16 - - development-development-blueprint-Deploy - runs-on: ${{inputs.runner || 'ubuntu-latest'}} - steps: - - name: Authenticate Via OIDC Role - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-east-1 - role-duration-seconds: 1800 - role-skip-session-tagging: true - role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole - - name: Assume CDK Deploy Role - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-region: us-east-1 - role-duration-seconds: 1800 - role-skip-session-tagging: true - aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} - aws-session-token: ${{ env.AWS_SESSION_TOKEN }} - role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 - role-external-id: Pipeline - - id: Deploy - uses: aws-actions/aws-cloudformation-github-deploy@v1.2.0 - with: - name: staging-staging-blueprint - template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ - needs.Assets-FileAsset14.outputs.asset-hash }}.json - no-fail-on-empty-changeset: "1" - capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM - role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 concurrency: group: deploy-infra cancel-in-progress: false diff --git a/packages/stacks/api/src/main.ts b/packages/stacks/api/src/main.ts index 745a9985..ee1819d7 100644 --- a/packages/stacks/api/src/main.ts +++ b/packages/stacks/api/src/main.ts @@ -169,21 +169,21 @@ const pipeline = Pipeline.builder({ url: 'https://app.dev.crisiscleanup.io', }, }) - .target({ - name: 'staging', - stackBuilder: stagingStack, - environment: config.$env.staging.cdkEnvironment, - platformTeam: new blueprints.PlatformTeam({ - name: 'platform', - users: config.$env.staging.apiStack.eks.platformArns.map( - (arn) => new iam.ArnPrincipal(arn), - ), - }), - githubEnvironment: { - name: 'staging', - url: 'https://app.staging.crisiscleanup.io', - }, - }) + // .target({ + // name: 'staging', + // stackBuilder: stagingStack, + // environment: config.$env.staging.cdkEnvironment, + // platformTeam: new blueprints.PlatformTeam({ + // name: 'platform', + // users: config.$env.staging.apiStack.eks.platformArns.map( + // (arn) => new iam.ArnPrincipal(arn), + // ), + // }), + // githubEnvironment: { + // name: 'staging', + // url: 'https://app.staging.crisiscleanup.io', + // }, + // }) .build(app, { env: { account: String(config.cdkEnvironment.account),