Skip to content

Commit

Permalink
ci(deploy): update generated deploy workflows
Browse files Browse the repository at this point in the history 
Signed-off-by: Braden Mars <[email protected]>
  • Loading branch information
@BradenM
BradenM committed Aug 22, 2023
1 parent 6f584ef commit bde3691
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 1,201 deletions.
173 changes: 25 additions & 148 deletions .github/workflows/deploy-maintenance-site.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ on:
workflow_call: {}
workflow_dispatch: {}
jobs:
Build-deploy-maintenance-site-synth:
build-deploy-maintenance-site-synth:
name: Synthesize
permissions:
contents: read
Expand Down Expand Up @@ -90,148 +90,29 @@ jobs:
S3_SOURCE: cdk.out
S3_DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/maintenance-site/${{github.run_id}}-${{github.run_attempt}}/cdk.out
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}}
Assets-FileAsset1:
name: Publish Assets Assets-FileAsset1
needs:
- Build-deploy-maintenance-site-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Mask values
run: |-
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}}
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
role-session-name: deploy-maintenance-site
- name: Pull cdk.out
env:
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/maintenance-site/${{github.run_id}}-${{github.run_attempt}}/cdk.out
S3_DESTINATION: cdk.out
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}}
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset1
run: /bin/bash ./cdk.out/publish-Assets-FileAsset1-step.sh
Assets-FileAsset2:
name: Publish Assets Assets-FileAsset2
needs:
- Build-deploy-maintenance-site-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Mask values
run: |-
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}}
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
role-session-name: deploy-maintenance-site
- name: Pull cdk.out
env:
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/maintenance-site/${{github.run_id}}-${{github.run_attempt}}/cdk.out
S3_DESTINATION: cdk.out
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}}
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset2
run: /bin/bash ./cdk.out/publish-Assets-FileAsset2-step.sh
Assets-FileAsset3:
name: Publish Assets Assets-FileAsset3
needs:
- Build-deploy-maintenance-site-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Mask values
run: |-
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}}
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
role-session-name: deploy-maintenance-site
- name: Pull cdk.out
env:
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/maintenance-site/${{github.run_id}}-${{github.run_attempt}}/cdk.out
S3_DESTINATION: cdk.out
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}}
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset3
run: /bin/bash ./cdk.out/publish-Assets-FileAsset3-step.sh
Assets-FileAsset4:
name: Publish Assets Assets-FileAsset4
needs:
- Build-deploy-maintenance-site-synth
publish:
name: Publish Assets
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
steps:
- name: Mask values
run: |-
echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}
echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_PIPELINE}}
- name: Authenticate Via OIDC Role
uses: aws-actions/configure-aws-credentials@v1-node16
with:
aws-region: us-east-1
role-duration-seconds: 1800
role-skip-session-tagging: true
role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole
role-session-name: deploy-maintenance-site
- name: Pull cdk.out
env:
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/maintenance-site/${{github.run_id}}-${{github.run_attempt}}/cdk.out
S3_DESTINATION: cdk.out
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}}
- name: Install
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset4
run: /bin/bash ./cdk.out/publish-Assets-FileAsset4-step.sh
Assets-FileAsset5:
name: Publish Assets Assets-FileAsset5
asset-hash1: ${{steps.publish.outputs.asset-hash1}}
asset-hash2: ${{steps.publish.outputs.asset-hash2}}
asset-hash3: ${{steps.publish.outputs.asset-hash3}}
asset-hash4: ${{steps.publish.outputs.asset-hash4}}
asset-hash5: ${{steps.publish.outputs.asset-hash5}}
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
needs:
- Build-deploy-maintenance-site-synth
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
outputs:
asset-hash: ${{ steps.Publish.outputs.asset-hash }}
strategy:
fail-fast: true
matrix:
target:
- Assets-FileAsset1
- Assets-FileAsset2
- Assets-FileAsset3
- Assets-FileAsset4
- Assets-FileAsset5
steps:
- name: Mask values
run: |-
Expand All @@ -250,23 +131,19 @@ jobs:
S3_SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/maintenance-site/${{github.run_id}}-${{github.run_attempt}}/cdk.out
S3_DESTINATION: cdk.out
run: aws s3 sync ${{env.S3_SOURCE}} ${{env.S3_DESTINATION}}
- name: Install
- name: Install cdk-assets
run: npm install --no-save cdk-assets
- id: Publish
name: Publish Assets-FileAsset5
run: /bin/bash ./cdk.out/publish-Assets-FileAsset5-step.sh
pipeline-maintenance-site-Deploy:
- name: Publish
id: publish
run: /bin/bash ./cdk.out/publish-${{matrix.target}}-step.sh
pipeline-maintenance-site-deploy:
name: Deploy pipelinemaintenancesite2E0710C3
permissions:
contents: read
id-token: write
needs:
- Build-deploy-maintenance-site-synth
- Assets-FileAsset1
- Assets-FileAsset2
- Assets-FileAsset3
- Assets-FileAsset4
- Assets-FileAsset5
- publish
runs-on: ${{inputs.runner || 'ubuntu-latest'}}
steps:
- name: Mask values
Expand Down Expand Up @@ -297,6 +174,6 @@ jobs:
with:
name: maintenance-site
template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_PIPELINE}}-us-east-1.s3.us-east-1.amazonaws.com/${{
needs.Assets-FileAsset1.outputs.asset-hash }}.json
needs.publish.outputs.asset-hash1 }}.json
no-fail-on-empty-changeset: "1"
role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_PIPELINE}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_PIPELINE}}-us-east-1
Loading

0 comments on commit bde3691

Please sign in to comment.