From e47554690d83b08fa110e61ded4110d102377ff6 Mon Sep 17 00:00:00 2001 From: Braden Mars Date: Mon, 7 Aug 2023 05:45:10 -0500 Subject: [PATCH] feat(stacks.api): add staging stage Signed-off-by: Braden Mars --- .github/workflows/deploy.yml | 321 ++++++++++++++++++++++++++++ packages/stacks/api/src/cluster.ts | 20 +- packages/stacks/api/src/main.ts | 32 +-- packages/stacks/api/src/pipeline.ts | 1 - 4 files changed, 352 insertions(+), 22 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 82327d0c..effa8ed8 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -33,6 +33,7 @@ jobs: - name: Mask values run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} - name: Install Helm uses: azure/setup-helm@v3 @@ -74,6 +75,7 @@ jobs: DESTINATION: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION Assets-FileAsset1: @@ -100,6 +102,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -131,6 +134,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -162,6 +166,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -193,6 +198,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -224,6 +230,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -255,6 +262,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -286,6 +294,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -293,6 +302,134 @@ jobs: - id: Publish name: Publish Assets-FileAsset15 run: /bin/bash ./cdk.out/publish-Assets-FileAsset15-step.sh + Assets-FileAsset16: + name: Publish Assets Assets-FileAsset16 + needs: + - Build-crisiscleanup-infra-pipeline-synth + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + outputs: + asset-hash: ${{ steps.Publish.outputs.asset-hash }} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Pull assets + env: + SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out + DESTINATION: cdk.out + run: |- + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} + echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} + aws s3 sync $SOURCE $DESTINATION + - name: Install + run: npm install --no-save cdk-assets + - id: Publish + name: Publish Assets-FileAsset16 + run: /bin/bash ./cdk.out/publish-Assets-FileAsset16-step.sh + Assets-FileAsset17: + name: Publish Assets Assets-FileAsset17 + needs: + - Build-crisiscleanup-infra-pipeline-synth + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + outputs: + asset-hash: ${{ steps.Publish.outputs.asset-hash }} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Pull assets + env: + SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out + DESTINATION: cdk.out + run: |- + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} + echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} + aws s3 sync $SOURCE $DESTINATION + - name: Install + run: npm install --no-save cdk-assets + - id: Publish + name: Publish Assets-FileAsset17 + run: /bin/bash ./cdk.out/publish-Assets-FileAsset17-step.sh + Assets-FileAsset18: + name: Publish Assets Assets-FileAsset18 + needs: + - Build-crisiscleanup-infra-pipeline-synth + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + outputs: + asset-hash: ${{ steps.Publish.outputs.asset-hash }} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Pull assets + env: + SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out + DESTINATION: cdk.out + run: |- + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} + echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} + aws s3 sync $SOURCE $DESTINATION + - name: Install + run: npm install --no-save cdk-assets + - id: Publish + name: Publish Assets-FileAsset18 + run: /bin/bash ./cdk.out/publish-Assets-FileAsset18-step.sh + Assets-FileAsset19: + name: Publish Assets Assets-FileAsset19 + needs: + - Build-crisiscleanup-infra-pipeline-synth + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + outputs: + asset-hash: ${{ steps.Publish.outputs.asset-hash }} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Pull assets + env: + SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out + DESTINATION: cdk.out + run: |- + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} + echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} + aws s3 sync $SOURCE $DESTINATION + - name: Install + run: npm install --no-save cdk-assets + - id: Publish + name: Publish Assets-FileAsset19 + run: /bin/bash ./cdk.out/publish-Assets-FileAsset19-step.sh Assets-FileAsset2: name: Publish Assets Assets-FileAsset2 needs: @@ -317,6 +454,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -324,6 +462,38 @@ jobs: - id: Publish name: Publish Assets-FileAsset2 run: /bin/bash ./cdk.out/publish-Assets-FileAsset2-step.sh + Assets-FileAsset20: + name: Publish Assets Assets-FileAsset20 + needs: + - Build-crisiscleanup-infra-pipeline-synth + permissions: + contents: read + id-token: write + runs-on: ubuntu-latest + outputs: + asset-hash: ${{ steps.Publish.outputs.asset-hash }} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Pull assets + env: + SOURCE: s3://crisiscleanup-pipeline-assets/cdk-assets/${{github.run_id}}-${{github.run_attempt}}/cdk.out + DESTINATION: cdk.out + run: |- + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} + echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} + aws s3 sync $SOURCE $DESTINATION + - name: Install + run: npm install --no-save cdk-assets + - id: Publish + name: Publish Assets-FileAsset20 + run: /bin/bash ./cdk.out/publish-Assets-FileAsset20-step.sh Assets-FileAsset3: name: Publish Assets Assets-FileAsset3 needs: @@ -348,6 +518,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -379,6 +550,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -410,6 +582,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -441,6 +614,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -472,6 +646,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -503,6 +678,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -534,6 +710,7 @@ jobs: DESTINATION: cdk.out run: |- echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}} + echo ::add-mask::${{secrets.AWS_ACCOUNT_ID_STAGING}} echo ::add-mask::${{secrets.AWS_PIPELINE_ACCOUNT_ID}} aws s3 sync $SOURCE $DESTINATION - name: Install @@ -677,6 +854,150 @@ jobs: no-fail-on-empty-changeset: "1" capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_DEVELOPMENT}}-us-east-1 + staging-staging-network-Deploy: + name: Deploy crisiscleanupinfrapipelinestackstagingstagingnetworkF6BE5B3F + permissions: + contents: read + id-token: write + environment: + name: staging + url: https://app.staging.crisiscleanup.io + needs: + - Build-crisiscleanup-infra-pipeline-synth + - Assets-FileAsset16 + - development-development-network-Deploy + - development-development-data-Deploy + - development-development-blueprint-Deploy + runs-on: ${{inputs.runner || 'ubuntu-latest'}} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Assume CDK Deploy Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-session-token: ${{ env.AWS_SESSION_TOKEN }} + role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 + role-external-id: Pipeline + - id: Deploy + uses: aws-actions/aws-cloudformation-github-deploy@v1.2.0 + with: + name: staging-staging-network + template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ + needs.Assets-FileAsset16.outputs.asset-hash }}.json + no-fail-on-empty-changeset: "1" + capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM + role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 + staging-staging-data-Deploy: + name: Deploy crisiscleanupinfrapipelinestackstagingstagingdataE88954EF + permissions: + contents: read + id-token: write + environment: + name: staging + url: https://app.staging.crisiscleanup.io + needs: + - Build-crisiscleanup-infra-pipeline-synth + - Assets-FileAsset17 + - staging-staging-network-Deploy + - development-development-network-Deploy + - development-development-data-Deploy + - development-development-blueprint-Deploy + runs-on: ${{inputs.runner || 'ubuntu-latest'}} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Assume CDK Deploy Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-session-token: ${{ env.AWS_SESSION_TOKEN }} + role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 + role-external-id: Pipeline + - id: Deploy + uses: aws-actions/aws-cloudformation-github-deploy@v1.2.0 + with: + name: staging-staging-data + template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ + needs.Assets-FileAsset17.outputs.asset-hash }}.json + no-fail-on-empty-changeset: "1" + capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM + role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 + staging-staging-blueprint-Deploy: + name: Deploy crisiscleanupinfrapipelinestackstagingstagingblueprint5D1F778A + permissions: + contents: read + id-token: write + environment: + name: staging + url: https://app.staging.crisiscleanup.io + needs: + - Build-crisiscleanup-infra-pipeline-synth + - Assets-FileAsset18 + - Assets-FileAsset4 + - Assets-FileAsset5 + - Assets-FileAsset6 + - Assets-FileAsset7 + - Assets-FileAsset8 + - Assets-FileAsset9 + - Assets-FileAsset10 + - Assets-FileAsset11 + - Assets-FileAsset12 + - Assets-FileAsset13 + - Assets-FileAsset19 + - Assets-FileAsset20 + - staging-staging-network-Deploy + - staging-staging-data-Deploy + - development-development-network-Deploy + - development-development-data-Deploy + - development-development-blueprint-Deploy + runs-on: ${{inputs.runner || 'ubuntu-latest'}} + steps: + - name: Authenticate Via OIDC Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + role-to-assume: arn:aws:iam::${{secrets.AWS_PIPELINE_ACCOUNT_ID}}:role/GitHubActionRole + - name: Assume CDK Deploy Role + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + aws-region: us-east-1 + role-duration-seconds: 1800 + role-skip-session-tagging: true + aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} + aws-session-token: ${{ env.AWS_SESSION_TOKEN }} + role-to-assume: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-deploy-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 + role-external-id: Pipeline + - id: Deploy + uses: aws-actions/aws-cloudformation-github-deploy@v1.2.0 + with: + name: staging-staging-blueprint + template: https://cdk-hnb659fds-assets-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1.s3.us-east-1.amazonaws.com/${{ + needs.Assets-FileAsset18.outputs.asset-hash }}.json + no-fail-on-empty-changeset: "1" + capabilities: CAPABILITY_IAM,CAPABILITY_NAMED_IAM + role-arn: arn:aws:iam::${{secrets.AWS_ACCOUNT_ID_STAGING}}:role/cdk-hnb659fds-cfn-exec-role-${{secrets.AWS_ACCOUNT_ID_STAGING}}-us-east-1 concurrency: group: deploy-infra cancel-in-progress: false diff --git a/packages/stacks/api/src/cluster.ts b/packages/stacks/api/src/cluster.ts index 0a910e07..c6d21de8 100644 --- a/packages/stacks/api/src/cluster.ts +++ b/packages/stacks/api/src/cluster.ts @@ -34,12 +34,15 @@ export const getDefaultAddons = ( new blueprints.addons.EbsCsiDriverAddOn({ version: eks.ebsCsiVersion, kmsKeys: [ - blueprints.getResource( - (context) => - new kms.Key(context.scope, 'ebs-csi-driver-key', { + blueprints.getResource((context) => { + return new kms.Key( + context.scope, + config.ccuStage + '-ebs-csi-driver-key', + { alias: 'ebs-csi-driver-key', - }), - ), + }, + ) + }), ], }), new blueprints.addons.CertManagerAddOn({ @@ -143,6 +146,7 @@ export const buildEKSStack = ( const { apiStack } = config if (!apiStack) throw Error('No apistack config found.') return blueprints.EksBlueprint.builder() + .id(config.ccuStage) .version(KubernetesVersion.of(apiStack.eks.k8s.version)) .addOns(...getCoreAddons(config)) .useDefaultSecretEncryption(apiStack.eks.defaultSecretsEncryption) @@ -158,7 +162,11 @@ export const buildClusterBuilder = ( clusterName: 'crisiscleanup', version: k8sVersion, kubectlLayer: blueprints.getResource( - (context) => new KubectlV27Layer(context.scope, 'kubectllayer24'), + (context) => + new KubectlV27Layer( + context.scope, + config.ccuStage + '-kubectllayer24', + ), ), }) .fargateProfile('serverless', { diff --git a/packages/stacks/api/src/main.ts b/packages/stacks/api/src/main.ts index 8be4daf3..0c3f24bd 100644 --- a/packages/stacks/api/src/main.ts +++ b/packages/stacks/api/src/main.ts @@ -82,21 +82,23 @@ const pipeline = Pipeline.builder({ config: config.$env.development, secretsProvider: devSecretsProvider, }) - // .target({ - // name: 'staging', - // stackBuilder: stagingStack, - // environment: config.$env.staging.cdkEnvironment, - // platformTeam: new blueprints.PlatformTeam({ - // name: 'platform', - // users: config.$env.staging.apiStack.eks.platformArns.map( - // (arn) => new iam.ArnPrincipal(arn), - // ), - // }), - // githubEnvironment: { - // name: 'staging', - // url: 'https://app.staging.crisiscleanup.io', - // }, - // }) + .target({ + name: 'staging', + stackBuilder: buildStack(config.$env.staging).addOns(new RedisStackAddOn()), + environment: config.$env.staging.cdkEnvironment, + platformTeam: new blueprints.PlatformTeam({ + name: 'platform', + users: config.$env.staging.apiStack.eks.platformArns.map( + (arn) => new iam.ArnPrincipal(arn), + ), + }), + githubEnvironment: { + name: 'staging', + url: 'https://app.staging.crisiscleanup.io', + }, + config: config.$env.staging, + secretsProvider: stagingSecretsProvider, + }) .build(app, { env: { account: String(config.cdkEnvironment.account), diff --git a/packages/stacks/api/src/pipeline.ts b/packages/stacks/api/src/pipeline.ts index 9cb14dc1..8e3bcc77 100644 --- a/packages/stacks/api/src/pipeline.ts +++ b/packages/stacks/api/src/pipeline.ts @@ -78,7 +78,6 @@ export class Pipeline { const envStackBuilder = stackBuilder .clone(env.region, env.account) .teams(platformTeam) - .name(this.props.id) this.pipeline.githubWave({ id: name,