Trying another way of looping through a list #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main Pipeline - CDK Actions | |
| on: | |
| workflow_dispatch: {} | |
| pull_request: | |
| types: | |
| # For Synth | |
| - opened | |
| - reopened | |
| - synchronize | |
| - edited | |
| # For Deploy | |
| - closed | |
| # NOTE: You CAN'T have the `paths` key here!! | |
| # if you do, and the PR doesn't trigger this, | |
| # you won't be able to merge it. | |
| # (Apart of dependabot updates. See the | |
| # README.md in this dir for more details...) | |
| branches: | |
| - main | |
| # TEMP DEBUG!!!: | |
| push: | |
| branches: | |
| - main | |
| #### Overall Strategy: | |
| # If Open a PR: Make sure everything can Synth (No deploy) | |
| # If Merge a PR: Deploy to your account (No synth, it just passed) | |
| # If workflow_dispatch: Synth first, then deploy if pass | |
| env: | |
| EXAMPLES_PATH: ./Examples # No trailing slash plz! | |
| DOMAIN_NAME: "${{ secrets.DOMAIN_NAME }}" | |
| HOSTED_ZONE_ID: "${{ secrets.HOSTED_ZONE_ID }}" | |
| EMAIL: "${{ secrets.EMAIL }}" | |
| jobs: | |
| setup-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| synth-matrix: ${{ steps.setup-synth.outputs.synth-config-files }} | |
| deploy-matrix: ${{ steps.setup-deploy.outputs.deploy-config-files }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup cdk-synth Matrix | |
| id: setup-synth | |
| run: | | |
| file_list=$(cd "${{ env.EXAMPLES_PATH }}" && find * -regextype egrep -regex '.*ya?ml$') | |
| json_list=$(echo $file_list | jq --raw-input --compact-output 'split(" ")') | |
| echo "synth-config-files=$json_list" >> "$GITHUB_OUTPUT" | |
| - name: Setup cdk-deploy Matrix | |
| id: setup-deploy | |
| run: | | |
| github_vars_list=$(echo "${{ vars.DEPLOY_EXAMPLES }}" | tr '\n' ' ') | |
| json_list=$(echo $github_vars_list | jq --raw-input --compact-output 'split(" ")') | |
| echo "deploy-config-files=$json_list" >> "$GITHUB_OUTPUT" | |
| # cdk-synth: | |
| # if: ( github.event_name == 'pull_request' && github.event.action != 'closed' ) || | |
| # ( github.event_name == 'workflow_dispatch' ) | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - setup-matrix | |
| # strategy: | |
| # matrix: | |
| # example-config: ${{ fromJson(needs.setup-matrix.outputs.synth-matrix) }} | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - name: Setup CDK | |
| # uses: ./.github/workflows/composite-setup-cdk | |
| # - name: "Synthesize: ${{ matrix.example-config }}" | |
| # run: make cdk-synth config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.example-config }}" | |
| # cdk-deploy-base: | |
| # ## If the PR is merged, or if we manually trigger it (MAIN ONLY): | |
| # # !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped. | |
| # # (it'll skip when PR is merged. No point in synthing again since it has to pass TO merge) | |
| # if: | | |
| # !failure() && !cancelled() && ( | |
| # ( github.event_name == 'pull_request' && github.event.pull_request.merged ) || | |
| # ( github.event_name == 'workflow_dispatch' ) | |
| # ) | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - setup-matrix | |
| # - cdk-synth | |
| # permissions: | |
| # id-token: write | |
| # contents: read | |
| # steps: | |
| # # Moved this check away from the job-level 'if', so it actually fails if you're | |
| # # not on main. Failure is easier to see than a skipped job. | |
| # - name: Fail if not 'main' (else skips this step) | |
| # # Yes the pull_request line is redundant with the 'branch' trigger at the top of the | |
| # # file, but better safe than sorry. Keeps the logic uniform with workflow_dispatch too. | |
| # if: ( github.event_name == 'pull_request' && github.base_ref != 'main' ) || | |
| # ( github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' ) | |
| # run: exit -1 | |
| # - uses: actions/checkout@v4 | |
| # # Install everything: | |
| # - name: Setup CDK | |
| # uses: ./.github/workflows/composite-setup-cdk | |
| # # Log into AWS: | |
| # - uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # aws-region: "${{ vars.AWS_REGION }}" | |
| # role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
| # # Deploy the Base Stack: | |
| # - name: Deploy Base Stack | |
| # run: make cdk-deploy-base | |
| cdk-deploy-leaf: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - setup-matrix | |
| # - cdk-deploy-base | |
| strategy: | |
| matrix: | |
| deploy-config: ${{ fromJson(needs.setup-matrix.outputs.deploy-matrix) }} | |
| environment: ${{ matrix.deploy-config }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # # Install everything: | |
| # - name: Setup CDK | |
| # uses: ./.github/workflows/composite-setup-cdk | |
| # # Log into AWS: | |
| # - uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # aws-region: "${{ vars.AWS_REGION }}" | |
| # role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
| # Deploy the Leaf Stack: | |
| - name: "Deploying: ${{ matrix.deploy-config }}" | |
| # container-id: Take off the beginning './' and the end '-example.yaml' | |
| run: | | |
| echo "DEBUG: ${{ vars.CONTAINER_VARS }}" | |
| for var in $( echo "${{ vars.CONTAINER_VARS }}" | tr '\n' ' ' ); do | |
| echo "VAR: $var"; | |
| done | |
| # while IFS= read -r line || [[ -n $line ]]; do | |
| # echo "... $line ..." | |
| # done < <(printf '%s' "${{ vars.CONTAINER_VARS }}") | |
| # make cdk-deploy-leaf \ | |
| # config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.deploy-config }}" \ | |
| # container-id=$(echo "${{ matrix.deploy-config }}" | sed -E 's/^\.\///' | sed -E 's/-example\.ya?ml$//i') | |
| env: | |
| # TODO: I hate how we have to expose ALL secrets to ALL containers... | |
| # Is there a better way to select which matrixes get which secrets? | |
| # I know environments do it, maybe that's the route to go... | |
| # BUT how do you not have to manage this list? It'd be nice if | |
| # I can find a way to "make everything in the environment available". | |
| # One idea, have a env-var that stores a list of all the variables. Source | |
| # that list before deploying, and each environment can hold specific env-vars. | |
| # (there'll be secrets though... maybe mask all values?) | |
| MINECRAFT_RCRON_PASSWORD: "${{ secrets.MINECRAFT_RCRON_PASSWORD }}" | |
| VALHEIM_SERVER_PASS: "${{ secrets.VALHEIM_SERVER_PASS }}" |