Main Pipeline - CDK Actions #74
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main Pipeline - CDK Actions | |
| on: | |
| workflow_dispatch: {} | |
| pull_request: | |
| types: | |
| # For Synth | |
| - opened | |
| - reopened | |
| - synchronize | |
| - edited | |
| # For Deploy | |
| - closed | |
| # NOTE: You CAN'T have the `paths` key here!! | |
| # if you do, and the PR doesn't trigger this, | |
| # you won't be able to merge it. | |
| # (Apart of dependabot updates. See the | |
| # README.md in this dir for more details...) | |
| branches: | |
| - main | |
| #### Overall Strategy: | |
| # If Open a PR: Make sure everything can Synth (No deploy) | |
| # If Merge a PR: Deploy to your account (No synth, it just passed) | |
| # If workflow_dispatch: Synth first, then deploy if pass | |
| env: | |
| EXAMPLES_PATH: ./Examples # No trailing slash plz! | |
| DOMAIN_NAME: "${{ secrets.DOMAIN_NAME }}" | |
| HOSTED_ZONE_ID: "${{ secrets.HOSTED_ZONE_ID }}" | |
| EMAIL: "${{ secrets.EMAIL }}" | |
| jobs: | |
| setup-matrix: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| synth-matrix: ${{ steps.setup-synth.outputs.synth-config-files }} | |
| deploy-matrix: ${{ steps.setup-deploy.outputs.deploy-config-files }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup cdk-synth Matrix | |
| id: setup-synth | |
| run: | | |
| file_list=$(cd "${{ env.EXAMPLES_PATH }}" && find * -regextype egrep -regex '.*ya?ml$') | |
| json_list=$(echo $file_list | jq --raw-input --compact-output 'split(" ")') | |
| echo "synth-config-files=$json_list" >> "$GITHUB_OUTPUT" | |
| - name: Setup cdk-deploy Matrix | |
| id: setup-deploy | |
| run: | | |
| github_vars_list=$(echo "${{ vars.DEPLOY_EXAMPLES }}" | tr '\n' ' ') | |
| json_list=$(echo $github_vars_list | jq --raw-input --compact-output 'split(" ")') | |
| echo "deploy-config-files=$json_list" >> "$GITHUB_OUTPUT" | |
| cdk-synth: | |
| if: ( github.event_name == 'pull_request' && github.event.action != 'closed' ) || | |
| ( github.event_name == 'workflow_dispatch' ) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - setup-matrix | |
| strategy: | |
| matrix: | |
| example-config: ${{ fromJson(needs.setup-matrix.outputs.synth-matrix) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup CDK | |
| uses: ./.github/workflows/composite-setup-cdk | |
| - name: "Synthesize: ${{ matrix.example-config }}" | |
| run: make cdk-synth config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.example-config }}" | |
| cdk-deploy-base: | |
| ## If the PR is merged, or if we manually trigger it (MAIN ONLY): | |
| # !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped. | |
| # (it'll skip when PR is merged. No point in synthing again since it has to pass TO merge) | |
| if: | | |
| !failure() && !cancelled() && ( | |
| ( github.event_name == 'pull_request' && github.event.pull_request.merged ) || | |
| ( github.event_name == 'workflow_dispatch' ) | |
| ) | |
| runs-on: ubuntu-latest | |
| needs: | |
| - setup-matrix | |
| - cdk-synth | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| # Moved this check away from the job-level 'if', so it actually fails if you're | |
| # not on main. Failure is easier to see than a skipped job. | |
| - name: Fail if not 'main' (else skips this step) | |
| # Yes the pull_request line is redundant with the 'branch' trigger at the top of the | |
| # file, but better safe than sorry. Keeps the logic uniform with workflow_dispatch too. | |
| if: ( github.event_name == 'pull_request' && github.base_ref != 'main' ) || | |
| ( github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' ) | |
| run: exit -1 | |
| - uses: actions/checkout@v4 | |
| # Install everything: | |
| - name: Setup CDK | |
| uses: ./.github/workflows/composite-setup-cdk | |
| # Log into AWS: | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: "${{ vars.AWS_REGION }}" | |
| role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
| # Deploy the Base Stack: | |
| - name: Deploy Base Stack | |
| run: make cdk-deploy-base | |
| cdk-deploy-leaf: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - setup-matrix | |
| - cdk-deploy-base | |
| strategy: | |
| matrix: | |
| deploy-config: ${{ fromJson(needs.setup-matrix.outputs.deploy-matrix) }} | |
| environment: ${{ matrix.deploy-config }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Install everything: | |
| - name: Setup CDK | |
| uses: ./.github/workflows/composite-setup-cdk | |
| # Log into AWS: | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: "${{ vars.AWS_REGION }}" | |
| role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}" | |
| # Deploy the Leaf Stack: | |
| - name: "Deploying: ${{ matrix.deploy-config }}" | |
| ## Load and mask the container-specific variables, then deploy. | |
| # container-id: Take off the beginning './' and the end '-example.yaml' | |
| run: | | |
| for key_val in $( echo "${{ vars.CONTAINER_VARS }}" | tr '\n' ' ' ); do | |
| echo "::add-mask::${key_val#*=}" | |
| export ${key_val} | |
| done | |
| make cdk-deploy-leaf \ | |
| config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.deploy-config }}" \ | |
| container-id=$(echo "${{ matrix.deploy-config }}" | sed -E 's/^\.\///' | sed -E 's/-example\.ya?ml$//i') |