-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (104 loc) · 5.16 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Deploy hosted zone and checks
on:
workflow_dispatch:
push:
branches:
- main
paths:
- .github/workflows/deploy.yml
- template.yml
- package.json
- yarn.lock
- components/**
concurrency:
group: ${{ github.workflow }}
permissions:
id-token: write
contents: read
jobs:
check-project-std:
uses: ./.github/workflows/check-project-std.yml
deploy-connection-checks:
runs-on: ubuntu-latest
needs: [check-project-std]
strategy:
matrix:
# Regions where FTP servers are running
target-region: [us-east-1, us-west-2]
# Regions where connection checks should be run from
check-region: [us-east-1, us-east-2, us-west-2]
steps:
- uses: actions/checkout@v4
- uses: aws-actions/setup-sam@v2
with:
use-installer: true
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ matrix.check-region }}
role-to-assume: arn:aws:iam::561178107736:role/PRX-GHA-AccessRole
role-session-name: gha-deploy-prxtransfer-dns-connection-checker
- name: Deploy connection check
working-directory: components/ftp-connection-check
env:
FTP_USER: ${{ secrets.ftp_user }}
FTP_PASSWORD: ${{ secrets.ftp_password }}
# Lookup the Transfer Family NLB hostname for the current matrix target
# region and deploy a connection check to the current check region
# for that server.
run: |
stack_name="ftp-connection-check-targeting-${{ matrix.target-region }}"
nlb_hostname=$(aws cloudformation describe-stacks --region ${{ matrix.target-region }} --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text)
sam build && sam deploy \
--region ${{ matrix.check-region }} \
--no-confirm-changeset \
--no-fail-on-empty-changeset \
--stack-name "$stack_name" \
--resolve-s3 \
--no-progressbar \
--s3-prefix prxtransfer-dns \
--capabilities CAPABILITY_IAM \
--role-arn arn:aws:iam::561178107736:role/PRX-GHA-ServiceRoleForCloudFormation \
--parameter-overrides "FtpServerHostname=$nlb_hostname HealthCheckFtpUser=\"$FTP_USER\" HealthCheckFtpPassword=\"$FTP_PASSWORD\""
check_id=$(aws cloudformation describe-stacks --region ${{ matrix.check-region }} --stack-name "$stack_name" --query "Stacks[0].Outputs[?OutputKey=='HealthCheckId'].OutputValue" --output text)
echo "$check_id" > health_check_id
- uses: actions/upload-artifact@v4
with:
name: ${{ matrix.check-region }}-targeting-${{ matrix.target-region }}
path: components/ftp-connection-check/health_check_id
retention-days: 1
deploy-hosted-zone:
runs-on: ubuntu-latest
needs: [deploy-connection-checks]
steps:
- uses: actions/checkout@v4
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-east-1
role-to-assume: arn:aws:iam::561178107736:role/PRX-GHA-AccessRole
role-session-name: gha-deploy-prxtransfer-dns-connection-checker
- uses: actions/download-artifact@v4
with:
path: components/hosted-zone
- name: Deploy hosted zone stack
working-directory: components/hosted-zone
run: |
ls -R
# Look up NLB hostnames for staging servers
stag_use1_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-staging --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-east-1)
stag_usw2_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-staging --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-west-2)
# Look up NLB hostnames for production servers
prod_use1_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-east-1)
prod_usw2_nlb_hostname=$(aws cloudformation describe-stacks --stack-name infrastructure-cd-root-production --query "Stacks[0].Outputs[?OutputKey=='ExchangeFtpServerNlbDnsName'].OutputValue" --output text --region us-west-2)
# Deploy the stack using all the values collected
aws cloudformation deploy \
--template-file template.yml \
--no-fail-on-empty-changeset \
--region us-east-1 \
--stack-name dev-hostedzone-prxtransfer-org \
--role-arn arn:aws:iam::561178107736:role/PRX-GHA-ServiceRoleForCloudFormation \
--parameter-overrides \
StagNlbHostnameUSEAST1=$stag_use1_nlb_hostname \
StagNlbHostnameUSWEST2=$stag_usw2_nlb_hostname \
ProdNlbHostnameUSEAST1=$prod_use1_nlb_hostname \
ProdNlbHostnameUSWEST2=$prod_usw2_nlb_hostname \
ProdHealthCheckIdsTargetingUSEAST1=