Skip to content
Main Pipeline - CDK Actions

Main Pipeline - CDK Actions #178

Sign in to view logs

Main Pipeline - CDK Actions

Main Pipeline - CDK Actions #178

Workflow file for this run

.github/workflows/main-pipeline-cdk.yml at a28d13d
name: Main Pipeline - CDK Actions
on:
workflow_dispatch: {}
pull_request:
types:
# For Synth
- opened
- reopened
- synchronize
- edited
# For Deploy
- closed
# NOTE: You CAN'T have the `paths` key here!!
# if you do, and the PR doesn't trigger this,
# you won't be able to merge it.
# (Apart of dependabot updates. See the
# README.md in this dir for more details...)
branches:
- main
#### Overall Strategy:
# If Open a PR: Make sure everything can Synth (No deploy)
# If Merge a PR: Deploy to your account (No synth, it just passed)
# If workflow_dispatch: Synth first, then deploy if pass
env:
EXAMPLES_PATH: ./Examples # No trailing slash plz!
jobs:
setup-matrix:
runs-on: ubuntu-latest
outputs:
synth-matrix: ${{ steps.setup-synth.outputs.synth-config-files }}
deploy-matrix: ${{ steps.setup-deploy.outputs.deploy-config-files }}
steps:
- uses: actions/checkout@v4
- name: Setup cdk-synth Matrix
id: setup-synth
run: |
file_list=$(cd "${{ env.EXAMPLES_PATH }}" && find * -regextype egrep -regex '.*ya?ml$')
json_list=$(echo $file_list | jq --raw-input --compact-output 'split(" ")')
echo "synth-config-files=$json_list" >> "$GITHUB_OUTPUT"
- name: Setup cdk-deploy Matrix
id: setup-deploy
run: |
github_vars_list=$(echo "${{ vars.DEPLOY_EXAMPLES }}" | tr '\r\n' ' ')
json_list=$(echo $github_vars_list | jq --raw-input --compact-output 'split(" ")')
echo "deploy-config-files=$json_list" >> "$GITHUB_OUTPUT"
if [ $json_list == '[]' ]; then
echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
echo "> **No deploy examples found**, skipping deployments. Populate the 'DEPLOY_EXAMPLES' GH Variable to change." >> $GITHUB_STEP_SUMMARY
fi
cdk-synth:
if: ( github.event_name == 'pull_request' && github.event.action != 'closed' ) ||
( github.event_name == 'workflow_dispatch' )
runs-on: ubuntu-latest
needs:
- setup-matrix
strategy:
matrix:
example-config: ${{ fromJson(needs.setup-matrix.outputs.synth-matrix) }}
environment: ${{ matrix.example-config }}
steps:
- uses: actions/checkout@v4
## Install Everything / Setup Env Vars:
- name: Setup CDK
uses: ./.github/workflows/composite-setup-cdk
with:
secrets: ${{ toJson(secrets) }}
vars: ${{ toJson(vars) }}
- name: "Synthesize: ${{ matrix.example-config }}"
run: make cdk-synth config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.example-config }}"
cdk-deploy-base:
## If the PR is merged, or if we manually trigger it (MAIN ONLY):
# - !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped.
# - needs.setup-matrix.outputs.deploy-matrix != '[]': Only run if there's something to deploy.
# - (github.event_name block): Only run if it's a PR merge or on workflow_dispatch.
if: |
!failure() && !cancelled() &&
needs.setup-matrix.outputs.deploy-matrix != '[]' &&
(
( github.event_name == 'pull_request' && github.event.pull_request.merged ) ||
( github.event_name == 'workflow_dispatch' )
)
runs-on: ubuntu-latest
needs:
- setup-matrix
- cdk-synth
permissions:
id-token: write
contents: read
steps:
## Moved this check away from the job-level 'if', so it actually fails if you're
# not on main. Failure is easier to see than a skipped job.
- name: Fail if not 'main' (else skips this step)
# Yes the pull_request line is redundant with the 'branch' trigger at the top of the
# file, but better safe than sorry. Keeps the logic uniform with workflow_dispatch too.
if: ( github.event_name == 'pull_request' && github.base_ref != 'main' ) ||
( github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' )
run: exit -1
- uses: actions/checkout@v4
## Install Everything / Setup Env Vars:
- name: Setup CDK
uses: ./.github/workflows/composite-setup-cdk
with:
secrets: ${{ toJson(secrets) }}
vars: ${{ toJson(vars) }}
## Log into AWS:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: "${{ vars.AWS_REGION }}"
role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}"
## Deploy the Base Stack:
- name: Deploy Base Stack
run: make cdk-deploy-base
cdk-deploy-leaf:
## Since cdk-synth can be skipped, it'll skip EVERY job after it, even if the job isn't *directly* tied
# to it.
# - !failure() && !cancelled(): Let it check the 'if' block here, EVEN if cdk-synth skipped.
# - needs.cdk-deploy-base.result == 'success': Only run if cdk-deploy-base runs AND succeeds.
if: |
!failure() && !cancelled() && needs.cdk-deploy-base.result == 'success'
runs-on: ubuntu-latest
needs:
- setup-matrix
- cdk-deploy-base
strategy:
# Since they all use the Base Stack, only one can create/update at a time:
max-parallel: 1
matrix:
deploy-config: ${{ fromJson(needs.setup-matrix.outputs.deploy-matrix) }}
environment: "${{ matrix.deploy-config }}"
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
## Install Everything / Setup Env Vars:
- name: Setup CDK
uses: ./.github/workflows/composite-setup-cdk
with:
secrets: ${{ toJson(secrets) }}
vars: ${{ toJson(vars) }}
## Log into AWS:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: "${{ vars.AWS_REGION }}"
role-to-assume: "arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ vars.AWS_DEPLOY_ROLE }}"
## Deploy the Leaf Stack:
- name: "Deploying: ${{ matrix.deploy-config }}"
# CONTAINER_ID: If not defined in Environment, default to everything before the first period in the filename.
run: |
CONTAINER_ID=${CONTAINER_ID:=$(echo "${{ matrix.deploy-config }}" | sed 's/\..*//i')}
make cdk-deploy-leaf \
config-file="${{ env.EXAMPLES_PATH }}/${{ matrix.deploy-config }}" \
container-id=${CONTAINER_ID}